Avanan now introduces two new features that allow administrators to define DLP policies with greater accuracy and intent.

DLP policies must be precise and tightly scoped. Overly broad detection can generate false positives, which not only disrupt legitimate business communication but also burden helpdesk teams with avoidable support tickets. To prevent this, it's essential that DLP rules reflect exactly what needs to be protected, and where.

The first enhancement gives administrators control over where a data type is matched in the email. Instead of scanning the entire message, you can now specify if a data type should be detected only in the subject, body, or attachments. For example, some patterns might indicate sensitive data only when found in attachments, and would otherwise create unnecessary alerts. This selective matching reduces noise and helps enforce policies that are aligned with business logic.

The second feature improves how data types are defined using Regular Expressions. False positives often result from overly broad or untested patterns. To help with this, Avanan now validates the syntax of regex-based data types and allows administrators to test them on sample strings. This makes it easier to confirm that the regex catches what it should - and only what it should - before enforcing it in production.

To configure these capabilities:

  • Match Location: When editing a data type, scroll to the Match on section and select the relevant parts of the email to scan (subject, body, or attachment).

  • Regex Testing: For regex-based types, check that the Valid Regex label is shown. Then click Click here to test your regex and input example strings to confirm matching behavior.

These enhancements are being gradually deployed and should be visible in customer portals over the next 7 days.