Cheat Sheet: Enterprise DLP on Prisma Access Cloud Management
Enterprise DLP on Prisma Access Cloud Management enables you to enforce your organization’s data security standards and prevent the loss of sensitive data.
Important:If you’re already using Panorama to manage Enterprise DLP for next-gen firewalls, your DLP configuration (data patterns and DLP profiles) in Prisma Access cloud management is read-only; continue to manage DLP from Panorama.
Data loss prevention (DLP) protects sensitive information against unauthorized access, misuse, extraction, or sharing. Enterprise DLP on Prisma Access enables you to enforce your organization’s data security standards and prevent the loss of sensitive data across mobile users and remote networks.
- The Data Loss Prevention DashboardGo toto configure and manage Enterprise DLP.ManageConfigurationSecurity ServicesData Loss PreventionYour Enterprise DLP configuration is shared across the products where you’re using Enterprise DLP. So you might see settings here that were configured elsewhere, and some settings you can configure here can also be leveraged in other products.
- Predefined + Custom Enterprise DLP SettingsEnterprise DLP includes built-in settings that you can use to quickly start protecting your most sensitive content:You can also create custom data patterns and profiles directly in Prisma Access Cloud Management.
- Investigation for DLP IncidentsA DLP incident is generated when traffic matches a DLP data profiles on Prisma Access (Cloud Managed). On the DLP Incidents dashboard, you can view details for the traffic that triggered the incident, such as matched data patterns, the source and destination of the traffic, the file and file type. Go to.ActivityLogsDLP Incidents
- Scanning for Images in Supported File FormatsStrengthen your security posture to further prevent accidental data misuse, loss, or theft with Optical Character Recognition (OCR). OCR allows the DLP cloud service to scan supported file types with images containing sensitive information that match your Enterprise DLP filtering profiles.
- Exact Data Matching (EDM)EDM is an advanced detection tool to monitor and protect sensitive data from exfiltration. Use EDM to detect sensitive and personally identifiable information (PII) such as social security numbers, Medical Record Numbers, bank account numbers, and credit card numbers, in a structured data source such as databases, directory servers, or structured data files (CSV and TSV), with high accuracy.
- Role-Based Access for Enterprise DLPYou can provide role-based access to Enterprise DLP controls inside Prisma Access Cloud Management:
- Data Loss Prevention Admin—Can access Enterprise DLP settings but cannot push configuration changes to Prisma Access.
- Data Security Admin—Can access Enterprise DLP and SaaS Security controls, but cannot push configuration changes to Prisma Access.
Here’s how to get up and running with Enterprise DLP on Prisma Access Cloud Management.
- Check that Your License Covers Enterprise DLP
- Enable Role-Based Access for Enterprise DLP
- Set Up Decryption for Enterprise DLPEnterprise DLP supports HTTP/1.1. Some applications, like SharePoint and OneDrie, support HTTP/2 for uploads by default. To make applications that use HTTP/2 compatible with Enterprise DLP, you’ll need to strip ALPN headers from uploaded files.Go toand:ManageConfigurationSecurity ServicesDecryption
- Create a decryption profile, and set it toStrip ALPN.(Find theAdvanced Settingsin theSSL Forward Proxysection).
- Add the decryption profile to anSSL Forward Proxydecryption rule.
- Create a Data ProfileGroup data patterns that should be enforced the same way into a data profile. You can also use data profiles to specify additional match criteria and confidence levels for matching.Data profiles can contain regular expression data patterns, Exact Data Matching (EDM) data patterns, or a combination of both.
- Create a DLP RuleSpecify the traffic and file types you want Enterprise DLP to protect. Set the action for Enterprise DLP to take when it detects a DLP incident.
- Enable the DLP RuleIn Prisma Access Cloud Management, a DLP rule is a type of security profile. To enable a security profile to enforce traffic: add it to a profile group, and add the profile group to a security rule.
Recommended For You
Recommended videos not found.