May 16, 2023 3m read

Updated Cato DLP Engine Brings Customization, Sensitivity Labels, and More

Eran Shavit
Eran Shavit

Table of Contents

Wondering where to begin your SASE journey?

We've got you covered!
Listen to post:
Getting your Trinity Audio player ready...

Last year, we launched Cato DLP  to great success. It was the first DLP engine that could protect data across all enterprise applications without the need for complex, cumbersome DLP rules.  Since then, we have been improving the DLP engine and adding key capabilities, including user-defined data types for increased control and integration with Microsoft Information Protection (MIP) to immediately apply sensitivity labels to your DLP policy. Let’s take a closer look.

User Defined Data Types

Cato provides over 300 pre-defined out-of-the-box data types and categories for typical scenarios of DLP policies. However, sometimes organizations require the ability to create custom-defined data types to match specific data inspections that are not covered by the pre-defined types.

To customize content inspection for your DLP policies, you can now define keywords, dictionaries, and regular expressions. Regular expressions allow for more accurate detection and prevention of data loss incidents, without impacting legitimate business operations. For example, you can use regular expressions to detect specific data patterns, such as email addresses with a string containing the keywords “Bank Account Number” and an 8-to-17-digit number.

Cato DLP configuration screen showing customized data types to meet individual requirements.

MIP Sensitivity Labels

In addition, we recently added the support for MIP as another user defined data type. MIP offers sensitivity labels that enable organizations to classify their data based on their sensitivity level.  The MIP classification system allows for greater control over how data is accessed, shared, and used within the organization.

Protect Your Sensitive Data and Ensure Regulatory Compliance with Cato’s DLP | Download the White Paper

By using sensitivity labels, organizations can ensure that sensitive data is only accessed by authorized personnel, while still enabling productivity and collaboration. After integrating Sensitivity Labels and adding them to a Content Profile, the DLP engine immediately enforces them for relevant traffic. For better policy granularity, create separate DLP rules to manage content access for different users and groups based on MIP labels.

For instance, a law firm that classified all their documents with MIP labels, can easily reuse the label in the Cato DLP policy to only allow senior partners to access certain documents.

MIP Sensitivity Labels are now supported in Cato DLP

Cato: Advanced Protection Everywhere – In an Instant

With the changes, Cato DLP brings advanced content inspection capabilities that combine data inspection with contextual information based on the full range of Cato’s Networking and Security engines. This unique approach provides greater accuracy and reduces false positives, resulting in a more efficient and effective DLP solution.

But, of course, the real distinction of Cato DLP is that it’s part of the Cato SASE Cloud platform. As a global cloud-native platform, Cato SASE Cloud brings DLP along with FWaaS, SWG, ZTNA, CASB, RBI, and more to remote users and locations everywhere in just a few clicks. Click to learn more about Cato SASE Cloud and about SASE.


Related Topics

Wondering where to begin your SASE journey?

We've got you covered!
Eran Shavit

Eran Shavit

Eran Shavit is a Security and Analytics Product Manager at Cato Networks. He is responsible for scoping and designing security solutions. Eran brings more than eight years of experience in building cybersecurity solutions.

Read More