Security Operations Center (SOC) analysts and incident administrators require
streamlined, automated workflows to effectively triage, review, and resolve data
security risks.
Enterprise Data Loss Prevention (E-DLP) now supports
syslog forwarding to enable your data
security administrators to integrate
Enterprise DLP into your organization’s
automatic incident integration within your established security operations
platforms. Your data security administrator can create a Log Forwarding profile to
automatically forward DLP incident syslogs to your third-party security information
and event management (SIEM), Security Orchestration, and Response (SOAR), or other
automated ticketing systems.
Enterprise DLP syslog forwarding provides substantial flexibility for large
organizations. Your data security administrators can configure a single Log
Forwarding profile for multiple enforcement points, or conversely, create a
different Log Forwarding profile for each channel. They can also associate the same
enforcement channel with multiple Log Forwarding profiles.
Enterprise DLP forwards DLP incident syslogs over a UDP or TCP port and requires
a persistent connection to the receiving endpoint (SIEM, SOAR, or ticketing system).
While Enterprise DLP automatically continues forwarding incident syslogs after
connectivity is restored, the system cannot forward any syslogs that were generated
during the period of disconnection. This integration into established systems allows
teams to quickly incorporate data security risks into their operational cadence.