Abstract: Systems and methods for visualization monitoring data from a cloud-based system include obtaining monitoring data from a cloud-based system, wherein the monitoring data is based on transactions associated with a plurality of users of a cloud environment; providing a Graphical User Interface (GUI) comprising a plurality of columns wherein each column comprises a plurality of filter cards; obtaining a plurality of filter card selections as inputs from the GUI; and displaying log data based on the plurality of filter card selections. The monitoring data can be for one or more of cloud security service transactions, application access via a Zero Trust Network Access (ZTNA) service, user experience metrics, and files accessed via the cloud environment.

Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.

Abstract: Cloud-based data loss prevention (DLP) systems and methods include monitoring a file to be checked for sensitive data from a user associated with a tenant; obtaining one or more dictionaries for the tenant; identifying a DLP match based on any of identifying exact document matches between the file and files in the one or more dictionaries, identifying same text in the file as in an indexed document in the one or more dictionaries, identifying content in the file that contains a subset of text in an indexed document in the one or more dictionaries, and identifying content that is similar but not exact as the text in an indexed document in the one or more dictionaries; and, responsive to the DLP match, blocking the file in the cloud-based system.

Abstract: Systems and methods for Data Loss Prevention (DLP) on images include detecting an image in monitored user traffic; scanning the image to identify any text and extracting any identified text therein; responsive to the extracting, scanning the extracted text with a plurality of DLP techniques including one or more DLP engines where the extracted text is checked to trigger the one or more DLP engines, Exact Data Matching (EDM) where the extracted text is matched to see if it matches specific content, and Indexed Data Matching (IDM) where the extracted text is matched to some part of a document from a repository of documents; and performing one or more actions based on results of the plurality of DLP techniques.

Abstract: Systems and methods include receiving Data Loss Prevention (DLP) configurations for one or more devices, wherein the DLP configurations define how exfiltration of sensitive data is protected for the one or more devices; monitoring traffic of the one or more devices; and scanning the traffic of the one or more devices using the DLP configurations assigned to the one or more devices.

Abstract: A cloud-based security system includes a plurality of enforcement nodes connected to one another; a central authority connected to the plurality of enforcement nodes; and a Data Loss Prevention (DLP) service executed between the plurality of enforcement nodes, wherein the DLP service includes one or more DLP rules based on one or more DLP engines for a tenant, and wherein, for the DLP service, a first enforcement node is configured to monitor traffic of a user of the tenant, detect a DLP rule violation based on the one or more DLP rules, and forward DLP incident information to a second enforcement node, and the second enforcement node is configured to transmit the DLP incident information to a server for the tenant, including both DLP triggering content that cause the DLP rule violation and DLP scan metadata.

Abstract: Cloud-based data loss prevention (DLP) systems and methods include monitoring a file to be checked for sensitive data from a user associated with a tenant; obtaining one or more dictionaries for the tenant; identifying a DLP match based on any of identifying exact document matches between the file and files in the one or more dictionaries, identifying same text in the file as in an indexed document in the one or more dictionaries, identifying content in the file that contains a subset of text in an indexed document in the one or more dictionaries, and identifying content that is similar but not exact as the text in an indexed document in the one or more dictionaries; and, responsive to the DLP match, blocking the file in the cloud-based system.

Abstract: Systems and methods include obtaining an expression for a Data Loss Prevention (DLP) engine, wherein the expression includes one or more DLP dictionaries that evaluate to a score for comparison with a corresponding threshold and one or more logical operators used to combine an evaluation of the one or more DLP dictionaries; storing the expression in a database associated with a DLP service; monitoring traffic from one or more users; evaluating the traffic using the DLP engine and the expression; and determining a DLP trigger based on a result of the expression that is a logical TRUE.

