Data Loss Prevention

 View Only

  • 1.  Scanning DLP Questions

    Posted Aug 23, 2016 04:40 PM

    We are begining to do some baseline scanning and I have some concerns. Could anyone help me any of these? Just answer the ones that you can. We are using Symantec DLP 12.5

    Databases
    1.How long does it take to install an agent on databases?
    2.How long does it take to run a test scan and verify?
    3.Are licenses transferrable (for testing)?

    SharePoint Sites scans
    1.Can we run scans against the SharePoint index file vs. the actual site data? 
     
    Network File Shares Scans
    1.Can we run scans against the production backups to identify NPI?  
    2.Can we restrict the scanning by file types?



  • 2.  RE: Scanning DLP Questions
    Best Answer

    Posted Aug 23, 2016 09:19 PM

    In order to run a scan against a SQL server you don't have to put an agent on it.  All you need to do is do an ODBC connection to the database that you are working.  Read the DLP Admin Guide under Network Discover and there is a scanning db file section of things.  

    For SharePoint you do scan the files and not the index.  You would want to scan the actual files to figure out what was actually in the file....

    Yes you can restrict files by type.  So you could ignore all *.VMDK files for example since they may take a long time to scan.  Also if you wanted to scan the backup data to detect confidential data that would work as well.  I have worked w/ several customers that have done that before.  The rpboelm would be when you wanted to quarantine the file or do something via Network Protect you would want to do the protect actions on production data



  • 3.  RE: Scanning DLP Questions

    Posted Aug 24, 2016 09:00 AM

    Jonathan,

    This is most helpful. I will read the section that you pointed out.

    Thank you