Banyan’s Data Loss Prevention (DLP) capability is designed to to prevent users from unintentionally exposing organizational data. Banyan provides a network-based approach to DLP using AI detectors that complements other approaches such as Endpoint DLP and Cloud DLP.
DLP Rules are the fundamental building block of a Banyan DLP policy. A DLP policy is comprised of Upload Rules or Download Rules or both.
upload_rule: applied on traffic leaving the user’s device (typically the body of a POST request)
download_rule: applied on traffic entering the user’s device (typically a response to a GET request)
A given Rule can consist of File references or Detector references or both.
File References describe the the types of files to detect and block.
file_type: specifies the file extension(s) to target, such as Adobe PDF, Microsoft Powerpoint, Microsoft Word, etc
file_size: specifies the minimum file size for this reference
Example DLP policy with File References
Detector References describe determine what text to inspect for and how to transform findings.
detector_location_categories: scopes data sensitivity to a specific locals; options include GLOBAL, LATAM, EUROPE, CANADA, UNITED_KINGDOM, UNITED_STATES
detector_industries: scopes data sensitivity to a specific industry(s); options include ALL, FINANCE, HEALTH, TELECOMMUNICATIONS
detector_types: specifies the type of sensitive data; options include PII, SPII, CREDENTIAL, GOVERNMENT_ID
Example DLP policy with Detector References
Assignment and Attachment
DLP Policies need to be specifically assigned to users and devices you need to secure; assignment is done via Banyan Roles.
In addition to assigning a DLP policy to a set of users, you need to attach the DLP to either a Hosted Website or a Public Application defined in Banyan.
Once a DLP policy is assigned to users and attached to a service, enforcement will start.
Can’t find what you’re looking for?
We’re happy to help. Contact our team.