Enterprise DLP
September 2025
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
September 2025
Review the new features introduced to Enterprise Data Loss Prevention (E-DLP) in September
2025.
Audit Logging for Snippet Access
September 8, 2025
|
When your data security administrators review DLP incidents to review
sensitive data snippets, Enterprise Data Loss Prevention (E-DLP) now generates an audit log to provide complete visibility
into who accessed this information and when. This enables compliance monitoring and
to adhere to data governance requirements when performing an audit.
Audit Logging for Snippet Access captures essential details including user
identity, access timestamps, and the specific incident ID accessed. The audit logs
exclude the actual snippet accessed to maintain data security while providing the
accountability trail you need for compliance reporting.
Audit Logging for Snippet Access satisfies regulatory requirements that
mandate tracking access to sensitive information. It demonstrates to auditors that
your organization maintains proper data governance controls, and can detect unusual
access patterns that might indicate insider threats or compromised accounts. The
audit log generation occurs transparently without impacting your incident response
workflow or requiring additional steps from your security analysts.
Organizations operating under strict compliance frameworks particularly
benefit from this feature as it transforms incident response activities from
potential compliance liabilities into documented evidence of responsible data
handling. Your data security administrators gain the ability to produce detailed
access reports for compliance audits, investigate potential data breaches involving
snippet access, and establish clear accountability for sensitive data exposure
during incident investigations. The automated nature of the logging ensures
consistent record-keeping without relying on manual processes that are prone to gaps
or errors in high-pressure incident response scenarios.
EDM Auto Provisioning
September 15, 2025
|
Enterprise Data Loss Prevention (E-DLP) now automatically provisions and enables Exact Data Matching (EDM) on your
Enterprise DLP tenant when your data security administrator enables the
service on Strata Cloud Manager. Automating EDM enablement for your Enterprise DLP tenant streamles the deployment process significantly and
eliminates the workflow bottlenecks where you had to wait for manual enablement by
Palo Alto Networks to help significantly reduce Enterprise DLP deployment
times. The automated enablement process allows your data security administrators to
rapidly deploy Enterprise DLP to protect specific sensitive data records such
as customer databases, employee information, or proprietary datasets with pinpoint
accuracy. Automating EDM enablement ensures that your data security administrators
can quickly safeguard your organization from data exfiltration and that they can
quickly respond to emerging data protection requirements while maintaining precise
control over sensitive information without the operational overhead of manual
provisioning workflows.
Improved Snippet and Reports Display
September 16, 2025
|
Improved Snippet and Report Display for Enterprise Data Loss Prevention (E-DLP) solves the critical
challenge data security administrators face when identifying specific data patterns
and data profiles that trigger DLP incidents. This enhancement reduces
incident resolution times and eliminates the need for additional resources for
manual investigation by clearly showing which data patterns and data profiles
triggered each incident. With this improved visibility, data security administrators
can effectively triage incidents, understand information Security policy rule
violations, and efficiently educate users to prevent future violations.
When viewing incident details, you can now see all matched profiles in the report
display, with a toggle to filter for only the profiles that triggered the incident.
When you select a matched profile, the system shows you the specific data patterns
that caused the match, along with their confidence levels and occurrence thresholds.
This information remains available even when snippets are disabled, ensuring you
always have the context needed to understand the incident. Additionally, the Unified
Incident Manager view now enables filtering by triggered data patterns and data
profiles, helping you identify trends and recurring issues.
This enhancement supports all supported Enterprise DLP enforcement channels.
When examining the DLP incident snippet details, Enterprise DLP displays which
data pattern triggered the incident and specific details about the data patterns
such as the pattern type, the proximity keywords, and the number of occurrences for
high confidence level. For regex patterns, Enterprise DLP displays occurrence
counts for each confidence level and examine up to three snippets per confidence
level, giving your data security administrators tangible examples of the policy rule
violations.
By providing clear insight into which data patterns and data profiles triggered
incidents, this feature significantly reduces the operational friction in your
security operations center. Data security administrators can quickly understand
policy rule violations, take appropriate remediation actions, and provide targeted
user education, ultimately strengthening your organization's data security posture
and reducing the risk of data exfiltration.
New App Support
Enterprise Data Loss Prevention (E-DLP) introduced new app support for the following:
New Feature
| |
---|---|
New GenAI App Support
September 23, 2025
|
Enterprise DLP now supports the following new GenAI app:
|
Expanded File Size Support for Existing Apps
September 23, 2025
|
Enterprise DLP now supports large file inspection for the
following apps:
|
Proximity Keyword Display For High Confidence Detections
September 30, 2025
|
The Enterprise Data Loss Prevention (E-DLP)
Unified Incident Manager now displays the
proximity keywords that generated a high confidence traffic match. This feature
provides the specific context your data security administrators need to understand a
high confidence detection. Administrators can now see exactly which proximity
keywords appeared near sensitive data matches that triggered the high-confidence
detection.
Your data security administrators can now see exactly which proximity
keywords appeared near sensitive data matches that triggered the high confidence
detection. When data security administrators review DLP incidents, Enterprise DLP displays the proximity keywords directly within the Matches within
Data Profiles. This enables your data security administrators to
quickly and more effectively triage incidents since they can immediately understand
why a detection is high confidence based on the surrounding proximity keywords.
Instead of manually reviewing entire documents to determine what elevated the alert
priority, data security administrators can quickly validate high-priority exposures
where sensitive data appears alongside risk-indicating language. This capability
helps data security administrators focus their data security response efforts on
genuinely critical detections while reducing time spent investigating
high-confidence alerts, ultimately improving your data security posture and
accuracy.