Data Loss Prevention (DLP)
(DLP) detects and prevents unauthorized transmission of confidential information, such as social security numbers, credit card numbers, bank account numbers and so on.
Browser-Based DLP capabilities allow you to enforce DLP by associating data types with a DLP rule.
In the Data Loss Prevention tab, you can set rules based on specific events, data types and actions.
These actions are available within the DLP rules:
- Detect- Performs the DLP scan but does not block the data.
Prevent - Performs the DLP scan and prevents data transfer if it finds a match to a data type.
- Allow- Acts as exclusions, allowing data transfer in certain events.
Block - Blocks the data without the DLP scan.
Ask - Asks the user to provide justification before allowing data transfer based on the DLP scan results.
Redact - Performs a DLP scan and removes sensitive data based on a pre-defined set of . This action is available only for the Text-control category.
Force redact - Automatically replaces sensitive data with asterisk.
The policy allows the administrator to enable the Gen AI Protect feature on the endpoints. Gen AI Protect monitors the use of various generative AI applications by the endpoints. It detects and prevents the sharing of potential confidential information in the prompts to any Gen AI tools by the Endpoint Security Clients. For more information, see Enabling GenAI Protect.