Enterprise Data Loss Prevention (E-DLP) supports the inspection of data in transit that is not part
of a formal file upload. This non-file traffic inspection helps prevent the
exfiltration of sensitive data through collaboration applications, web forms, cloud
applications, and social media. However, this non-file traffic inspection is
designed for transactional web traffic (HTTP/HTTPS), where the client and server
exchange data in discrete, request-response cycles. In contrast, a WebSocket
connection provides a persistent, bidirectional data stream over a single
connection, allowing for continuous communication without the overhead of individual
request-response cycles. While a WebSocket connection can provide better performance
for real-time applications, it introduces unique security challenges for preventing
data loss. These challenges exist because the persistent nature of the connection
allows data to flow continuously rather than in distinct bursts, and can bypass
traditional traffic-inspection methods.
To address these challenges,
Enterprise DLP has expanded its non-file support to
include inspection of WebSocket traffic. This capability allows the detection engine
to examine WebSocket persistent streams in real time to identify sensitive patterns
previously hidden within the open connection.
Enterprise DLP supports WebSocket
inspection for the following widely adopted applications that rely heavily on
streaming data:
- Microsoft Copilot
- Perplexity
