Video Screencast Help

Symantec DLP

Created: 07 May 2014 | 2 comments
nastudillo's picture

Hello all,

I'm new to Symantec DPL and I'm trying to develop some policies for testing purposes.

So far i have the Enforce Server connected to an Endpoint Protection & Discover Server and to a Network Monitor Server. I'm looking to block users from sending email with sensitive data as well to send a notification email when a policy violation is detected.

Operating Systems:

Comments 2 CommentsJump to latest comment

VirgilDobos's picture

Hi there, please have a look through these resources.

Informative links here: 

https://www-secure.symantec.com/connect/forums/dem...

Symantec DLP Knowledgebase:

https://www-secure.symantec.com/connect/blogs/syma...

Let me know if you need further info. Cheers.

Virgil Dobos | Sr. Technical Consultant | Condo-Protego | www.condoprotego.com 

LisaO's picture

This is truly a late comment but basically, developing a block policy is a stepped process :

1. Monitor: to see if it is detecting as it should.

2. Analyze results:   what you are finding? - broken business process, inappropriate employee use, appropriate use that should be used as an exception. Write smart responses to help bucket your results including one that sends a message to employees (prior approval by HR and legal required).

3. Once you have warned employees, used your company's communication vehicles to let people know that a specific behavior will not longer be allowed and provided them with an appropriate way of doing the same thing, then.....and only then......should you put it on block.