Data Loss Prevention

Hi All,

I am new to this community, kindly apologize if this is already answered. One of our customers want to migrate from one DLP product to the other - they need to migrate policies, content blades, finger prints incidents from one to the other. Will symantec support such a migration ?

I don't think so

 

Off the top of my head I don't think there is an easy/supported way to migrate from one DLP product to another.  Sounds like a great opportunity to work w/ your customer on helping them readdress what they are currently using and doing in the exsting product and what they are going to do in the new product.  

WHat is the drive fro the change from the other product to Symantec DLP?

What is the goal in the switch?  

Are their policies they need to migrate over?  I'm pretty sure one product doesn't fingerprint the same as another but could be wrong.

Can the customer keep the existing DLP system running and do the olde fashioned way of copy and paste some of the definitions over?

WOuld be interested to see hwo this works out for you and your customer

 

 

Hi

 Dont think there is an easy (or automatic) way to do that but (is it migration from symantec to other tool, or other tool to Symantec ?) :

- incident : try to export them on one side than process the export to be able to reload it on the other side or just archive them from the first solution with reload them in the new one.

- Policies : quite "easy" for keyword/regexp/.... as quite all tools support this functionality (take care of regexp type (javascript, PCRE,....)). For fingerprint, i hope you kept source document, cause that for sure wont be possible to migrate them.

 

 But migration is always good time to have everyone around table and think about what has been done and what you have to change in order to be more efficient (especially when you change tool, usually it means there was some issues (lack of functionallity,......)).

I think Symnatec will not support to such facility. If there are not satisfied/their requirement are not fulfilling they might expecting from othere product. They have establis whole infrastrture according to new product. The new vendor may help them to get theier expectation and requirement. Also organziation will be benefitted from previous experiences so that new product will mature more faster and efficeint.

I do agree wth all of you that its not straight forward and requires a lot of manual effort. We are not sure of the products which they want to migrate, but a query we have received from one of our customers. Just wanted to get an expert opinion from the DLP community..

ardeep,

As everyone has noted, there is no direct migration path from one product to the next in the DLP vendors. Unfortunately most the vendors create a difefrent product, built differently, scaled, differently, etc. Really the "easisest" path for migration, is true trainign to identify what pieces are similar, where the similarities/differences are, and how to really use the system. In doing this, you will arm the users with the knowledge/power to effectively create these migrated policies/indexes/data identifiers etc.

Judging by the terminology you used, I'm assuming the customer will be migrating from RSA DLP to Symantec DLP. The biggest thing would be to understand the connections between the products as I mentioned. One piece of advice I can offer, is to focus on the data or what they want to find first. I believe someone above referenced it, but it's really an opportunity to stop and re-think through what they need to find. Every DLP product has some differentiators, and there may be something they couldn't do before, that they can with Symantec DLP now. You may also find some things are more easily done/managed in the Syamntec product, and could cut down the work they need to do to recreate the previous deployment.

You could recreate all policies. We are currently developing a solution to migrate all configuration from one Symantec DLP to another (change mangement staging) and I can tell, it is not easy.

But after you have re-created the policies, you could fire all original that the previous tool found through Symantec DLP again. this would recreated the incidents again. Unfortunately they would have other date etc. but that might be a minor issue that can be addressed in the notes.

Rescanning will be easy for DaR, not so easy for DiM Mail (you would have to recreate the mails first), impossible for Network Monitor or DiM Web and impossible to tell for DiU (depending on endpoint profile).

Based on the configuration change tool I mentioned, we could theoreticallcy migrate one tool to another but we would have to understand and adapt the other tool first, and write a migration mapping. This is by far to much effort unless customers really uses DLP as incident management for long running legal cases. But even then, exporting them to another tool or even PDF, should do and is much cheaper.