You can now deploy Endpoint DLP capabilities with Prisma Access Agent to prevent exfiltration of sensitive data to peripheral devices such as USB devices, printers, and network shares, or to control access to them. This integration extends your Enterprise DLP policies directly to endpoints, enabling you to monitor and control data movement on laptops, desktops, and mobile devices regardless of their network location. You can manage how users handle sensitive information on their devices, including file transfers, removable media usage, and printer interactions.

Start by configuring your Endpoint DLP policy rules and deploying Prisma Access Agent to the endpoints that you need to protect. The agent will detect file movement between the endpoint and the peripheral device and then will evaluate and enforce your Endpoint DLP policy rules. When necessary, the Prisma Access Agent forwards the traffic to Enterprise DLP for inspection and to render a verdict. Enterprise DLP then communicates the verdict to the Prisma Access Agent, which executes the action you configured in the Endpoint DLP policy rule. Additionally, the Prisma Access Agent is responsible for displaying a notification to the end user when they generate a DLP incident.