Data Loss Prevention

 View Only
  • 1.  Licensing DLP Network Prevent/Monitor for less users than total network users

    Posted Oct 15, 2013 09:56 AM

    Hello,

    My customer has up to 5000 network users. But they only have budget (this year) to protect 50 VIP users on their laptops and 200 important users for network communication. We suggested to have Endpoint Prevent and Endpoint Monitor for those 50 VIP users, but we need to know what to do about network users. Although the "easy" way is to license 200 users of Network Prevent and Network Monitor, we don't know how this is gonna work.

    Network Prevent and Network Monitor would be placed at perimeter, since those 200 users are not in the same VLAN and change their location from one to another without notice; they are mixed with the other 4800 network users. Network Prevent and Network Monitor have the ability of "knowing" which 200 users have to inspect? Will Network Prevent and Network Monitor work for 5000 users although it is licensed for only 200? Will Network Prevent and Network Monitor protect the first 200 users passing by (even if they are not the ones we want to protect) and let the other 4800 send any information they want?

    Maybe, in the next year, my customer will be able to increase licenses on Network Prevent and Network Monitor, but today they only want to protect 200 users.

    What can be done to accomplish this? It is better to forget Network Prevent and Network Monitor and suggest Endpoint for the 200 users?

    Thanks in advance.

     



  • 2.  RE: Licensing DLP Network Prevent/Monitor for less users than total network users

    Trusted Advisor
    Posted Oct 15, 2013 11:01 AM

    Hi,

     Check with your symantec representative but for some customer they agree to build licensing model on number of user included in a profiled DGM and not on exact number of user on network. So in this case you could use network monitoring or prevent.

    If your representative does not agree, you will have to use endpoint or ask network team to find a way to only send to DLP detection servers traffic from VIPs.

    Technically there wont be any issue as network monitor and prevent dont count by themself number of user monitored.

     Regards.



  • 3.  RE: Licensing DLP Network Prevent/Monitor for less users than total network users

    Posted Oct 17, 2013 01:04 AM

    From a licensing perspective, this is a trust based license and will work seamlessly (irrespective to the number of user licenses procured).

    From a compliance perspective, this may work in the below manner:

    • Endpoint Prevent - Deploy the appropriate number of clients, thus ensuring that the licenses are in compliance
    • Network Prevent/Monitor - Subject to the customer infrastructure, this may be achieved if the concerned users data can be routed via a dedicated Network Proxy, MTA or Switch.

    At an MTA level, this may be possible via SMTP routing rules thus addressing Network Prevent - Email.