Video Screencast Help

Using Advanced Custom Attributes in Symantec Data Loss Prevention (Part 2 of 2)

Created: 17 Mar 2009
Language Translations
Turls's picture
+2 2 Votes
Login to vote

In Part 1 of our TechTip, we discussed how lookup API can be used to extract information from customer systems, like LDAP, and save it in custom attribute fields associated with DLP incidents to expedite workflow and automated incident response, and facilitate advanced reporting capability.

In this TechTip, we’ll take this a step further and talk about more advanced uses of Custom Attributes to enable more powerful data protection.

Case Management

Symantec DLP was designed to allow incident responders to organize incidents in ways that will facilitate efficient remediation efforts. One of the ways that incident responders handle incidents is by aggregating them into cases, using a custom attribute for case number. Incident Responders can use the incident correlations function to find similar incidents, for example incidents caused by the same person, involving the same file, or copied to the same endpoint, and then, with one click, execute a response rule that assigns them all the same case number. By aggregating these incidents into cases, the incident responders can better focus their investigation and remediation efforts and ensure that incidents associated to a single event, or series of related events, are handled and addressed in a consistent manner.

Automating Remediation

In Part 1 of this Tech Tip, we explained how to connect to internal systems, like LDAP or Active Directory, to extract specific information, such as the name, email address, department code, manager’s name and email address, and line of business VP of the violator, into custom attribute fields and tie them to incidents. This information can also be leveraged to automatically send an email to the violator letting them know that the email they sent or the file that they are storing on a shared drive is in violation of company policy. Custom attributes allow the notification emails to be customized to include the employee’s name, reference the policy violated, and even include information such as the subject line of the violating email to ensure the sender knows exactly which email violated policy. For serious violations, email notifications can automatically be sent to the employee’s manager or line of business VP at the same time. Symantec DLP customers find these automated email notifications have a powerful impact on employee behavior and directly reinforce data protection training, with little staff involvement past the initial setup.

Related Links

DLP Solution Specialists can assist in configuring the DLP lookup API and in extracting the right information for workflow, remediation and reporting.

Click here to visit our web site.

To speak with a Product Specialist in the U.S. Call toll-free 1 (800) 745 6054 To speak with a Product Specialist outside the U.S. For specific country offices and contact numbers, please visit our website.