“Data breaches are a huge and growing problem worldwide, but the existing legacy and point solutions are not accessible, appropriate or effective for many of the companies that need them,” said Anand Oswal, senior vice president and general manager, Firewall as a Platform, Palo Alto Networks (PAN).
He claims that PAN’s offering requires no new infrastructure as it integrates with existing security technologies. He also adds it works for companies whether they keep their data in the cloud, on-prem or take a flexible approach.
The simplified policy engine and native integration into existing control points, including Palo Alto Networks Next-Generation Firewalls, VM-Series, Prisma Access, Prisma Cloud, and Prisma SaaS, means a lowest total cost of ownership (TCO) compared to complex legacy DLP products.
“In the face of increasing cloud usage and an expanding remote workforce, cybersecurity teams face a strategic imperative—to protect distributed, in-flight sensitive data assets via a unified approach. The architectural complexity of legacy data protection solutions is still a huge obstacle towards adoption for many organizations,” said Doug Cahill, ESG vice president and group director.
PAN claims its enterprise DLP offering can automatically detect sensitive content via advanced machine learning-based data classification and data patterns that leverage over 500+ industry-defined data identifiers. Some examples of these include, but are not limited to, credit card numbers, Social Security numbers and financial records.
Cahill added that because of its cloud-native implementation, Palo Alto Networks’ Enterprise Data Loss Prevention (DLP) is designed to protect sensitive data where it moves and lives — at the perimeter, at the edge, and in the cloud.
How it works
A spokesperson for PAN said the choice of cloud-based service is so that the heavy processing can be done in the cloud.
How it works: The company’s firewall communicates with the cloud DLP service. That firewall can be a traditional on-premise Palo Alto Networks firewall OR a cloud based Prisma Access firewall. If it’s used with the Prisma Access firewall no on-prem infrastructure is needed for DLP.
Differentiation from competition
PAN says its cloud-based offering is different from other cloud-delivered DLP solutions in that these (non-PAN) are “point solutions are designed to deal with the data of one cloud-based application at a time (e.g. a database system or a word processor).”
The spokesperson was adamant that PAN’s offering is also not a legacy system. “Legacy DLP solutions have not evolved to where they are accessible to all who need them. Most of the legacy DLP systems were only designed to help global-scale organizations that have huge data protection budgets and staffs.
“We know of some organizations that have had to build data protection teams with up to 30 people. They are massively complex to design, install and operate so they are not practical for most of the companies and organizations who need them–and each year more and companies seem to need them.
"In addition, many organizations have moved data and applications to the cloud over the past few years and the legacy DLP systems were never designed with the cloud in mind,” he added.