Prisma Access
Cheat Sheet: Enterprise DLP with Prisma Access (Managed by Strata Cloud Manager)
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Cheat Sheet: Enterprise DLP with Prisma Access (Managed by Strata Cloud Manager)
Prisma Access (Managed by Strata Cloud Manager)
Enterprise DLP on
Prisma Access (Managed by Strata Cloud Manager)
enables
you to enforce your organization’s data security standards and prevent
the loss of sensitive data.Important:
If you’re already using Panorama to manage Enterprise DLP for next-gen
firewalls, your DLP configuration (data patterns and DLP profiles) in Prisma Access
Cloud Management is read-only; continue to manage DLP from Panorama.Feature Highlights
The Data Loss Prevention Dashboard
Go to to configure and manage Enterprise DLP.
Manage
Configuration
Security Services
Data Loss Prevention
If you're using Strata Cloud Manager, go to .
Manage
Configuration
Data Loss Prevention
Your Enterprise DLP configuration is shared across the products where
you’re using Enterprise DLP. So, you might see settings here that were
configured elsewhere, and some settings you can configure here can also be
leveraged in other products.
Predefined + Custom Enterprise DLP
Settings
Enterprise DLP includes built-in settings that you can use to
quickly start protecting your most sensitive content:
- Predefined data patterns specify common types of sensitive information (like credit cards and social security numbers) that you might want to scan for and protect
- Predefined DLP Profiles group together data patterns that commonly require the same type of enforcement
You can also create custom data patterns and profiles directly in Prisma
Access Cloud Management.
Investigation for DLP Incidents
A DLP
incident is generated when traffic matches a DLP data profile on .
Prisma Access
(Cloud Managed). On the DLP Incidents dashboard, you can view
details for the traffic that triggered the incident, such as matched data
patterns, the source and destination of the traffic, the file and file type. Go
to Activity
Logs
DLP Incidents
If you're using Strata Cloud Manager, go to .
Manage
Configuration
Data Loss Prevention
DLP Incidents
Scanning for Images in Supported File Formats
Strengthen your
security posture to further prevent accidental data misuse, loss, or theft with
Optical Character Recognition (OCR).
OCR allows the DLP cloud service to scan supported file types with images
containing sensitive information that match your Enterprise DLP filtering
profiles.
Exact Data Matching (EDM)
EDM is an advanced detection tool to
monitor and protect sensitive data from exfiltration. Use EDM to detect
sensitive and personally identifiable information (PII) such as social security
numbers, Medical Record Numbers, bank account numbers, and credit card numbers,
in a structured data source such as databases, directory servers, or structured
data files (CSV and TSV), with high accuracy.
Role-Based Access for
Enterprise DLP
You can provide role-based access to Enterprise DLP
controls inside
Prisma Access (Managed by Strata Cloud Manager)
:- Data Loss Prevention Admin—Can access Enterprise DLP settings but can't push configuration changes toPrisma Access.
- Data Security Admin—Can access Enterprise DLP and SaaS Security controls, but can't push configuration changes toPrisma Access.
Get Started
Here’s how to get up and running with Enterprise DLP on
Prisma Access (Managed by Strata Cloud Manager)
.- Check that Your License Covers Enterprise DLP.
- Enable Role-Based Access for Enterprise DLP.
- Set Up decryption for Enterprise DLPEnterprise DLP supports HTTP/1.1. Some applications, like SharePoint and OneDrive, support HTTP/2 for uploads by default. To make applications that use HTTP/2 compatible with Enterprise DLP, you’ll need to strip ALPN headers from uploaded files.Go toand:ManageConfigurationSecurity ServicesDecryptionIf you're using Strata Cloud Manager, go to. Select theManageConfigurationNGFW andPrisma AccessSecurity ServicesDecryptionconfiguration scope.Prisma Access
- Create a decryption profile, and set it toStrip ALPN.(Find theAdvanced Settingsin theSSL Forward Proxysection).
- Add the decryption profile to anSSL Forward Proxydecryption rule.
- Create a Data Pattern.Enterprise DLP data patterns specify what content is sensitive and needs to be protected—this is the content you’re filtering. You can create a custom data pattern based on regular expressions or a data pattern based on file properties.
- Create a Data Profile.Group data patterns that should be enforced the same way into a data profile. You can also use data profiles to specify additional match criteria and confidence levels for matching.Data profiles can contain regular expression data patterns, Exact Data Matching (EDM) data patterns, or a combination of both.
- Create a DLP rule.Specify the traffic and file types you want Enterprise DLP to protect. Set the action for Enterprise DLP to take when it detects a DLP incident.
- Enable the DLP rule.InPrisma Access (Managed by Strata Cloud Manager), a DLP rule is a type of security profile. To enable a security profile to enforce traffic: Add it to a profile group, and add the profile group to a security rule.