Introducing Email DLP: AI-Powered Data Protection for Email

Aug 18, 2023
3 minutes

With hybrid work as an established trend, employees increasingly rely on digital tools like email applications to collaborate and get work done.

Many customers have told us that they’re concerned about email data loss through accidental loss, malicious exfiltration, or unauthorized disclosure of sensitive or regulated data. In fact, during the first quarter of 2023, over six million data records were exposed worldwide through data breaches, with 65% of security practitioners considering email as the most significant data loss vector.

That’s why we are excited to announce the general availability of Email DLP, which is seamlessly integrated with Next-Generation CASB, our SASE-native CASB solution. To help organizations protect sensitive data at scale, we’ve brought together the following innovations within Email DLP:

  • Sensitive data identification within emails through ML-based Enterprise Data Loss Prevention (Enterprise DLP) that helps detect and prevent leaks of company secrets, personally identifiable information (PII), and other sensitive data.
  • Protection of sensitive data when sent to untrusted email domains and also allows safe data sharing with trusted email domains.
  • Data protection regardless of email client or device protects sensitive data no matter how and from where the email is sent.


How Palo Alto Networks Safeguards Against Data Loss over Emails


Identifies sensitive data with best-in-class detection

Email DLP leverages Enterprise DLP that has over 1,000 ML-powered and regular expressions-based patterns built in. It also includes industry-leading detection frameworks delivered via the cloud, including optical character recognition (OCR), exact data match (EDM), and indexed document match (IDM) to identify and help prevent loss of sensitive data in subject, attachment, or body of an email.

Protects sensitive data with inline detection and policy enforcement

Organizations can now depend on Email DLP to enforce outbound email policies that allow, block, quarantine, or forward sensitive emails for approvals to prevent data loss or exfiltration.

These policies can also identify and enforce encryption of sensitive emails to secure data sent for legitimate business purposes. Organizations can curate custom data loss protection (DLP) policies based on sender user details such as email address, organization, job functions, and recipient user information to align Email DLP controls with their email data-sharing business practices.

Email DLP detects and prevents sensitive data delivery from a corporate to a personal email

Protects data regardless of email client or device

Email DLP enforces DLP policies for emails sent from any supported email client, managed devices, or unmanaged devices with a smart-host-based architecture that enables DLP inspection and inline policy enforcement at scale.




The new Email DLP capability enhances Enterprise DLP to help organizations secure data holistically across all their SaaS applications, internet, public cloud, and email.

Organizations gain several advantages when they choose to consolidate their enterprise DLP with Palo Alto Networks, including:

  • a single unified DLP policy across their enterprise
  • access to extensive data detection methods
  • comprehensive and continuously updated sensitive data library
  • global visibility into data exposure, loss, and exfiltration

When organizations use Enterprise DLP as part of our network security platform, they can enforce a unified data security policy for consistent traffic visibility and protection across office users and remote employees.

Email DLP is available as an add-on to NG-CASB and Data Security bundles. Organizations can contact Palo Alto Networks today to begin securing themselves from sensitive data loss over email.

Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.