Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Getting Started with Advanced DLP

This topic provides a quick start guide to Advanced Data Loss Prevention (DLP), covering its requirements, key capabilities, and next steps for implementation.

Prerequisites

Make sure that the following prerequisites are met before you get started with Advanced DLP:

  • DLP Classifications. You need DLP classifications in your base entitlement. 
  • DLP Integrator. To use advanced IDM and EDM features, download and install the latest version of the DLP Integrator.

Key Capabilities

Advanced DLP is a comprehensive solution that helps you to identify and secure sensitive or confidential data in cloud environments with simplified detection and protection, streamlined DLP, and unified data protection. It eliminates the complexity of scaling large volumes of data using various advanced content-matching techniques, providing control over sensitive information such as intellectual property, personally identifiable information (PII), financial data, trade secrets, and more.

It includes an extensive suite of capabilities that go beyond traditional data protection methods to safeguard data across all stages: at rest, in motion, and in use. This unified solution integrates with multiple platforms, including web, cloud, email, private applications, and endpoints. Organizations can leverage Advanced DLP to enhance accuracy and efficiency in data protection, apply robust DLP policies, maintain regulatory compliance, prevent data exfiltration, and address insider threats.

► Core Capabilities of Advanced DLP
  • Large File Scanning for DLP: Skyhigh enables you to scan and protect large files (up to 250 MB) containing sensitive or confidential data across sanctioned and web services. This capability expands the capacity of the DLP engine to analyze a wide range of file types, ensuring that large files are included in your data protection strategy. Organizations can leverage this capability to apply DLP and malware policies to large files, helping to maintain compliance, enhance security, and reduce the risk of unauthorized data transfers. For details, see Large File Scanning for DLP

  • Exact Data Match (EDM): Skyhigh’s enhanced EDM is a data classification method that detects and protects sensitive data based on its exact content instead of using generic data pattern-matching techniques. It enables you to classify data, such as personally identifiable information (PII), stored in structured data sources, like databases or spreadsheets. You can use EDM to identify and match specific data values or combinations of values via fingerprinting. EDM can process data in all languages, including Chinese, Japanese, and Korean. Organizations can use EDM to enhance detection accuracy, reduce false positive rates, improve operational efficiency, bolster data security posture, and maintain compliance. For details, see EDM.

  • Indexed Document Match (IDM): Skyhigh’s enhanced IDM is a data classification method that detects and protects sensitive content stored as unstructured data in documents and files. It enables you to classify text-based documents and image-based files, such as Word, PDF, PowerPoint, or CAD files. You can use IDM to identify and match content completely or partially based on fingerprinting and indexing of documents and images. Organizations can leverage IDM to enhance data protection, improve detection accuracy, reduce false positive rates, streamline operational workflows, and maintain compliance. For details, see IDM.
  • ML Auto Classifiers: ML Auto Classifiers automatically identify and categorize sensitive data in text and image-based files using Skyhigh's pre-trained AI and ML models. You can use ML Auto Classifiers to quickly and accurately classify sensitive files in sanctioned, shadow, and web services, enabling granular and real-time DLP policy controls. Skyhigh's built-in data classifiers detect common sensitive data types, including Personally Identifiable Information (PII), Payment Card Industry Data Security Standards (PCI DSS), and Health Insurance Portability and Accountability Act (HIPAA) data. Organizations can leverage this capability to reduce false positives and negatives, enhance data security posture, streamline data governance, maintain compliance, and mitigate risks. For details, see ML Auto Classifiers.

  • Evidence File Retention for Shadow/Web DLP Incidents: An evidence file is a copy of compromised content that violates a Shadow/Web DLP policy. Skyhigh enables you to save evidence files in your data storage, providing granular insights and supporting in-depth forensic analysis of generated incidents. You can download evidence files associated with Shadow/Web DLP incidents individually or in bulk. Organizations can leverage these files to accelerate their response to data breaches, maintain compliance, mitigate risks, and refine their DLP policies. For details, see Save DLP Evidence for Shadow/Web DLP Incidents.

Next Steps

You can refer to the following table for steps on how to configure the Advanced DLP features. Once you configure the Advanced DLP features such as enhanced EDM/IDM and ML Auto Classifiers, you can apply these features to all types of DLP policies (Sanctioned, Shadow/Web, Private Access, and more) across Skyhigh SSE. This enables your classifications to be used in various types of policies, including those for On-Demand Scans.

Advanced DLP Features Configuration Steps
star.png Enhanced EDM
  1. Generate an enhanced EDM fingerprint file
  2. Create and index an enhanced EDM fingerprint
  3. Create an enhanced EDM classification
  4. Create a Sanctioned or Shadow/Web DLP policy using the new enhanced EDM classification
star.png Enhanced IDM
  1. Generate an enhanced IDM fingerprint file
  2. Create and index an enhanced IDM fingerprint
  3. Create an enhanced IDM classification
  4. Create a Sanctioned or Shadow/Web DLP policy using the new enhanced IDM classification
star.png ML Auto Classifiers
  1. Create a classification using ML Auto Classifier
  2. Create a Sanctioned or Shadow/Web DLP policy using the new ML Auto Classifier classification
star.png Large File Scanning for DLP Configure file size limit for DLP in sanctioned and web services
star.png Evidence File Retention for Shadow/Web DLP Incidents
  1. Configure your data storage provider (AWS) to store evidence files
  2. Create a Shadow/Web DLP policy rule and select the Save Evidence response action

FAQs

Get answers to commonly asked questions about Advanced DLP features such as ML Auto Classifiers.

  • Was this article helpful?