Data Loss Prevention

 View Only

  • 1.  DLP POC

    Posted Feb 25, 2013 07:05 AM

    Hi Guys,

    I need some feeback regarding conducting DLP POC.

    1. I know Symantec has pre-built demo VM but those are only for Symantec employees. In that case what is the best approach to cover DLP topics with limited hardware resource to include Oracle, Enforce and all other detection servers?

    2. How many detection servers should be added for a POC? Should we deploy/use all disvocer servers or Endpoint is good enough for POC?

    3. How can we demonstrate Network Prevent for Email and Web capabilit if client does not have test bed environment for web and email proxies?

    4. Is there any guide/script available for POC which we can follow to ensure proper sequence?

    Regards,

     



  • 2.  RE: DLP POC

    Posted Feb 25, 2013 11:38 PM

    Anyone please?

     



  • 3.  RE: DLP POC

    Posted Feb 26, 2013 02:32 PM

    Atif,

     

    I do a lot of POC's in vmware, first you have to decide what componet(s) does the client want. We will setup a netowrk monitor, 99% of the time we do not do a np for web or email as things will have to be undone when we leave. 

     

    I will usally do endpoint and network discover on 2-3 servers and a sharepoint server. 

     

     



  • 4.  RE: DLP POC

    Posted Feb 27, 2013 08:07 AM

    Thanks stumunro. So you build your own VM from scratch by installing OS and DLP software? Do you deploy those VMs on a server or use your own laptop?



  • 5.  RE: DLP POC

    Posted Feb 27, 2013 08:44 AM

    Atif,

    we use their vmware infrastructure, we use our prebuilt vm's and then just change ip ddresses. We also do have physical hardware. most clients like the vmware for a POC as they just kill their vm's when do and they know no IP or whatever they are concerend about didnt leave with us...



  • 6.  RE: DLP POC

    Posted Mar 01, 2013 12:54 AM

    Thanks stumunro. Is it possible for you to share VM as it would save me lot of time?



  • 7.  RE: DLP POC

    Broadcom Employee
    Posted Mar 01, 2013 01:30 AM

    may be you can also check with your local Symantec team for more information.



  • 8.  RE: DLP POC
    Best Answer

    Posted Mar 02, 2013 11:43 AM

    Hi Atif below is Support for VMware

    For Q 1 & 2 best approach to cover DLP topics with limited hardware resource to include Oracle and detection servers should be added for a POC

    •Two virtual machines (VMs)
    •“EnforceDemoX64 (v11)” – Contains Enforce, Oracle, and
    a detection server
    •“Windows 7x64 (v11)” or “Windows 7x32 (v11)” (“Endpoint”) – Contains DLP Endpoint Agent
    •SE Laptop Requirements
    •90GB of disk space
    •8GB RAM (recommended)
    •VMware Workstation 7.x or higher
     
    •Use images on SymDemo
    •Check with your Channel Account Manager (CAM) for details
    •Create VMs using NFR license key supplied by Symantec

    For Q 3 & 4 demonstrate Network Prevent for Email and Web capabilit and guide/script for demo

    Policies

    –Detection Rules
    –Response Rules

    Live incidents for

    –Network DLP – Network Prevent
    –Endpoint DLP – Endpoint Prevent and Discover
    –Storage DLP – Network Protect

    Workflow/RBAC

    Reporting

    Be familiar with the resources available for customer demos, including the Demo Script, the Evaluation Workshop Presentation, and the Demo VMs.



  • 9.  RE: DLP POC

    Posted Mar 02, 2013 01:35 PM

    Atif,

     

    sign into symantec educaitona nd look @ the SSE SSE+ exams... this wiill help then moveonto the STS and ASC exams...



  • 10.  RE: DLP POC

    Posted Mar 07, 2013 12:40 AM

    Hi Atif,

    with supplement to above my answer , I would like to guide u regarding POC for DLP.

    For POC u need to create test environment with some kind of production environment. As u know only symantec employee having VMware of DLP.

    But As u are symantec partner, u can request for Not for sale/evalution software of DLP to perform DLP POC for client . U can do this with min. hardware and software req. as i mentioned in above responce.

    I hope this will suffice to getting idea for DLP POC.



  • 11.  RE: DLP POC

    Posted Mar 08, 2013 12:22 PM

    KS Sharma

     

    whay not build your own vmware, i use this all the time for a POC with client.

    I generally do discover scans, endpoint, i do not get into NP for web and email or network monitor..as those will require a client to do change control and network reconfigs...