Data Loss Prevention

 View Only

  • 1.  DLP Web Archive

    Posted Jan 05, 2012 04:00 PM

    Hello,

    What is this web archive component and how is this useful?



  • 2.  RE: DLP Web Archive

    Posted Jan 05, 2012 06:11 PM

    Web Archive adds a great deal of value to the placement of Symantec DLP.

    A web archive contains incident information and the native source. Archives can be generated based on any filtered report you can design. Once the archive is available post collection handling and analysis can begin.

    I like the use of Web Archive for case management also. This allows the security team to take a relevant set of information and make use of the findings either by raising an investigation or eliminating from the collection process.

    In each organization the effort to get permission to store and review production grade data will be different. Start early in the process.

    One last note: The data collected can be used for improving subsequent policy modifications to make sure false positives remain false positives and false negatives are kept at a minimum.

    Other than that they are not very useful...

    Remember to contain and protect your data because these web archives are in the clear.



  • 3.  RE: DLP Web Archive
    Best Answer

    Posted Jan 05, 2012 11:23 PM

    DLP Web archive feature is available for archiving the incidents with attachments. Different roles should be given for archiving the incidents. An archive can be seen as offline copy of actual incidents.

    An archive allows personnel without direct access to Symantec Data Loss Prevention to study incident data, drilling down into individual incidents as needed.

    You cannot archive summary reports or dashboards.

    • An archive cannot be summarized like a normal report.

    • An archive contains no filters, so it may be difficult to locate a specific incident in an archive containing a large number of incidents.

    • Exporting an archive of incidents does not remove the incidents from the administration console.

    • You can export only one archive at a time.

    Export Web archive is a user privilege that must be assigned to a role. You can export web archives only if your role provides access to this feature. Since role access also determines what information is contained in incident reports, it also applies to archiving those incident reports. The information that is contained in the archive you create is the same information contained in the original incident report.

    Hope this provides you the required information.