Data Loss Prevention

 View Only

  • 1.  network monitor

    Posted Oct 17, 2013 01:03 AM

    Hi Guys,

    please advise, if i only have network monitor installed. can i install agent?

     

    thanks,

    Marj



  • 2.  RE: network monitor

    Broadcom Employee
    Posted Oct 17, 2013 01:26 AM

    network monitor is the monitoring of the gateway. here you need have SPAN /TAP the port to be passed to DLP detection server to sniff the traffic and genrate the incident . however this will not prevent from leakage.

     

    Network Monitor is technically a sniffer which parses the incoiming packets (mirrored or tapped) for content based on polices you create. It cannot do any preventive action.

     

    https://www-secure.symantec.com/connect/forums/diffrence-between-network-monitor-and-network-prevent-technically#comment-9073311



  • 3.  RE: network monitor

    Trusted Advisor
    Posted Oct 17, 2013 01:47 AM

    you must have an endpoint server if you want to have some DLP agent working.



  • 4.  RE: network monitor

    Posted Oct 17, 2013 01:58 AM

    yes correct. i'm sorry for my question.

    it would be like this.:

    scenario:

    1. only network monitor license

    2. if client has no license for endpoint? can this be installed (agent) even network monitor license only??

     

     - i just think that it is not. just wanted to have an assurance regarding on this.

     

     

    thank you. 



  • 5.  RE: network monitor

    Trusted Advisor
    Posted Oct 17, 2013 02:15 AM

    each detection server type (web prevent, email prevent, net mon, net protect, discover, endpoint,...) has its own license so you cannot use network monitor license to deploy endpoint.

    After it depends of your contract with symantec, as symantec also has a flex licensing mode which can allow a customer to buy X thousands license and then select when he needs them for which detection server type it will be used but once it was used you cannot switch it to an other server type.

     



  • 6.  RE: network monitor

    Broadcom Employee
    Posted Oct 17, 2013 02:16 AM

    yes, if only network monitor license is pruchased by the customer they can only use the Network monitor server to sniff the traffic and generates incident.

    Network Monitor delivers passive inspection of all TCP network communications. A copy of the network traffic is routed to Network Monitor through either a SPAN port or a network tap. Network Monitor inspects the traffic searching for confidential data in violation of data loss policies. If a match is detected, Network Monitor generates an incident and forwards the corresponding incident information to the Enforce Platform for reporting and remediation.



  • 7.  RE: network monitor

    Posted Oct 17, 2013 02:21 AM

    Hi Guys,

    but still with or without agent install in the client machine, still network monitor is still working?



  • 8.  RE: network monitor
    Best Answer

    Broadcom Employee
    Posted Oct 17, 2013 02:31 AM

    yes, there is no need of DLP agent. DLp agent works for endpoint.

    This is gateway, which monitors the port ( NIC) for the traffic that goes through.



  • 9.  RE: network monitor

    Posted Oct 17, 2013 02:39 AM

    okay thanks guys :)

     

    cheer! :)