Data Loss Prevention

 View Only

  • 1.  Implementation of Network Components

    Posted Jan 12, 2010 03:18 AM

    Hi,

    I have a requirement to implement all the Network components (Network Monitor, Prevent Email and Prevent Web) across a small Enterprise.

    My understanding is that it is enough to install one Detection Server and configure it to act as all the above said 3 components or do we need to install 3 separate Detection Servers, each of which will be serving as each of the above said components?


    - Naren



  • 2.  RE: Implementation of Network Components

    Posted Jan 12, 2010 03:44 AM
    You will not be able to use 1 server to match all of the requirements.
    The Network Monitor must be a standalone server for 2 reasons:
    1) The server has a lot of work to do regarding to the analysis of every packet travelling inside the network.
    2) The server is inside the corporate network while the Prevent Mail & Web are designated to be on the DMZ, it would be a security risk applying Network Monitor and the Prevent servers.

    About the detection servers:
    The prevent servers could be together when using Symantec DLP 10 and it will be supported.
    Symantec does not support the use of 2 Detection server's upon a single server in version 9 as far as i recall.






  • 3.  RE: Implementation of Network Components

    Posted Jan 12, 2010 04:14 AM

    Thanks for your response Naor.

    Even using prevent servers together may throw some performance issues, I guess.

    - Naren


  • 4.  RE: Implementation of Network Components

    Posted Jan 12, 2010 05:23 AM
     I forgot to mention That there will be Preformance issue's which is obvious.
    When you say a "small enterprise", what do you mean? how many clients? across how many sites?

    Kind Regards,
    Naor Penso


  • 5.  RE: Implementation of Network Components

    Posted Jan 18, 2010 11:31 PM

    Hi,
    Can you please help me on the following questions?

    1. Is Prevent Email a standalone software that can be installed to connect to Brightmail?

    2. As for the issue of one good sender and one good recipient, the mail goes through. And for one good sender and one bad recipient, the mail gets block. These two conditions works fine. Now if i have one good sender and two recipients, one good and one bad, in brightmail both recipients gets the mail which was supposed to be blocked. Question: Can Prevent mail module in Vontu  do this task?

    Awaiting your reply.

    Regards,

    Anton



  • 6.  RE: Implementation of Network Components

    Posted Jan 20, 2010 04:46 PM
    1. Network Prevent is not a standalone software. you will have to install an Enforce Server in order to control over the Network Prevent Server.
    2. I am pretty certain the the Prevent server cannot not drop recipients from a mail. It could drop the entire message, or allow the entire message by domain filtering, but recipient altering is a feature i dont believe possible.
    Regards,
    Naor Penso