Product Features | 5 min read

Armorblox Custom DLP Workflows Enable Holistic Investigation, Management, and Response to DLP Incidents


Spencer Colemere
Spencer Colemere

Manage DLP incidents efficiently with Armorblox Custom DLP Workflows that provide a built-in, holistic workflow to facilitate the investigation, management, and response of DLP incidents, together, within a single platform.

Armorblox Custom DLP Workflows Enable Holistic Investigation, Management, and Response to DLP Incidents

In today's world, data is one of the most valuable assets for organizations, which is why protecting this data has become increasingly important to ensure the privacy and security of sensitive information. Email is a common communication tool in businesses and can be a potential source of data leaks. Armorblox Advanced Data Loss Prevention is designed to protect data in email environments with built-in remediations and workflows. With Armorblox, users can have peace of mind knowing that their emails are being scanned for any potential threats and that confidential information is protected from unauthorized disclosure or distribution. The product provides real-time monitoring and response, enabling users to quickly identify and respond to potential breaches.

As the volume of data continues to increase, so does the difficulty to manage and protect sensitive data from accidental or malicious exfiltration. When emails are falsely flagged and protected, it causes disruption to the organization (such as disrupting critical business workflows) – affecting productivity. On the other hand, failure to manage data leaks results in heavy fines and even loss of confidence from customers and prospects – potentially leading to loss of business.

DLP admins face the challenge of manually reviewing false positives and managing incidents across various platforms, which can be time-consuming and a drain on the team's productivity and availability to focus on proactive measures.

Armorblox's unique approach to email DLP is designed to address the challenge of false positives and managing incidents. The product leverages large language models and NLU-powered deep learning models for precise detection of sensitive information within email communications and accurate validation of DLP incident violations. This significantly reduces the number of false positives (10x reduction compared to legacy solutions) that DLP admins are required to investigate. This approach saves time for DLP responders and minimizes disruption to the organization. Additionally, the built-in DLP workflows provide a streamlined approach to managing incidents; allowing DLP admins to quickly review and respond to incidents, and the business to continue operating with minimal disruption. This approach frees up time for DLP teams to focus on more critical tasks and contribute value to the organization.

Managing incidents efficiently is critical to optimizing time spent on manual review and reducing the impact DLP may have on businesses. Armorblox now provides a built-in, holistic workflow to facilitate the investigation, management, and response of DLP incidents. Custom DLP Workflows allow DLP admins to investigate true positive incidents quickly, with detailed insight into why the email was flagged and blocked from being sent, such as the sensitive data it contained and the context of the email. Once the investigation is complete, the workflow enables inline response to manage the email and ensure it is accurately protected, or in cases where it is approved to leave the organization, it can be sent. All of this is done while Armorblox automatically updates the end users with actions taken and decisions made by the DLP admin. This streamlined workflow speeds up time for investigation and response of incidents, giving time back for DLP admins to focus on priority tasks, all while enabling the business to work with minimal disruption.

One example of how the workflow can be used to manage a DLP incident is when an outbound email is blocked because it contains sensitive data. When a user sends an email containing sensitive data Armorblox DLP can be configured to take various actions on that email, including blocking it from leaving the email gateway.

Fig 1: DLP Policy Violation identified and email blocked

When an email is sent and blocked the DLP admin can investigate what sensitive data it contains and why it was blocked and quickly respond using the built in workflow. As seen in the example above, this workflow has built in options for simple response such as releasing the email, deleting it, or even allowing the user to edit and remove sensitive data before sending the email again.

Fig 2: Automated email sent to end users based on decision from DLP admin

As seen in the example above, the end user is automatically notified of whichever action the DLP admin makes within Armorblox DLP Incident View. In this example, the DLP admin requested that the email be edited prior to sending, and the end user was promptly notified of the reason behind the email being blocked and the action to take prior to this email being released.

Armorblox Custom DLP Workflows address the challenges DLP admins face around false positives and the prompt management of true positive incidents. Using language-based models and built-in workflows, Armorblox adds value with streamlined, automated processes that save valuable time for DLP admins, while ensuring the feedback loop to end users is maintained and sensitive data is protected from unauthorized distribution (accidentally or maliciously).

Improve your organization's data protection with Armorblox Advanced Data Loss Prevention.

Request a Demo

Experience the Armorblox Difference

Get a Demo