Data loss is a critical concern during network outages or SIEM maintenance, as it can compromise security monitoring and strict compliance obligations. Enterprise Data Loss Prevention (E-DLP) now ensures the integrity and continuity of your audit trail by buffering critical incident and audit syslogs. Syslog Buffering and Resend guarantees that you never lose crucial incident and audit logs generated during periods of system disconnection.

When Enterprise DLP detects a Syslog connection failure to your third-party security information and event management (SIEM), Security Orchestration, and Response (SOAR), or third-party automated ticketing system, it immediately begins storing logs in an encrypted, tamper-resistant local buffer. Once connectivity is restored, Enterprise DLP automatically begins forwarding the complete set of buffered syslogs to your external systems SIEM, SOAR, or third-party automated ticketing system.

Syslog Buffering and Resend is essential for data security administrators who must maintain strict compliance requirements and preserve complete audit trails for forensic investigations. Notifications regarding connection loss and restoration are provided directly through Enterprise DLP on Strata Cloud Manager, ensuring administrators are always aware of the system status. With Enterprise DLP, data security teams can rely on continuous security monitoring, even when facing external network disruptions or temporary server maintenance.

Enterprise Data Loss Prevention (E-DLP) Exception Rules enable your data security administrators to create targeted exemptions in a granular profile DLP rule. Exception rules enable data security administrators to define exceptions for specific users, groups, and destinations without modifying existing Security policy rules. In organizations where Data Security and Network Security teams operate separately, this feature enables Data Security teams to independently implement data protection policy rules without relying on Network Security teams for exceptions. Your data security administrators can configure these exception rules within a granular profile to override the default actions for specified data profiles when certain source and destination conditions are met.

When you need to create nuanced data protection policy rules, such as blocking source code from being sent to any destination except GitHub, or preventing financial data downloads from your ERP system by anyone outside the finance department, exception rules provide the flexibility to implement this activity. Each exception rule lets your data security administrator specify data profiles, traffic source (users or user groups), traffic destination (applications or URLs), and the action Enterprise DLP takes when inspected traffic meets the exception match criteria.

Your data security administrators can configure exception rules to override the default block or alert actions with alternative actions, including allowing the transfer without generating an incident. For each exception rule, your data security administrators can specify an override action and a log severity level. Exception rules for granular profiles help your data security administrators maintain strong data protection while accommodating legitimate business workflows that require exceptions to your general data Security policy rules.

Email DLP Connectivity Alerts significantly enhance communication and operational transparency for email relay failures. Previously, relay server connectivity issues on the client side could prevent Enterprise Data Loss Prevention (E-DLP) from successfully relaying emails back to the mail server, leaving the original sender unaware of the delivery problem. Email DLP Connectivity Alerts ensures that original senders receive timely and accurate notifications regarding undeliverable messages. This clear communication restores sender confidence and significantly reduces the need for manual follow-up or support desk inquiries related to email status.

When Enterprise DLP fails to return an inspect email to your email relay server, it immediately sends the original sender a Delivery Status Notification (DSN) to provide prompt visibility into the connectivity issue. The system then automatically manages redelivery attempts behind the scenes. Only if the relay remains unsuccessful after the entire maximum retry period does the sender receive the final Non-Delivery Report (NDR). This explicit confirmation confirms the permanent delivery failure, ensuring senders are always fully informed about the final delivery outcome and can take appropriate action.

Email DLP Inspection Status Header provides precise insight into the inspection status of emails forwarded to Enterprise Data Loss Prevention (E-DLP). By adding an informational inspection status header, Email DLP provides your security administrators with essential details regarding the Enterprise DLP inspection status and outcome for each forwarded email to facilitating better governance and operational transparency.

This enhanced visibility empowers your security team to proactively monitor the Enterprise DLP email inspection and provides and opportunity to develop powerful custom automation workflows based on specific scan results. The X-PANW-Processing-Status header provides granular status details, defining exactly the outcome of the Enterprise DLP email inspection. These headers are informational and are not required for basic Email DLP functionality.

Holistic Structured Data Processing (SDP) enables Enterprise Data Loss Prevention (E-DLP) to effectively detect sensitive data in structured data without relying on header identification. Traditional DLP struggles with inconsistencies and detection gaps because it depends on valid headers in the first 10 rows, which can lead to many false negatives. The new Holistic SDP approach eliminates this dependency by focusing on the content patterns within the data itself, which is especially valuable for organizations that process diverse structured data formats.

Enterprise DLP can now more accurately detect sensitive data in tables without headers, tables with incorrect or ambiguous headers, and content with multiple data patterns in a single column. Additionally, Enterprise DLP can now processes tables aligned horizontally, multiple tables in a single sheet, combinations of tables and free-form data, and even tables with data split across columns (such as addresses distributed across street, state, country, and zip code fields).

With Holistic SDP, Enterprise DLP maintains high detection accuracy and confidence for sensitive information like social security numbers and credit card numbers, regardless of how you format or organize data in structured content. Additionally, Holistic SDP supports all previously supported languages, ensuring consistent protection across a global data ecosystem.

End users often struggle to identify exactly which website or app triggered an Enterprise Data Loss Prevention (E-DLP) incident when the End User Coaching notifications displays only the app name. This can lead to confusion and unnecessary help desk calls. Enterprise DLP End User Coaching notifications now include the URL domain information alongside app names to provide the critical context your end users need to understand and comply with your organization's data protection policies.

When you configure an End User Coaching notification template that includes the [app name] attribute, Autonomous DEM automatically appends the URL domain in parentheses after the app name. For example, if your template contains the message Your file [file name] [direction] [app name] [action] due to company policy on sensitive data the actual end user notification displays as Your file Sample.doc uploaded to example-base (www.example.com) was blocked due to company policy on sensitive data. This additional context helps users understand the exact destination that triggered the DLP incident to reduce confusion and to help prevent repeated violation attempts to the same destination. This works with both specifically identified apps and generic apps like web-browsing. If no URL domain is associated with the incident, the notification displays only the app name without parentheses.