Eran Shavit
Eran Shavit is a Security and Analytics Product Manager at Cato Networks. He is responsible for scoping and designing security solutions. Eran brings more than eight years of experience in building cybersecurity solutions. Read ›
Updated Cato DLP Engine Brings Customization, Sensitivity Labels, and More
Last year, we launched Cato DLP to great success. It was the first DLP engine that could protect data across all enterprise applications without the... Read ›
Updated Cato DLP Engine Brings Customization, Sensitivity Labels, and More Last year, we launched Cato DLP to great success. It was the first DLP engine that could protect data across all enterprise applications without the need for complex, cumbersome DLP rules. Since then, we have been improving the DLP engine and adding key capabilities, including user-defined data types for increased control and integration with Microsoft Information Protection (MIP) to immediately apply sensitivity labels to your DLP policy. Let's take a closer look.
User Defined Data Types
Cato provides over 300 pre-defined out-of-the-box data types and categories for typical scenarios of DLP policies. However, sometimes organizations require the ability to create custom-defined data types to match specific data inspections that are not covered by the pre-defined types.
To customize content inspection for your DLP policies, you can now define keywords, dictionaries, and regular expressions. Regular expressions allow for more accurate detection and prevention of data loss incidents, without impacting legitimate business operations. For example, you can use regular expressions to detect specific data patterns, such as email addresses with a string containing the keywords "Bank Account Number" and an 8-to-17-digit number.
Cato DLP configuration screen showing customized data types to meet individual requirements.
MIP Sensitivity Labels
In addition, we recently added the support for MIP as another user defined data type. MIP offers sensitivity labels that enable organizations to classify their data based on their sensitivity level. The MIP classification system allows for greater control over how data is accessed, shared, and used within the organization.
[boxlink link="https://www.catonetworks.com/resources/protect-your-sensitive-data-and-ensure-regulatory-compliance-with-catos-dlp/"] Protect Your Sensitive Data and Ensure Regulatory Compliance with Cato’s DLP | Download the White Paper [/boxlink]
By using sensitivity labels, organizations can ensure that sensitive data is only accessed by authorized personnel, while still enabling productivity and collaboration. After integrating Sensitivity Labels and adding them to a Content Profile, the DLP engine immediately enforces them for relevant traffic. For better policy granularity, create separate DLP rules to manage content access for different users and groups based on MIP labels.
For instance, a law firm that classified all their documents with MIP labels, can easily reuse the label in the Cato DLP policy to only allow senior partners to access certain documents.
MIP Sensitivity Labels are now supported in Cato DLP
Cato: Advanced Protection Everywhere – In an Instant
With the changes, Cato DLP brings advanced content inspection capabilities that combine data inspection with contextual information based on the full range of Cato’s Networking and Security engines. This unique approach provides greater accuracy and reduces false positives, resulting in a more efficient and effective DLP solution.
But, of course, the real distinction of Cato DLP is that it’s part of the Cato SASE Cloud platform. As a global cloud-native platform, Cato SASE Cloud brings DLP along with FWaaS, SWG, ZTNA, CASB, RBI, and more to remote users and locations everywhere in just a few clicks. Click to learn more about Cato SASE Cloud and about SASE.