About Data Loss Prevention (DLP)


About Data Loss Prevention (DLP)

Corporate data can be leaked in different ways, i.e., through web mail, cloud storage, social media, and a variety of other applications. You can use Zscaler's DLP policy to protect your organization from data loss.

If your organization had a third party DLP solution, Zscaler can forward information about transactions that trigger DLP policies to your third party solution. Zscaler uses secure Internet Content Adaptation Protocol (ICAP) to do this. However, the Zscaler service does not take ICAP responses from your DLP solution. Zscaler only monitors or blocks content according to the policy you configure, then forwards information about transactions so that your organization can take any necessary remediation steps.

Below are the different types of DLP policy rules you can configure. Your policy can use all of the options below simultaneously.

For information on the order in which Zscaler enforces all policies, including DLC policies, see How does the Zscaler service enforce policies?

With this option, Zscaler:

  1. Scans content with Zscaler DLP engines for specific data.
  2. Allows or blocks the transaction.
  3. (Optional) Sends your auditor a notification.


Below is an illustration of the process that occurs when you block data using Zscaler DLP engines. To learn more, see Configuring Policies Using Zscaler DLP Engines.

Blocking data with Zscaler DLP engines Diagram

With this option, Zscaler:

  1. Scans content with Zscaler DLP engines for specific data.
  2. Allows or blocks the transaction.
  3. (Optional) Sends your auditor a notification.
  4. Sends the following information about the violation to your third party DLP solution via secure ICAP:
    • Client IP and username of users attempting to send data (via ICAP X-headers).
    • A copy of the HTTP POST request that contains the relevant file or content (if content is from HTTP Form data or a text file). The host URL that the user was sending content to is also included here.


Below is an illustration of the process that occurs when you block data using Zscaler DLP engines and forward information to your third party DLP solution. To learn more, see Configuring Policies Using Zscaler DLP Engines.

Zscaler DLP Engines Third-Party Diagram

With this option, Zscaler does not use its DLP engines. Instead, the service does the following:

  1. Detects content that meets the criteria you select (for example, destination URL category or file type).
  2. Allows or blocks the content.
  3. (Optional) Sends your auditor a notification.
  4. Sends the following information about the violation to your third party DLP solution via secure ICAP:
    • Client IP and username of users attempting to send data (via ICAP X-headers).
    • A copy of the HTTP POST request that contains the relevant file or content (if content is from HTTP Form data or a text file). The host URL that the user was sending content to is also included here.


Below is an illustration of the process that takes place when you configure DLP policies for this option. To learn more, see Configuring Policies Using External DLP Engines.

DLP Policies Solutions Diagram

About the Data Loss Prevention Page

On the Data Loss Prevention page, you can do the following:

  1. Configure a DLP policy rule using a predefined Zscaler DLP engine or an external DLP engine
  2. Search for a DLP policy rule
  3. View a list of all configured DLP policy rules that were configured for your organization. For policy rules, you can see the following:
    • Rule Order: The policy rule's order number. DLP policy rules are evaluated in ascending numerical order.
    • Rule Name: The name of the policy rule
    • Criteria: The policy rule's criteria (i.e., DLP Engines, URL Categories, Protocols, etc.)
    • Action: Displays whether the policy rule is enabled or disabled.
    • Description: The description of the policy rule, if available
  4. Edit or duplicate a DLP policy rule
  5. Modify the table and its columns

Data Loss Prevention Page within the Admin Portal