Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

4.5 Cools Things in Data Insight 4.5

Symantec Data Insight 4.5 is out, here are 4.5 things I think are pretty cool in this product release
Created: 12 Jun 2014 • Updated: 12 Jun 2014
jjesse's picture
+2 2 Votes
Login to vote

Symantec Data Insight (DI) can help customers who struggle with identifying data users and owners for their unstructured data.  DI helps a customer answer the following questions:

  1. Who owns the data?
  2. Who is responsible for remediation of that data?
  3. Who has seen the data?
  4. Who has access to the data?
  5. What data is most at-risk?

So what's new in Data Insight 4.5?  Here are 4.5 (get it?) awesome things about this release:

  1. Self-service portal to make remediation easier:  A portal that allows data owners and/or custodians of data to be able to remediate items directly potentially without the need for IT Security.  Actions can come from either the Data Loss Prevention (DLP) Portal or from Data Insight Management Server depending on the workflow.  

            A customer can create workflows that are specific to their own environment or use one of the pre-defined             workflows such as:

  1. Entitlement Review: Review the user permissions on the folders and suggest changes to the permissions
  2. DLP Incident Management: Review policy actions and take actions on the files that violate DLP policies without having accounts on the Enforce (DLP Management) Console.  Actions are Smart Response Rules that are used to remediate the items that violate a DLP Policy.  An example would be triggering a Smart Response Rule to Encrypt that specific file
  3. Ownership Confirmation:  Confirm the ownership of files or folders.  DI will infer the ownership of a file, this lets you confirm the file is actually yours.

             This portal will be installed on a separate server from the Data Insight Management Console and requires                DLP 12.5 or higher to be installed

  1. Additional supported platforms for filers:  Data Insight 4.5 now supports the monitoring of NetApp Cluster-Mode, EMC Isilon, Windows Server 2012 devices.  DI supports the Common Event Enabler version 6.1 or later to fetch the access information from the filer.  Table 2-4 in the Data Insight Release Notes covers the supported platforms for DI 4.5.
  2. Enhanced Reporting with Data Insight:  There have been improvements and changes to the reporting with the addition of some enhanced reports including:
    1. Reports based on User Reporting including the ability to track unresolved or migrated SIDs
    2. Additional charts and statistics to help understand what is happening on the Data Insight server(s) in your environment
    3. A Health Audit report that runs automatically at 5am that help you and Symantec Support (if needed) understand any issues in the Data Insight Environment
  3. Enhanced data owner computation: Data Insight can calculate the owner of a file and then populate that within the DLP console.  In DI 4.5 we can exclude deleted or disabled users (or their SID) when calculating the actual Data Owner.  However if you would like to still display this you can show on the Inferred Owner report.

                 4.5 Data Insight now provides an API specification for the Data Insight Query Language (DQL):  The DQL                                       provides a way to extract and interface with Data Insight data.  This is now available via an API so you can                           integrate with 3rd party applications.