Inline Data Protection refers to the real-time inspection and policy enforcement on data as it travels through a network path. Blocking the attachment of a sensitive document in webmail is a classic example of this. The Zscaler service, acting as a secure web gateway, intercepts the user's HTTP/S traffic, inspects the file content during the upload attempt, and blocks the transmission if it violates a Data Loss Prevention (DLP) policy. This action occurs "in the line" of traffic, preventing the data exfiltration before it is completed.

A. Preventing the copying of a sensitive document to a USB drive is a function of Endpoint DLP, which operates on the user's device, not on network traffic in transit.

B. Preventing the sharing of a sensitive document in OneDrive is often handled by an out-of-band CASB API integration, which scans data at rest and permissions, not data in transit.

C. Analyzing a customer’s M365 tenant for security best practices is a Cloud Security Posture Management (CSPM) function, which assesses configurations, not real-time data flow.

---

1. Zscaler Help Portal

"About Data Loss Prevention": "Zscaler Data Loss Prevention (DLP) allows you to create policies that prevent data leakage from your organization's network. You can use Zscaler's predefined DLP engines or create your own custom engines to scan your organization's outbound traffic (e.g.

web

FTP

etc.)." This document establishes that Zscaler DLP operates on outbound traffic

which is by definition an inline inspection process. The example of webmail falls directly under this use case.

(Reference: Zscaler Help Portal

help.zscaler.com

search for "About Data Loss Prevention".)

2. Zscaler Data Sheet

"Cloud Data Loss Prevention (DLP)": This document distinguishes between different DLP channels. It describes inline protection as "Prevent data loss over all web traffic

including webmail

social media

and personal cloud storage." This directly supports option D as a primary example of inline DLP.

(Reference: Zscaler

Inc. "Cloud Data Loss Prevention (DLP)" Data Sheet

2023

Page 1

Section: "Unified DLP across all channels".)

3. Zscaler Help Portal

"About SaaS Security API": This documentation describes out-of-band protection

stating it "provides visibility and policy control over data at rest within your organization's sanctioned SaaS applications." This clarifies why options B and C

which involve scanning applications at rest (OneDrive) and configurations (M365 tenant)

are not examples of inline protection.

(Reference: Zscaler Help Portal

help.zscaler.com

search for "About SaaS Security API".)