Data Loss Prevention

Every byte.
Every channel.
Zero leaks.

Shield watches every endpoint, email attachment, cloud sync, and USB port in real time — catching sensitive data the moment it tries to leave your perimeter.

Monitor Channel
ENDPOINT MONITORING

Device-level agent monitors all file operations, clipboard, and network transfers. 14ms average detection latency.

14ms
Avg Detection
99.7%
Accuracy
0
False Positives/Day
shield-console · ENDPOINT VIEW
LIVE
SHIELD
MBP-047
WIN-112
LNX-003
WIN-228
MBP-091
WIN-335
WIN-112 — SSN EXFIL BLOCKED
ENDPOINT MAP · 6 DEVICES● 5 CLEAN · 1 ALERT
Detection Engine

Milliseconds matter when SSNs are in motion.

Shield's kernel-level agent processes file system events, clipboard operations, and network calls inline — before the OS hands off the write.

14ms
Avg Detection Latency
From data touch to policy evaluation
4,200+
Policy Rules
Pre-built PII, PHI, PCI patterns
0.03%
False Positive Rate
Tuned on 180M real-world events
6
Supported OS
Win, macOS, Linux, iOS, Android, ChromeOS
Supported Integrations
endpoint · live detection trace
14ms

A paralegal at Hartwell & Associates copies 340 client records to a personal Dropbox folder. Shield intercepts at the filesystem layer before the upload initiates.

09:14:02.003FS_EVENT: WRITE /Users/k.patel/Dropbox/client_export_2025.xlsx
09:14:02.005POLICY_EVAL: pattern match → SSN × 340, PHI × 127
09:14:02.017BLOCK: upload aborted · rule DLP-CLOUD-PERSONAL-001
09:14:02.017INCIDENT: INC-20260227-0882 · user k.patel@hartwell.com
09:14:02.019NOTIFY: ciso@hartwell.com · manager: s.chen@hartwell.com
09:14:02.020AUDIT: event written to immutable log · SOC2-CC6.1
now_|
14ms
Time to Block

This incident was detected, logged, and blocked automatically — no analyst intervention required.

Email & Attachment Scanning

PHI doesn't belong in a billing attachment.

Inline MTA integration means Shield reads every attachment before SMTP delivery — not after. Zero gateway latency, zero blind spots.

23ms
Avg Scan Time
Per attachment, including OCR
180+
File Types
PDF, XLSX, DOCX, images, ZIP contents
94
PII Entity Types
SSN, EIN, MRN, DOB, NPI, IBAN and more
3
Mail Platforms
O365, Google Workspace, Exchange on-prem
Supported Integrations
email · attachment quarantine
847

A billing coordinator at NexusHealth forwards a quarterly patient export to an external vendor. 847 PHI records detected across 4 fields. Attachment quarantined before delivery.

14:22:41.001SMTP_INTERCEPT: from billing@nexushealth.com → vendor@ext.com
14:22:41.024ATTACHMENT_SCAN: Q4_billing_export.xlsx (2.3MB)
14:22:41.048PHI_DETECTED: SSN × 847 · DOB × 847 · MRN × 847 · InsID × 847
14:22:41.061QUARANTINE: attachment blocked · rule EMAIL-PHI-OUTBOUND-002
14:22:41.063SENDER_NOTIFY: delivery failed · contact compliance@nexushealth.com
14:22:41.065HIPAA_LOG: potential breach averted · ref HIPAA-§164.308(a)(1)
now_|
847
Records Protected

This incident was detected, logged, and blocked automatically — no analyst intervention required.

Cloud & USB Coverage

The perimeter is every sync, every drive.

API-native cloud connectors and kernel-level USB policy enforcement close the two channels most DLP solutions treat as afterthoughts.

12
Cloud Platforms
SharePoint, Drive, Box, Dropbox, OneDrive +7
100%
USB Block Rate
On policy violation, zero exceptions
7yr
Audit Retention
Immutable log storage, tamper-evident
0
API Rate Limit
No polling — event-driven webhooks only
Supported Integrations
cloud · sync block event
2.1GB

An associate at Meridian Law attempts to sync the entire client PII database to a personal Google Drive. Shield detects via Drive API webhook and revokes the sync token before transfer completes.

11:03:15.000GDRIVE_WEBHOOK: sync initiated · user r.okonkwo@meridianlaw.com
11:03:15.012FILE_CLASSIFY: ALL_CLIENT_PII_EXPORT.csv → CONFIDENTIAL/PII
11:03:15.019POLICY_MATCH: rule CLOUD-PERSONAL-ACCOUNT-BLOCK-001
11:03:15.021TOKEN_REVOKE: OAuth token invalidated · sync terminated
11:03:15.024INCIDENT: INC-20260227-0331 · 2.1GB protected
11:03:15.025ESCALATE: partner@meridianlaw.com · GDPR Art.32 log entry
now_|
2.1GB
Data Protected

This incident was detected, logged, and blocked automatically — no analyst intervention required.

Compliance Coverage

Built for the audit your CISO dreads most.

Shield maps every detection rule to the specific control requirements of SOC 2, GDPR, HIPAA, and PCI DSS — so your compliance report writes itself.

Capability
SOC
GDPR
HIPAA
PCI
Data Classification
Access Control Logs
Real-Time Alerting
Encryption at Rest
Audit Trail Export
PHI Detection
~
~
~
Cardholder Data Rules
~
~
~
Cross-Border Transfer Blocks
~
~
~
Breach Notification Assist
Policy Rule Builder
Full coverage
~Framework-specific rule
SOC 2 Type II47 controls mapped

Continuous control monitoring with automated evidence collection for Trust Service Criteria.

HIPAAPHI + ePHI coverage

PHI detection across all channels. Automatic breach notification workflow with covered entity templates.

GDPRArt. 32 & 33 aligned

Cross-border transfer blocking, data subject request tracking, and 72-hour breach notification support.

PCI DSS v4.0Req. 7, 8, 10, 12

Cardholder data environment isolation, PANs detection in email and cloud, and audit log retention.

Free Trial

Start monitoring in under 15 minutes.

No credit card. No sales call required. Full platform access for 30 days.

Start Monitoring Free

No credit card · 30-day full access · Cancel anytime

Full Spec Sheet

Technical documentation covering detection engine architecture, policy rule syntax, API endpoints, and deployment requirements.

SOC 2 Type II certified infrastructure
No data stored during trial
Agent uninstall in one command
Shield monitors 2,847 endpoints across 143 organizations right now