Enterprise Data Loss Prevention
Table of Contents
10.0 (EoL)
Expand all | Collapse all
-
- Automatic Content Updates Through Offline Panorama
- Enhanced Authentication for Dedicated Log Collectors and WildFire Appliances
- Syslog Forwarding Using Ethernet Interfaces
- Increased Configuration Size for Panorama
- Access Domain Enhancements for Multi-Tenancy
- Enhanced Performance for Panorama Query and Reporting
- Log Query Debugging
- Configurable Key Limits in Scheduled Reports
- Multiple Plugin Support for Panorama
End-of-Life (EoL)
Enterprise Data Loss Prevention
Leverage Enterprise Data Loss Prevention (DLP) to protect
sensitive information against unauthorized access, misuse, extraction,
or sharing.
Enterprise Data Loss Prevention
(DLP) is a subscription consisting of set of tools and processes
that allow you to protect sensitive information against unauthorized access,
misuse, extraction, or sharing. To leverage Enterprise DLP, you
must install the Enterprise DLP plugin on the Panorama™ management
server where you can centrally managed the data patterns and data
filtering profiles that enforce your organization’s data security
standards and prevent the loss of sensitive data across mobile users
and remote networks for your managed firewalls. To leverage Enterprise
DLP, Panorama and managed firewalls must have Internet connectivity.
Enterprise
DLP is a cloud-based service that uses supervised machine learning
algorithms to sort sensitive documents into Financial, Legal, Healthcare,
and other categories for document classification to guard against
exposures, data loss, and data exfiltration.These patterns can identify
the sensitive information in traffic flowing through your network
and protect them from exposure.
When you apply a data filtering
profile to a Security policy rule, the managed firewall generates
data filtering logs containing detailed information regarding the
traffic that match one or more data pattern in the data filtering
profile. The log details enables forensics by allowing you to verify
whey an uploaded file generated an alert notification or was blocked.
You
view the snippets in the Data Filtering logs. By default, managed
firewalls use data masking to partially mask the snippets to prevent
the sensitive data from being exposed. You can configure your managed
firewalls to completely mask the sensitive information, unmask snippets,
or disable snippet extraction and viewing.
Enterprise DLP
is supported on all Panorama and firewall models, except
for the CN-Series firewalls, running
PAN-OS 10.0.2 and later releases.
- Read about Enterprise DLP to learn more about supported applications and file types, as well as the predefined data filtering profiles.
- Install the Enterprise DLP plugin on Panorama and your managed firewalls.
- Enable Enterprise DLP by
creating:
- A Service route to enable managed firewalls to connect to the Internet.
- A Decryption policy rule to remove ALPN headers for HTTP/2 files.
- A Security policy rule to disable the QUIC protocol to deny traffic on ports 80 and 443.
- Create a data pattern to specify the match criteria and identify patterns, file properties, or keywords that represent sensitive information on your network.
- Create a data filtering profile to add multiple data patterns and specify matches and confidence levels. Data filtering profiles are assigned to Security policy rules for enforcement.
- Configure the Enterprise DLP file settings.
- Edit the Cloud Content Settings to specify a DLP cloud service in your region if you have specific data residency requirements
- Edit the Data Filtering Settings to configure the network settings for files scanned to the Enterprise DLP cloud service and specify the actions the firewall leveraging Enterprise DLP takes.
- Edit the Enterprise DLP Snippet Settings to specify whether snippets of sensitive data that match your Enterprise DLP data patterns in the DLP cloud service and configure how to mask sensitive data if stored.
- View the Enterprise DLP log details to view detailed log data for matched traffic such as the policy rule information, the source and destination of traffic, and the data filtering profile that the data pattern is associated with.