Data Loss Prevention

 View Only
  • 1.  multi location solution

    Posted Oct 01, 2013 04:55 AM

    Hi

     

    We're facing a scenario in which customer has multiple locations each with separate administration. They want to have central management and view over all locations from their HQ. Can anyone suggest a installation solution?

    BTW, can DLP Analytics connect to multiple installations at once?

     

     



  • 2.  RE: multi location solution

    Posted Oct 01, 2013 05:53 AM

    There are two management aspects of DLP:

    • Technical System Administration - This is centralized and cannot be done on a granular basis
    • Incident Management - This is comething that can be done in a granular manner. You may create seperate roles for different sites/departments etc so that they may manage their own respective incidents.

    I have done a similar deployment for one of our customers, who were okay with System Administration being driven centrally.



  • 3.  RE: multi location solution

    Posted Oct 01, 2013 05:55 AM

    btw,, in this case we had a single Enforce server and multiple Detection servers in different sites. One of the important considerations here, is the bandwidth across the different sites.



  • 4.  RE: multi location solution

    Trusted Advisor
    Posted Oct 01, 2013 06:48 AM

    hello

     I suggest you to have one enforce server and manage seggregation through different profiles.

     in future version, symantec should manage federated enforce which will really be an improvement for huge  international company which have to be compliant with different laws and regulations.

     Regards.



  • 5.  RE: multi location solution

    Posted Oct 01, 2013 08:55 AM

    Hi Everyone,

    Thanks for all comments. So, from what I understand, the only working solution is install enforcer server in HQ and install detection server in branches. Right?

    About bandwidth requirement, how much bandwidth is needed? Is there any latency constrains?

    Does anybody know anything about Analytics question?



  • 6.  RE: multi location solution

    Broadcom Employee
    Posted Oct 01, 2013 09:05 AM

    Thanks for all comments. So, from what I understand, the only working solution is install enforcer server in HQ and install detection server in branches. Right? yes

    About bandwidth requirement, how much bandwidth is needed? Is there any latency constrains?

    bandwidth is importanat as detection server will send its incident to enforcer as well polcies are pushed and it requires good bandwidth.

    IT analytics , will you use for agent management ?

     

     



  • 7.  RE: multi location solution

    Posted Oct 01, 2013 10:47 AM

    Hi Pete,

    Ok. What exactly is "good bandwidth"?

    for IT Analytics for DLP, I thought that if it can get reports from multiple servers then we install separate enforcer in each site and collect reports centrally. Is it possible?



  • 8.  RE: multi location solution

    Trusted Advisor
    Posted Oct 01, 2013 11:08 AM

    for bandwidth, it really depends number of incident you will generate and will you deploy only network probes, endpoint, discover ?

    For It analytics, take care that you have no view on incident content and cannot manage DLP. For example you cant define and share easily policies between your different DLP detection server.



  • 9.  RE: multi location solution

    Posted Oct 02, 2013 11:22 AM

    Hi Stephane,

    Do you know how much bandwidth (or data) is required per incident?

    for DLP Analytics, the idea is in HQ they connect to separate installation individually for admin purposes. But for viewing reports they need single, consolidated solution. I want to make sure if DLP analytics can connect and collect data from separate installations....



  • 10.  RE: multi location solution

    Trusted Advisor
    Posted Oct 03, 2013 08:06 AM

    hi reza

     

     DLP incident size is more or less equivalent to email size as email is included in the incident.

    But there is other objects which goes from enforce to monitor and vice and versa like :

    - Policies

    - Index files (even if you dont use them on this monitor they are pushed to it)

    - log files (could be huge if you retrieve log from all time at once)

     

    for IT analytics you have no bandwith issue as it is connected only to your enforce database, so just be sure that both are close. I have never tested to plug it to different database as i need it only for once, but i am afraid there can some issue as different enforce means potentially common incident ID.