Product Features | 6 min read

Enhancements to Armorblox Advanced Data Loss Prevention


Spencer Colemere
Spencer Colemere

Armorblox eliminates the needle in the haystack approach to DLP alerts with precise organization-specific data protection and powerful encryption and exception capabilities now available to all customers.

Enhancements to Armorblox Advanced Data Loss Prevention

Legacy DLP systems may support custom and  targeted policies, but organizations and DLP admins are still buried, in the middle of hundreds of false positives. The reason is simply due to legacy DLP tools lacking the contextual knowledge to differentiate sensitive data from business critical data. The difference between a 9-digit zoom meeting number and a 9-digit Social Security Number is small, but the ability to distinguish the two is the difference between losing sensitive data or blocking business critical emails.

Legacy DLP tools look at keywords such as Zoom or SSN to provide the missing context needed to make a determination of data type. If a keyword isn't found within proximity of a 9-digit number it will result as a false-negative, meaning it won't get flagged by DLP and will be left undetected. False negatives can be more devastating to organizations than false positives because data is leaked. Combating this requires organizations to loosen their rules to catch more, and that results in high false positives creating a constant trade-off between false positives or false negatives.

Armorblox eliminated this needle in the haystack approach to DLP alerts and made precise organization-specific data protection available to all customers when we reimagined DLP with the addition of Armorblox Advanced Data Loss Prevention product, announced March of this year. Now, with new enhancements, Armorblox customers can receive powerful encryption and exception capabilities, without sacrificing the precise data protection Armorblox customers know and love.

Protection through Custom Policies

Armorblox customers can create custom policies that leverage custom identification and exceptions capabilities that all leverage NLU to provide accurate context driven protection.

Not all organizations are created equally, nor is their data. Organizations document, store, and share their data differently and require a custom policy to meet these specific needs. Custom identification is used to detect the format the data is stored and used. Exceptions are used to allow business to proceed as normal by not blocking business critical emails, but still providing protection from data loss.

Let’s take social security numbers as an example. The HR department may run into situations where sending sensitive PII information, such as a SSN, is required as part of normal business practices. For situations like this, custom policies can be created to automatically detect the SSN and apply an exception so the policy doesn’t block the email, but instead, will automatically encrypt emails and attachments containing Social Security Numbers. For individuals not within the HR department, the policy will automatically block all emails containing SSNs.

Custom DLP Policies extend the breadth and depth of Armorbox data loss prevention capabilities across all organization-specific data types. With these enhancements to Armorblox Advanced Data Loss Prevention, customers can customize the remediation actions across DLP incidents down to specific users or active directory groups across the organization for all PII, PCI, and PHI data.

Powerful Encryption Coupled with Language-Based Detections

Armorblox provides powerful encryption capabilities that utilizes NLU to monitor and automatically protect against the authorized and unauthorized sending of sensitive data.

NLU provides Armorblox DLP detection to use the context of the email and what is being communicated to determine if the email contains sensitive data. NLU dissects the content of emails and attachments to understand the intent and content of the communication. For example when a user sends a 9-digit number it can determine the difference between a Zoom number and a SSN to accurately detect the sensitive data. Based on this detection automated actions, such as remediation, can be confidently and accurately applied to email communication.


Fig 1: List of all DLP Incidents and the automated remediation action Armorblox took

From within the Armorblox dashboard, customers find a list of all DLP incidents, and the associated users impacted and the Automatic Remediation Action taken by Armorblox (see Fig 1). From here, customers can change the remediation action, assess incidents that are pending review prior to taking an action, and view any DLP incident in detail.


Fig 2: Armorblox automatically encrypts outbound email communication that violate DLP Policies to protect sensitive PHI data

Above we see the details of an example outbound email that Armorblox flagged as a violation according to the Custom DLP Policy: Medical Record Number. Based on the policy configured by DLP Admins, Armorblox identified the unauthorized sharing of sensitive PHI information and automatically encrypted the sensitive information included for all external recipients.

Armorblox’s enhanced encryption capabilities provide organizations the precise data protection needed to protect sensitive and confidential data within the email body or attachments from unauthorized exposure. Customizable exceptions across all DLP policies prevent the delay of critical business workflows for specific individuals with approved access to send sensitive data (PII, PCI, PHI).

See how Armorblox prevents unauthorized sharing of organization-specific sensitive data.

Take Product Tour

Experience the Armorblox Difference

Get a Demo