Banyan’s Data Loss Prevention (DLP) capability is designed to prevent users from unintentionally exposing organizational data. Banyan provides a network-based approach to DLP using AI detectors; this approach complements others, such as Endpoint DLP and Cloud DLP.
DLP Rules are the fundamental building block of a Banyan DLP policy. A DLP policy comprises Upload Rules, Download Rules, or both.
upload_rule: applied on traffic leaving the user’s device (typically the body of a POST request)
download_rule: applied on traffic entering the user’s device (typically a response to a GET request)
A given Rule can consist of File references, Detector references, or both.
File References describe the types of files to detect and block.
file_type: specifies the file extension(s) to target, such as Adobe PDF, Microsoft Powerpoint, Microsoft Word, etc
file_size: specifies the minimum file size for this reference
Example DLP policy with File References
Detector References determine what text to inspect for and how to transform findings.
detector_location_categories: scopes data sensitivity to a specific locals; options include GLOBAL, LATAM, EUROPE, CANADA, UNITED_KINGDOM, UNITED_STATES
detector_industries: scopes data sensitivity to a specific industry(s); options include ALL, FINANCE, HEALTH, TELECOMMUNICATIONS
detector_types: specifies the type of sensitive data; options include PII, SPII, CREDENTIAL, GOVERNMENT_ID
Example DLP policy with Detector References
Assignment and Attachment
DLP Policies need to be specifically assigned to users and devices admins need to secure; assignment is done via Banyan Roles.
In addition to assigning a DLP policy to a set of users, admins need to attach the DLP policy to either a Hosted Website or a Public Application defined in Banyan.
Once a DLP policy is assigned to users and attached to a service, enforcement will begin.
Can’t find what you’re looking for?
We’re happy to help. Contact our team.