Data Loss Prevention

 View Only

  • 1.  single tier vs two tier dlp policy

    Posted Aug 10, 2016 08:33 AM

    guys, whats exactly the difference between those two?



  • 2.  RE: single tier vs two tier dlp policy
    Best Answer

    Posted Aug 10, 2016 11:36 AM

    Hello,

    Normally in a two tier policy the agent/machine will require connection to the endpoint server to extract the information and then generate an incident (happens in fingerprinted policies such EDM, among others). If there is no connection the agent will store the information to process it later. In a single tier policy the incidents will be generated no matter the agent/machine is connected to the server because the agent extracts the information alone, without need of server connection.

     

    Regards,

    Morgado



  • 3.  RE: single tier vs two tier dlp policy

    Posted Aug 10, 2016 02:20 PM

    Sorry to disagree with the last post but that's not an accurate statement

    Within Symantec DLP there are three different ways a DLP system can be configured

    • ​Single Tier Install: The Oracle Database Server, the Enforce Management Server and a Detection Server are all installed on the same system.  Also all Detection Types you are licesend for can be on the same box very easily.
    • Two Tier Install: The Oracle Database, Enforce Server on the same box and the Detection Server(s) on a separate box(es)
    • Three Tier: Each portion is on a seperate system​

    The only way to get a single tier install is to get that in the install.  There is an option during the installation to choose a single tier installation.

    You can add additional detection servers to a single tier Enforce server if you would like.



  • 4.  RE: single tier vs two tier dlp policy

    Posted Aug 10, 2016 04:28 PM
    I believe Morgan got it right. Was looking for single/two tier policies meaning, not installation. Thanks for the feedback.