Data Loss Prevention

 View Only
  • 1.  Symantec Data Losst prevention

    Posted May 16, 2013 03:04 AM

    Hello, 

    I am new to Symantec DLP and I needed to know some information as we are planning to apply it in our organization. I needed to know if the server saves a compy of the files that created an incident or not as this is very important to us.

    Thank you :)



  • 2.  RE: Symantec Data Losst prevention

    Posted May 16, 2013 03:36 AM

    hi Korani,

    It depends on what is your architecture. On Network monitor and prevents DLP server keeps the copy of the mail and attachements which violated DLP policy in Oracle Database, Also on endpoint it can keep the attachaments if it is configured for that. So these attachemts/files are useful for investigation and verification fo confidentail data.

    Also refer below links for more

    https://www-secure.symantec.com/connect/articles/what-protection-does-symantec-dlp-provide-note-beginners

    https://www-secure.symantec.com/connect/forums/some-dlp-questions

     



  • 3.  RE: Symantec Data Losst prevention

    Posted May 16, 2013 08:37 AM

    Good morning,

     

    I would take a look at the videos here: https://vimeo.com/album/1612870 for more information and I think it does answer you questions.

    Let me know what esle we can help you out with



  • 4.  RE: Symantec Data Losst prevention

    Posted May 16, 2013 04:33 PM

    Please note that the data stored int he Oracle database is encrypted by the application before it is stored. So if the database is subverted, the data is still unavailable.

     

    JGT



  • 5.  RE: Symantec Data Losst prevention

    Posted May 16, 2013 06:41 PM

    1. Data is stored locally on detection servers at the time of capture until it can be shipped to the Oracle DB.  That time is usually about .001-5 seconds depending on your network.  

    2. In the event of a communication failure between any of the detection servers and the Enforce or Oracle database the incidents will be stored locally in a folder called "Incidents" in the installation directory of the product until that connection comes back.

    3.  Incidents are also stored on the endpoint client until the endpoint client can communicate with the endpoint server and send the incidents up to the endpoint server.  

    4.  Network discovers add on Network Protect and Network Prevent for Email have a "quarantine" that can be setup that can also keep sensitive data in a configured area on your network.  Please read the appropriate guide for these options.  

    It would be helpful in the future to know what modules you have so that we can accurately answer your question.  Good luck!