How to Keep track of who accessed the Confidential data via DLP
Created: 03 Dec 2012 | 12 comments
Hi , I need the reply very urgently as my mgmt. is aksing . Is it Possible to keep track of a Confidential File via DLP.Keeping track means ,who accessed it ,who read it and who modified it .
Discussion Filed Under:
Comments 12 Comments • Jump to latest comment
HI,
Auditing/Monitoring of User Activity in DLP
https://www-secure.symantec.com/connect/articles/a...
Check this thread
https://www-secure.symantec.com/connect/forums/how-track-personal-information-symantec-dlp
Thanks In Advance.
Manish
Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.
Hi
audit log will allow you to know who downloaded confidential file from DLP system or who open incident which contains this file. But if you want to keep track of all action performed on a confidential file, you will need an other system to do so as DLP did not control file activity until someone try to copy/sent it outside of your organisation. DLP discover server (use for data at rest) are able to give you information of who create a file and who last modify it (std windows info) but usually it is not enough for what you want to do.
"Varonis" has a nice tool to do this kind of tracking on file activity (i am sure there is also some other tool but this is the one i use more frequently so i let other people giving you other possibilities).
Regards
once the appropriate policy is configured the incident will show all the information who voilated the policy.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Yes DLP to track of who accessed the Confidential data via DLP but it will not fulfill all your req.like who read it and who modified it .It will give u who accesed and where it has been sent out/tranferred. for getting more detail you should implements data insights supplementary componentof DLP with data ownere dature enable and DRM technolgy.
endpoint discover can get to know about the files, integration with DI will give better picture.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi shybhani,
DI mentions who owns the file, who last viewed , edited .
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Pete,
you bring up a very valid point... most people do not buy DI (data insight) when talking DLP.
DI is a tool with tremendous power, properly configured it will giv eyou wa weatlh of knowledge on the use and access fo the file(s) you are working with on a incident for DLP.
Recommend to use data insight to capture all these information.
Can someone explain the components of a DLP Suite .While going for dlp solution ,we were not told about DLP Insight .is it a plugin or separate product .It will be helpful if some one can explain or mention all the DLP related products avaialble from Symantec .
Hi Subhani,
As u asked about Data Insight, please find details followed by below links
https://www-secure.symantec.com/connect/blogs/new-...
https://www-secure.symantec.com/connect/videos/sa-...
https://www-secure.symantec.com/connect/videos/sm-...
https://www-secure.symantec.com/connect/videos/imp...
I am sure now u will get answer of ur query
these are integrations for DLP. Like you can integrate EV , SMg, CCS along with the DLP.
You contatct the Symantec partner or sales for more information on this.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Would you like to reply?
Login or Register to post your comment.