Cheat Sheet: Enterprise DLP with Prisma Access
Focus
Focus
Prisma Access

Cheat Sheet: Enterprise DLP with Prisma Access

Table of Contents

Cheat Sheet: Enterprise DLP with
Prisma Access

Data loss prevention (DLP) is a set of tools and processes that allow you to protect sensitive information against unauthorized access, misuse, extraction, or sharing.
Where Can I Use This?
What Do I Need?
  • Prisma Access (Cloud Management)
  • Prisma Access (Panorama Managed)
Data loss prevention (DLP) protects sensitive information against unauthorized access, misuse, extraction, or sharing. Enterprise DLP on
Prisma Access
enables you to enforce your organization’s data security standards and prevent the loss of sensitive data across mobile users and remote networks.
Prisma Access
integrates its DLP capability to allow
Prisma Access (Cloud Management)
to use the same DLP capabilities as those used in Panorama and on next-generation firewalls. This integration provides you with an improved experience that allows you to use the same DLP patterns, profiles, and rules as those used in next-generation firewalls.

Cloud Management

Enterprise DLP on
Prisma Access (Cloud Management)
enables you to enforce your organization’s data security standards and prevent the loss of sensitive data.
Important:
If you’re already using Panorama to manage Enterprise DLP for next-gen firewalls, your DLP configuration (data patterns and DLP profiles) in
Prisma Access
Cloud Management is read-only; continue to manage DLP from Panorama.

Feature Highlights

The Data Loss Prevention Dashboard
Go to
Manage
Configuration
Security Services
Data Loss Prevention
to configure and manage Enterprise DLP.
If you're using Strata Cloud Manager, go to
Manage
Configuration
Data Loss Prevention
.
Your Enterprise DLP configuration is shared across the products where you’re using Enterprise DLP. So, you might see settings here that were configured elsewhere, and some settings you can configure here can also be leveraged in other products.
Predefined + Custom Enterprise DLP Settings
Enterprise DLP includes built-in settings that you can use to quickly start protecting your most sensitive content:
  • Predefined data patterns specify common types of sensitive information (like credit cards and social security numbers) that you might want to scan for and protect
  • Predefined DLP Profiles group together data patterns that commonly require the same type of enforcement
You can also create custom data patterns and profiles directly in Prisma Access Cloud Management.
Investigation for DLP Incidents
A DLP incident is generated when traffic matches a DLP data profile on
Prisma Access
(Cloud Managed). On the DLP Incidents dashboard, you can view details for the traffic that triggered the incident, such as matched data patterns, the source and destination of the traffic, the file and file type. Go to
Activity
Logs
DLP Incidents
.
If you're using Strata Cloud Manager, go to
Manage
Configuration
Data Loss Prevention
DLP Incidents
.
Scanning for Images in Supported File Formats
Strengthen your security posture to further prevent accidental data misuse, loss, or theft with Optical Character Recognition (OCR). OCR allows the DLP cloud service to scan supported file types with images containing sensitive information that match your Enterprise DLP filtering profiles.
Exact Data Matching (EDM)
EDM is an advanced detection tool to monitor and protect sensitive data from exfiltration. Use EDM to detect sensitive and personally identifiable information (PII) such as social security numbers, Medical Record Numbers, bank account numbers, and credit card numbers, in a structured data source such as databases, directory servers, or structured data files (CSV and TSV), with high accuracy.
Role-Based Access for Enterprise DLP
You can provide role-based access to Enterprise DLP controls inside
Prisma Access (Cloud Management)
:
  • Data Loss Prevention Admin
    —Can access Enterprise DLP settings but can't push configuration changes to
    Prisma Access
    .
  • Data Security Admin
    —Can access Enterprise DLP and SaaS Security controls, but can't push configuration changes to
    Prisma Access
    .

Get Started

Here’s how to get up and running with Enterprise DLP on
Prisma Access (Cloud Management)
.
  1. Check that Your License Covers Enterprise DLP.
  2. Set Up decryption for Enterprise DLP
    Enterprise DLP supports HTTP/1.1. Some applications, like SharePoint and OneDrive, support HTTP/2 for uploads by default. To make applications that use HTTP/2 compatible with Enterprise DLP, you’ll need to strip ALPN headers from uploaded files.
    Go to
    Manage
    Configuration
    Security Services
    Decryption
    and:
    If you're using Strata Cloud Manager, go to
    Manage
    Configuration
    NGFW and
    Prisma Access
    Security Services
    Decryption
    . Select the
    Prisma Access
    configuration scope.
    1. Create a decryption profile, and set it to
      Strip ALPN
      .
      (Find the
      Advanced Settings
      in the
      SSL Forward Proxy
      section).
    2. Add the decryption profile to an
      SSL Forward Proxy
      decryption rule.
  3. Create a Data Pattern.
    Enterprise DLP data patterns specify what content is sensitive and needs to be protected—this is the content you’re filtering. You can create a custom data pattern based on regular expressions or a data pattern based on file properties.
  4. Create a Data Profile.
    Group data patterns that should be enforced the same way into a data profile. You can also use data profiles to specify additional match criteria and confidence levels for matching.
    Data profiles can contain regular expression data patterns, Exact Data Matching (EDM) data patterns, or a combination of both.
  5. Create a DLP rule.
    Specify the traffic and file types you want Enterprise DLP to protect. Set the action for Enterprise DLP to take when it detects a DLP incident.
  6. Enable the DLP rule.
    In
    Prisma Access (Cloud Management)
    , a DLP rule is a type of security profile. To enable a security profile to enforce traffic: Add it to a profile group, and add the profile group to a security rule.

Panorama

Enterprise DLP on
Prisma Access (Panorama Managed)
enables you to enforce your organization’s data security standards and prevent the loss of sensitive data.
Use DLP with
Prisma Access (Panorama Managed)
by installing the installing the Enterprise DLP plugin on the same Panorama appliance that manages Prisma Access.
If you have migrate from an existing DLP on
Prisma Access
license to the DLP plugin, the locations of data patterns and data filtering profiles move in Panorama after the migration:
  • Data patterns move from
    Objects
    Custom Objects
    Data Patterns
    to
    Objects
    DLP
    DLP Data Patterns
    .
  • Data filtering profiles move from
    Objects
    Security Profiles
    Data Filtering
    to
    Objects
    DLP
    DLP Data Filters
    .

Recommended For You