Data Filtering Support for Data Loss Prevention (DLP) Solutions

Data filtering is enhanced to work with third-party, endpoint DLP solutions that populate file properties to indicate sensitive content, enabling the firewall to enforce your DLP policy. To better secure this confidential data, you can now enable data filtering to identify the file properties and values set by a DLP solution and then log or block the files the data filtering profile identifies.
While this feature is supported in previous release versions, it required you to use regular expressions to define the data patterns on which you want the firewall to filter. This data filtering enhancement introduces a more simplified and intuitive workflow to prevent confidential information from leaving your network, including:
  • Built-in settings allow you to easily enable the firewall to scan for file properties and specific, associated values. If you’re using a DLP solution, you can populate these settings based on your DLP policy.
  • New predefined data patterns enable you to quickly set up social security and credit card number detection.
Data pattern objects previously defined to filter for credit card numbers, social security numbers, and regular expression patterns will look a little different after the upgrade to PAN-OS 8.0.

Related Documentation