Netskope Help

Data Loss Prevention

DLP profiles come with a predefined set of rules for well-known compliance regulations like Payment Card Information (PCI), Protected Health Information (PHI), and Personally-Identifiable Information (PII), to name a few. You can also create custom DLP rules using a large dictionary of predefined data identifiers and custom regex expressions. The DLP engine scans file contents to identify sensitive data based on the configured policy. There is a flexible set of policy actions that can be enforced if sensitive data is identified in the content.

DLP profiles can be used when creating a Real-time Protection or API Data Protection policy. You can apply multiple DLP profiles to a policy where each profile contains a set of predefined or custom DLP rules. Whenever a DLP profile matches a policy, the resulting incident is shown in the Incidents page under Incidents > DLP.

When you configure a Real-time Protection policy with multiple DLP profiles and the content matches multiple profiles, the policy performs the most restrictive action associated with the DLP profiles that match for that policy. The resulting incidents lists all the profiles that matched along with their corresponding forensic information. An alert is generated for each rule associated with any of the matched DLP profiles.

For example, if the Real-time Protection policy contains three DLP profiles - PCI, PII, and PHI where, the following actions are defined.

Example DLP Profile

Example Action






User Alert

If the content matches all three profiles, then DLP blocks the content. DLP also generates an alert and a single incident associated with the PCI, PII, and PHI violations.

Create a DLP profile using predefined or custom DLP rules, classifiers, and fingerprint rules to test if they find the sensitive data you're trying to protect. Create a custom DLP profile when the predefined DLP profiles do not meet your requirements.