Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

DLP POC

Created: 25 Feb 2013 • Updated: 07 Mar 2013 | 10 comments
Atif's picture
This issue has been solved. See solution.

Hi Guys,

I need some feeback regarding conducting DLP POC.

1. I know Symantec has pre-built demo VM but those are only for Symantec employees. In that case what is the best approach to cover DLP topics with limited hardware resource to include Oracle, Enforce and all other detection servers?

2. How many detection servers should be added for a POC? Should we deploy/use all disvocer servers or Endpoint is good enough for POC?

3. How can we demonstrate Network Prevent for Email and Web capabilit if client does not have test bed environment for web and email proxies?

4. Is there any guide/script available for POC which we can follow to ensure proper sequence?

Regards,

 

Operating Systems:
Discussion Filed Under:

Comments 10 CommentsJump to latest comment

Atif's picture

Anyone please?

 

stumunro's picture

Atif,

 

I do a lot of POC's in vmware, first you have to decide what componet(s) does the client want. We will setup a netowrk monitor, 99% of the time we do not do a np for web or email as things will have to be undone when we leave. 

 

I will usally do endpoint and network discover on 2-3 servers and a sharepoint server. 

 

 

Atif's picture

Thanks stumunro. So you build your own VM from scratch by installing OS and DLP software? Do you deploy those VMs on a server or use your own laptop?

stumunro's picture

Atif,

we use their vmware infrastructure, we use our prebuilt vm's and then just change ip ddresses. We also do have physical hardware. most clients like the vmware for a POC as they just kill their vm's when do and they know no IP or whatever they are concerend about didnt leave with us...

Atif's picture

Thanks stumunro. Is it possible for you to share VM as it would save me lot of time?

pete_4u2002's picture

may be you can also check with your local Symantec team for more information.

kishorilal1986's picture

Hi Atif below is Support for VMware

For Q 1 & 2 best approach to cover DLP topics with limited hardware resource to include Oracle and detection servers should be added for a POC

•Two virtual machines (VMs)
•“EnforceDemoX64 (v11)” – Contains Enforce, Oracle, and
a detection server
•“Windows 7x64 (v11)” or “Windows 7x32 (v11)” (“Endpoint”) – Contains DLP Endpoint Agent
•SE Laptop Requirements
•90GB of disk space
•8GB RAM (recommended)
•VMware Workstation 7.x or higher
 
•Use images on SymDemo
•Check with your Channel Account Manager (CAM) for details
•Create VMs using NFR license key supplied by Symantec

For Q 3 & 4 demonstrate Network Prevent for Email and Web capabilit and guide/script for demo

Policies

–Detection Rules
–Response Rules

Live incidents for

–Network DLP – Network Prevent
–Endpoint DLP – Endpoint Prevent and Discover
–Storage DLP – Network Protect

Workflow/RBAC

Reporting

Be familiar with the resources available for customer demos, including the Demo Script, the Evaluation Workshop Presentation, and the Demo VMs.

SOLUTION
stumunro's picture

Atif,

 

sign into symantec educaitona nd look @ the SSE SSE+ exams... this wiill help then moveonto the STS and ASC exams...

kishorilal1986's picture

Hi Atif,

with supplement to above my answer , I would like to guide u regarding POC for DLP.

For POC u need to create test environment with some kind of production environment. As u know only symantec employee having VMware of DLP.

But As u are symantec partner, u can request for Not for sale/evalution software of DLP to perform DLP POC for client . U can do this with min. hardware and software req. as i mentioned in above responce.

I hope this will suffice to getting idea for DLP POC.

stumunro's picture

KS Sharma

 

whay not build your own vmware, i use this all the time for a POC with client.

I generally do discover scans, endpoint, i do not get into NP for web and email or network monitor..as those will require a client to do change control and network reconfigs...