Data Loss Prevention

I am curious if anyone is using any prevent or quarantine and if so for what  protocols.  Did you run in to any issues?

We use Network Prevent for Email.  It has worked well for us without any real problems.  Make sure that you have sufficient redundancy in your infrastructure so that your outbound email wouldn't be interrupted by a single Prevent server failure.  We've had Prevent servers hang from time to time due to communication problems with Enforce.  If the services on the Prevent server happen to recycle during those communication problems, outbound email stops if your infrastructure isn't designed to route around the problem server.

We have been using Prevent for email since late 2007.  We chose to include that with our original DLP implementation for PCI compliance reasons.  Our support team did a good job planning for the redundancy we needed, but we also made a "policy decision" that included agreement to use a "fail open" emergency response if we ever hit a problem that interrupted our critical email flow.

So far, our support team has been able to avoid such a "drastic" measure. They've watched for queues and managed managed the performance very well.    ;-)

We are exploring implementing Prevent in conjunction with Ironport but I cannot find any integration guides or other helpful documentation.

Can any one point me to some relevent information or share their experiance?

Thanks

No special configuration to intergrate the DLP Prevent with your Ironport. Just keep in mind that the DLP Prevent works like a MTA, it scans the Email content that send out from your cooperation domain, then forward the Email to the next hoop.

symantec does not provide an integration guide for Cisco Ironport.  What they want you to do is refer to the cisco ironport product documentation for help.  It's compatible with Cisco Ironport S-Series Proxy servers, and the supported protocols are Http, https,ftp over http.