Abstract: Systems and methods include obtaining a file to be checked for Data Loss Prevention (DLP); determining a cryptographic hash of the file and comparing the cryptographic hash to corresponding cryptographic hashes of indexed files; responsive to a match between the cryptographic hash and one of the corresponding cryptographic hashes, determining a DLP match and performing an action based thereon; responsive to no match, extracting text from the file and creating an ordered sequence of hashes of variable length chunks of the extracted text; and determining the DLP match with one of the indexed files based on comparing the ordered sequence of hashes with corresponding ordered sequence of hashes of the indexed files.

Abstract: Cloud-based data loss prevention (DLP) systems and methods include monitoring a file to be checked for sensitive data from a user associated with a tenant; obtaining one or more dictionaries for the tenant; identifying a DLP match based on any of identifying exact document matches between the file and files in the one or more dictionaries, identifying same text in the file as in an indexed document in the one or more dictionaries, identifying content in the file that contains a subset of text in an indexed document in the one or more dictionaries, and identifying content that is similar but not exact as the text in an indexed document in the one or more dictionaries; and, responsive to the DLP match, blocking the file in the cloud-based system.

Abstract: Systems and methods include causing a scan by Cloud Access Security Broker (CASB) system of a plurality of users associated with a tenant in a Software-as-a-Service (SaaS) application where the scan includes any of identifying malware in content in the SaaS application and identifying confidential data in the content in the SaaS application; during the scan which is covering historical data in the SaaS application, receiving notifications of the content being actively modified by any of the plurality of users; and including the content being actively modified in the scan with the historical data. The systems and methods can further include maintaining geolocation of the any of the plurality of users; and causing the content being actively modified in the scan to be processed by the CASB system based on the geolocation.

Abstract: Systems and methods include obtaining a file to be checked for Data Loss Prevention (DLP); determining a cryptographic hash of the file and comparing the cryptographic hash to corresponding cryptographic hashes of indexed files; responsive to a match between the cryptographic hash and one of the corresponding cryptographic hashes, determining a DLP match and performing an action based thereon; responsive to no match, extracting text from the file and creating an ordered sequence of hashes of variable length chunks of the extracted text; and determining the DLP match with one of the indexed files based on comparing the ordered sequence of hashes with corresponding ordered sequence of hashes of the indexed files.

Abstract: A cloud-based security system includes a plurality of enforcement nodes connected to one another; a central authority connected to the plurality of enforcement nodes; and a Data Loss Prevention (DLP) service executed between the plurality of enforcement nodes, wherein the DLP service includes one or more DLP rules based on one or more DLP engines for a tenant, and wherein, for the DLP service, a first enforcement node is configured to monitor traffic of a user of the tenant, detect a DLP rule violation based on the one or more DLP rules, and forward DLP incident information to a second enforcement node, and the second enforcement node is configured to transmit the DLP incident information to a server for the tenant, including both DLP triggering content that cause the DLP rule violation and DLP scan metadata.

Abstract: Systems and methods include obtaining an expression for a Data Loss Prevention (DLP) engine, wherein the expression includes one or more DLP dictionaries that evaluate to a score for comparison with a corresponding threshold and one or more logical operators used to combine an evaluation of the one or more DLP dictionaries; storing the expression in a database associated with a DLP service; monitoring traffic from one or more users; evaluating the traffic using the DLP engine and the expression; and determining a DLP trigger based on a result of the expression that is a logical TRUE.

Abstract: Systems and methods for Data Loss Prevention (DLP) on images include detecting an image in monitored user traffic; scanning the image to identify any text and extracting any identified text therein; responsive to the extracting, scanning the extracted text with a plurality of DLP techniques including one or more DLP engines where the extracted text is checked to trigger the one or more DLP engines, Exact Data Matching (EDM) where the extracted text is matched to see if it matches specific content, and Indexed Data Matching (IDM) where the extracted text is matched to some part of a document from a repository of documents; and performing one or more actions based on results of the plurality of DLP techniques.

Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.

Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.

Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.