Video Screencast Help

How to Keep track of who accessed the Confidential data via DLP

Created: 03 Dec 2012 | 12 comments

Hi ,  I need the reply very urgently as my mgmt. is aksing . Is it Possible to keep track of a Confidential File via DLP.Keeping track means ,who accessed it ,who read it and who modified it .

Comments 12 CommentsJump to latest comment

stephane.fichet's picture


 audit log will allow you to know who downloaded confidential file from DLP system or who open incident which contains this file. But if you want to keep track of all action performed on a confidential file, you will need an other system to do so as DLP did not control file activity until someone try to copy/sent it outside of your organisation. DLP discover server (use for data at rest) are able to give you information of who create a file and who last modify it (std windows info) but usually it is not enough for what you want to do.

 "Varonis" has a nice tool to do this kind of tracking on file activity (i am sure there is also some other tool but this is the one i use more frequently so i let other people giving you other possibilities).


pete_4u2002's picture

once the appropriate policy is configured the incident will show all the information who voilated the policy.

kishorilal1986's picture

Yes DLP to track of who accessed the Confidential data via DLP but it will not fulfill all your who read it and who modified it .It will give u who accesed and where it has been sent out/tranferred. for getting more detail you should implements data insights supplementary componentof DLP with data ownere dature enable and DRM technolgy.

pete_4u2002's picture

endpoint discover can get to know about the files, integration with DI will give better picture.

kishorilal1986's picture

Hi shybhani,

Symantec Data Insight helps organizations solve the problem of identifying data owners and responsible parties for information in spite of incomplete or inaccurate Symantec Proprietary and Confidential
metadata or tracking information. This helps support large-scale busines owner-driven remediation processes and workflows.
Data Insight can provide the following information:
■ Who owns the data
■ Who is responsible for remediation
■ Who has seen the data
■ Who has access to the data
■ What data is most at-risk
■ Frequency of usage of data
About audit logs
Symantec Data Insight collects and stores access events from file servers and SharePoint sites. These access events are used to analyze the user activity on various files, folders, and sub-folders for a given time period. The audit logs provide 
detailed information about:
■ Users accessing the file or folder
■ The file type
■ The access types such as:
■ Read
■ Write
■ Create
■ Delete
■ Rename
■ Security Event - The security event is logged when the access control entries
of a file or folder are changed. This event helps to identify who changed
the permissions.
For more details find the Symantec Data Insight User's Guide reference. I am sure above will answer all required query that you have asked
stumunro's picture


you bring up a very valid point... most people do not buy DI (data insight) when talking DLP.

DI is a tool with tremendous power, properly configured it will giv eyou wa weatlh of knowledge on the use and access fo the file(s) you are working with on a incident for DLP.

patriot3w's picture

Recommend to use data insight to capture all these information.

Subhani's picture

Can someone explain the components of a DLP Suite .While going for dlp solution ,we were not told about DLP Insight .is it a plugin or separate product .It will be helpful if some one can explain or mention all the DLP related products avaialble from Symantec .

pete_4u2002's picture

these are integrations for DLP. Like you can integrate EV , SMg, CCS along with the DLP.

You contatct the Symantec partner or sales for more information on this.