Data Loss Prevention (DLP) Policies

  • Updated on Jul 18, 2023
  • 5 minutes to read
  • Contributors
This article describes features - DLP Policies - that are currently in early preview. Breaking changes may occur as updates are made. Contact your account team to enable these features for your organization.

Overview

Banyan’s Data Loss Prevention (DLP) capability is designed to to prevent users from unintentionally exposing organizational data. Banyan provides a network-based approach to DLP using AI detectors that complements other approaches such as Endpoint DLP and Cloud DLP.

Concepts

Rules

DLP Rules are the fundamental building block of a Banyan DLP policy. A DLP policy is comprised of Upload Rules or Download Rules or both.

  • upload_rule: applied on traffic leaving the user’s device (typically the body of a POST request)
  • download_rule: applied on traffic entering the user’s device (typically a response to a GET request)

A given Rule can consist of File references or Detector references or both.

File References

File References describe the the types of files to detect and block.

  • file_type: specifies the file extension(s) to target, such as Adobe PDF, Microsoft Powerpoint, Microsoft Word, etc
  • file_size: specifies the minimum file size for this reference

Example DLP policy with File References

Detector References

Detector References describe determine what text to inspect for and how to transform findings.

  • detector_location_categories: scopes data sensitivity to a specific locals; options include GLOBAL, LATAM, EUROPE, CANADA, UNITED_KINGDOM, UNITED_STATES
  • detector_industries: scopes data sensitivity to a specific industry(s); options include ALL, FINANCE, HEALTH, TELECOMMUNICATIONS
  • detector_types: specifies the type of sensitive data; options include PII, SPII, CREDENTIAL, GOVERNMENT_ID

Example DLP policy with Detector References

Assignment and Attachment

DLP Policies need to be specifically assigned to users and devices you need to secure; assignment is done via Banyan Roles.

In addition to assigning a DLP policy to a set of users, you need to attach the DLP to either a Hosted Website or a Public Application defined in Banyan.

Once a DLP policy is assigned to users and attached to a service, enforcement will start.

Can’t find what you’re looking for?

We’re happy to help. Contact our team.