I'm finding it really tough to get a clear answer on data loss prevention (DLP) within Secure Access Service Edge (SASE) frameworks these days. Our organization has about 700 users and several office locations, with most of our traffic now going to cloud applications. Right now, we're using a separate DLP tool, but the gaps in coverage for remote users and cloud traffic are increasingly hard to overlook.
I've started looking into SASE platforms that offer DLP natively. The main issue seems to be that while vendors claim their DLP is built-in, many actually just integrate a third-party engine, which leads to separate policy management and inconsistent tuning. I'm currently considering options like Palo Alto, Zscaler, and Cato and would love insights on:
- Is the DLP truly part of the platform or just integrated?
- How well is policy enforced across web, cloud apps, and private access?
- Are we dealing with one policy set or multiple consoles?
- How do they handle false positive tuning?
2 Answers
Honestly, I think DLP is more of a myth than a solution. I’d steer clear of both Zscaler and Palo Alto Networks. Zscaler seems to play a part in a zero trust narrative without really delivering, while Palo Alto seems more focused on traditional firewall solutions and compliance rather than effective DLP.
I have some experience with Skyhigh SSE. Their DLP policies are integrated directly because the DLP engine was developed in-house after McAfee acquired Skyhigh Networks. What’s cool is that their CASB, ZTNA, and SWG all use the same classifications, but with slight differences in policy responses. If you're dealing with HTTP/HTTPS traffic, their DLP works seamlessly through their SWG and RBI engines. Once you set your policies, it's easy to manage incidents from a unified view, and tuning false positives can be done with modifications to the classifications or REGEX exceptions. Just keep in mind that advanced features like evidence storage require an upgraded license.
What specifically makes you say Zscaler is just playing pretend? Could you share more?