Data Loss Prevention

 View Only

What Protection Does Symantec DLP Provide? A Note for Beginners- Part-2 

Feb 12, 2012 01:52 AM

I am providing here the link for part-1 of 'What Protection Does Symantec DLP Provide? A Note for Beginners':

https://www-secure.symantec.com/connect/articles/what-protection-does-symantec-dlp-provide-note-beginners

Please understnad that since the scope of my article is limited to beginners, I am not focussing on details. In any case, there are much documents available on details of Symantec DLP, which can be referred to later on. I have kept in mind that beginners should be able to understand the basics in minutes of time.

Let's start with the different component of DLP and where they can be placed in an organization's network.

1. Enforce Platform:

In most of the scenario, Enforce server and database server are placed in organizations' LAN. Enforce server is admin/user console. All admin and user related activity is performed on Enforce console. Administrator sets policy through Enforce admin console. So, Enforce can be used for the following:

Policy

Workflow, incidents

Reporting

Administration

2. Database for Symantec DLP:

Database server in Symantec DLP is Oracle. DLP uses Oracle as database to store incidents and other information. If the organization have DBA (DB admin) team, then it is advisable to handover the database admin to them. Symantec support quite often ask to contact DBA for Oracle DB related issue. In most of the scenario, DB is also placed in organizations' LAN.

3. Endpoint Servers and Endpoint Agents:

Endpoint servers are used for managing endpoint agents. Endpoint agents are installed on desktop / laptops (or even tablets now). Endpoint servers are also in organizations' LAN. Even laptop or desktop are out of network and not able to connect to endpoint servers, it keeps all incidents (if any) to itself and sends to endpoint servers as soon as it connects to the network. I have explained in 'What Protection Does Symantec DLP Provide? A Note for Beginners', that it's quite robust, and it's very difficult to compromise with endpoint agents. Endpoints can be used for the following:

Discover / relocate data

USB / CD / DVD

Email / web / FTP / Instant messenger (IM)

Print / Fax

Network shares

Application file access

Copy paste

Question arises here that, if network prevent for email and network prevent for email takes care of data leak through email, web, then why do we require such functionality in endpoint agents? Answer is- what if user is not using corporate proxy or corporate email system? User is using Internet through local Internet connection and using email through web, such as Yahoo mail, Rediffmail etc. Data leak of such kind can be prevented through endpoint agents.

4. Network Prevent / Web Prevent Servers:

Depending on requirement, these can be placed in LAN or DMZ. Network DLP requires DLP network component to be present in-line (or like a sniffer) with email traffic (corporate email) and/or web traffic (proxy servers). Data leak of the data in motion can be monitored and prevented using these. All TCP protocol is supported. e.g. HTTP/HTTPS, FTP, SMTP, IM and any TCP based. Starting from Symantec DLP version 11.5, support for third party proxy is also included. e.g. now Websense remote filtering can be integrated with Symantec DLP for checking data leak through proxy servers.

5. Discover Server:

This is used for identifying sensitive data on various storage like NAS, HDD, file server etc.Following can be used:

File servers

databases

Collaboration platforms such as Lotus Notes/Domino

Websites

Laptops / desktops

This component is not only used for discovering sensitive information but also to relocate it on safer location and leaving a mark at original location so that users are informed.

Now, how these components are integrated with each other?

Enforce is the center of all components. Database communicates with Enforce. All others (endpoint server, network prevent, web prevent, discover) are integrated with Enforce. And lastly, endpoint agents communicate with endpoint servers.

Software or Appliance:

Upto version 11.1.1, Symantec DLP is software which can run on Windows or Linux servers. Endpoint agents are designed for Windows only. Following are the servers platforms where DLP can run:

•Windows 2003 Enterprise Edition (32-bit)
•Windows Server2008 Enterprise Edition R2 (64-bit)
•Red Hat Enterprise Linux 5 Update 2or higher(32-bit and64-bit)

Following are the platform for endpoint agents:

•Windows XP Pro SP2 or SP3 (32-bit)
•Windows Vista Enterpriseor Business SP 1 or SP2 (32-bit)
•Windows 7 Enterprise, Pro, or Ultimate (32and 64-bit)
•Windows Server 2003 SP2 or R2 (32-bit)

Hardware specifications are average with 16 to 32 GB of RAM. Disc space requirement is dependent on the 'rule' and generosity of rule.

I hope I have provided concise information which can be useful for beginners.

Statistics
0 Favorited
6 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Feb 20, 2012 05:04 AM

for symantec DLP whether we can get any trial for testing..

Feb 14, 2012 09:40 PM

Thanx for the share!!

Related Entries and Links

No Related Resource entered.