Video Screencast Help

Benefits of DLP integration with other Symantec Products

Created: 12 Sep 2012 | 17 comments
jawad1987's picture

Hi,

Can I have a document or link detailing exact benefits of Symantec DLP integration with other Symantec products like Symantec Endpoint Protection, Symantec Web Gateway, Symantec Mail Gateway, PGP, SIM, CCS etc

Comments 17 CommentsJump to latest comment

don_berlin's picture

If anyone has such a document, I would be extremely interested in reading it, as well. I often hear of the benefits of such integration, but I have not read a document that brings all of the features/functions/benefits together to help one make an informed decision. Thanks, jawad1987, for posting this request.

jjesse's picture

I don't htink this is such a document or link but I know there are a lot of integration points between DLP and other Symatnec products but let me try and put together a list off the top of my head:

  1. PGP + DLP:  You can trigger through a response rule encryption, either by moving a file w/ NEtwork Protect to a folder protected by NetShare or Network Protect can Encrypt an email w/ integration between PGP + DLP
  2. DLP + Enterprise Vault:  Network Protect can move a file that creates an incident to a folder that Enterprise Vault watchs and can "vault" that file
  3. DLP + SSIM:  There is a plugin for SSIM (Symantec Security Informaiton Manager) that allows data from DLP to be integrated into the collecftion that SSIM is already using.
  4. DLP + SEP:  SEP agent can track the content of the file, and DLP can track the Context of the file. SEP allows for blocking removable media or limiting to a corporate USB drive, etc... DLP makes sure the data that is being copied to the approved drive isn't confidential
  5. Symantec MDM (Mobile Device Management) + DLP:  MDM enforces a policy that forces an iPad, iPhone through VPN to leverage your DLP infrastructure
  6. Altiris + DLP:  Integrated component for deploying and managing the Endpoint Agent, reporting on the ENdpoint Agent
  7. IT Analytics + DLP: Provides pivot table (cube based) reporting on DLP information.  Allows for reporting against multiple Enforce platforms
  8. Symantec Workflow + DLP:  All kinds of things with a workflow based product.  The new API in 11.6 provides all kinds of awesome things that can be done

I'm sure there are others but that is just off the top of my head, let me think for a bit longer and see what crazy things I come up with.

Jonathan Jesse Practice Principal ITS Partners

stumunro's picture

I have a power point showing all the integration that i would be happy to share and I discuss why you should use the products.. I would be more then happy to list it here, give me a day to put it all together and ill post it

 

ARRKNINE's picture

@jjesse - Nice DLP product integration list.

There ia another DLP integration with Enterprise Vault for email classification.  In DLP terms it is called the Classification Server. The details should be in the standard documentation pack.

http://www.arrknine.com

 

jawad1987's picture

@jjesse

Thanks this is pretty good list. Hoping for more crazy thoughts smiley

 

@stumunro

I will really appreciate if you can share that presentation here with the rest of us. One of our big client is repeatedly asking me for it. .

stumunro's picture

Jawad,

 

Here is the slide i am referencing, i also have what is supported in a virtual  enviroment also

 

AttachmentSize
integration.pptx 182.99 KB
stumunro's picture

Jawad,

 

you may also want to look at protection center also it brings it all together from a threat security overview comnpiance level also

https://www.symantec.com/protection-center/system-...

jawad1987's picture

@stumunro

Thanks but i already had this slide and was hoping that maybe you have something different which gives detailed and specific benefits. I heard from Symantec that they are making such document and it will be in November i think.

kishorilal1986's picture

Hi all,

 

Thanks for sharing this will encourage to get benefitted more symnatec produts.

 

stumunro's picture

Jawad,

 

its in my head honestly using the other products, is there smoething specific you are looking for?

are is it a more general broad picture to paint.. i hardly ever use the slide i talk more about the products or discuss with clients if i see a opportunity.

Kashif Sohail Abid's picture

Hello and hi All,

 Jawad thanks for putting up the question Jawad, facing the same issue need to give the same presentation to client in which he is asking for how to integrate DLP and PGP like on what points they can be integrated, what are the components that can conflict. Do we need any third tool to have combine features of DLP and PGP.

Urgent response will be highly appreciated.

 

Regards,

Kashif Sohail

SKype: kashifsohailabid

jjesse's picture

What Parts of PGP does the customer have?  Does he have NetShare? THen use a FlexRespone to encrypt a folder that has content on it...  Or you could use FlexResponse to trigger an encryption of an Endpoint.

 

No need for 3rd party

Jonathan Jesse Practice Principal ITS Partners

Kashif Sohail Abid's picture

well scenario is that

1. User wants that his whole disk data should be encrypted along with he should put DLP in for checking email attachments as well. can they both be used together? if any limitation then what is that?

2. Second user wants that all the emails should be encrypted now if all the emails are encrypted how come DLP will monitor email traffic ? What should we keep the traffic flow?

3. How do DLP network module can be integrated with HTTP, HTTPS, SSL protocol traffic which would be enrypted under PGP plateform.

4. From where can i get the best practices of PGP AND DLP Integration as i believe both of them can join to make highly secure enviroment but what should be the BEST PRACTICES approach for it.

 

 

Regards,

Kashif Sohail

jjesse's picture

Had an awesome response typed out and accidently closed the browser window

If a user has encrypted an email before sending it out DLP cannot currently inspect it, though I wouldn't be surpised if shortly as long as the user has encrypted the email w/ the key stored on the Universal Server there will be a way for DLP to inspect it.  Things are gettting integrated that well.

If a user has the Endpoint agent installed and configured it should be inspected before encrypting at the application layer.

I don't know if there is an official best practices approach/guide for integration, but would something that needs to be created and documented.

Jonathan Jesse Practice Principal ITS Partners

Jana.T's picture

Hi Kashif,

did u get any answers regarding this issue?

i'm also interested to combine pgp with dlp email protection.

Jana

stumunro's picture

Jawad,

 

have you looked @ flex response rules. I also have attached the flex response rule dev guide.

as for the email encryption, i would let PGP email or MEssage gateway do the mail encryption

 

Kashif,

under PGP there are a couple options WDE or Netsahre, netshare allows you to encrypt certain files folder and extensions. WDE is excatly as it says... I prefer message gateway over pgp mail as it gives a few other options as it also integreates into protectin center. This is going to be more important as forefront will cease to exist and SWG and Message gateway are great replacements.

 

AttachmentSize
Symantec_DLP_11.6_Server_FlexResponse_Platform_Developers_Guide.pdf 625.46 KB
kishorilal1986's picture

Good question asked and got lots of knowledge and advantage of DLP integration