Palo Alto Prisma Access India: the amber alert we read wrong on a Saturday afternoon

04.42 PM. The Slack alert was in lowercase. That should have been the first thing I noticed about the Palo Alto Prisma Access India estate we had stood up nine months earlier at a 240 person Mumbai NBFC. The lowercase tag in the analyst channel meant amber, not red. Amber meant “looks like a false positive, log it, move on”. On a Saturday afternoon in May 2026, that is exactly what the SOC analyst on shift did. By Monday at 9.15 AM the data scientist named in the alert had emailed himself the entire customer credit scoring model in five attachments, each one under the 25 MB cutoff the policy was scanning for.

What the Saturday afternoon SOC actually saw

The amber alert was on a data scientist’s Outlook session, routed through Prisma Access. The body of the alert was honest. It said: “Outbound attachment to personal email domain, file extension .pkl, size 23.8 MB, classification tag absent, sender role: Data Scientist (Risk Modelling).” The Prisma Access DLP engine had done what it was set up to do. It saw an outbound attachment with a personal domain destination. It also saw that the file had no classification tag. Absent tag, in our policy, meant treat as non sensitive.

The analyst on shift, who is good at her job, read the alert at 4.45 PM. She checked the user’s last 30 day pattern. She saw five other outbound emails to that same personal domain from earlier in the month, all small text attachments. She tagged the Saturday alert false positive at 4.47 PM and left for the weekend. I would have made the same call on her log. I keep coming back to that part of it.

The Monday morning that nobody wanted to call

The CISO called me at 9.22 AM. The risk team had run the weekly drift report on the credit scoring model. Yaar, the file hash signature on Saturday’s outbound matched the production model byte for byte (Palo Alto DLP product documentation covers how the engine hashes attachments). The four other “small text attachments” from earlier in the month were the four other .pkl chunks of the same model, sent in pieces, each under the policy’s attention threshold. The model represented about 14 months of data science work and was the basis for an underwriting product that had been quoted to a partner bank three weeks earlier.

Get my free 4-hour quote 200+ businesses across India trust Sirius Star. Response within 8 hours.

Palo Alto Prisma Access India: where the policy gap actually lived

The Prisma engine had done its job. The DLP rule said: if attachment is over 50 MB or carries a Restricted classification tag, block; otherwise log as amber. The data scientist had split the model into five files of about 24 MB each. None of them carried a Restricted tag because nobody on the data science team had been told the tagging system existed for them. The tagging UI lived in Microsoft Information Protection, which the data science team had never been onboarded to. Bas, the gap was not in Prisma. The gap was upstream, in the labelling workflow that nobody had owned.

This is the part I had read wrong nine months earlier. I had assumed, on the rollout brief, that classification would be a Year 1 project the data team would absorb. The data team had not absorbed it because nobody had asked them to. The DPDP 2023 framework and the RBI data localisation guidance for NBFCs both make the case for classification before tooling, in writing. We had bought the tool. We had not built the discipline.

Get my free 4-hour quote Honest DLP gap review. No card. No contract. Response within 8 hours.

What we changed in the four weeks after

One. The Prisma DLP policy now treats an absent classification tag from a Risk Modelling, Data Science or Finance role as amber-plus. Amber-plus pages the on-call analyst and requires a human acknowledgement within 30 minutes. The runbook is short and clear.

Two. We onboarded the data science team to Microsoft Information Protection over six sessions across two weeks. The CISO and the head of data science co-signed the classification workflow. The auditor liked the signed workflow more than the tool itself, which is the answer I would expect from a good auditor.

Three. We added a 7 day rolling hash similarity scan across the same recipient. Five 23.8 MB files to the same external domain in 10 days now generates its own alert, regardless of classification tag. We have seen this pattern referenced in CERT-In advisories on insider exfiltration techniques, and it is the cheapest control we added that quarter.

Four. We rewrote the Saturday afternoon runbook. Any amber DLP outbound on a Friday or Saturday from a high sensitivity role is escalated to amber-plus by default. Achha, the weekend is not a different kind of week. The attackers know it. Now our runbook knows it too.

For the firewall side of this estate, see the Check Point migration story from the Mumbai cooperative bank cutover. For the backup and recovery half, see the Acronis Coimbatore bake-off. For the audit frame, see the DPDP audit Mumbai BFSI piece. For the network side of a 2026 refresh, see the Cambium cnPilot Pune clinic weekend. The full Palo Alto Prisma range we deploy is on our Palo Alto Prisma India page.

P.S. Priya here. The lowercase amber tag was the smallest overlooked signal in this estate, and it was the start. The analyst was good. The tool was good. The classification discipline was the gap. If you are reading an amber alert this afternoon and the file has no classification tag, treat it as amber-plus and call the user before Monday. We have seen this pattern enough times to know the cost of getting it wrong. Security is a verb.

Get my free 4-hour quote 200+ businesses. 17+ years in IT. Response within 8 hours.