Symantec DLP facts

mihai.dobos's picture
mihai.dobos
October 23rd, 2009

Hello,

Can someone direct me to a detailed technical data sheet for DLP products?
I'm interesed in:
- 64-bit OS support for monitoring/disocover/mgnt/etc servers
- support for agents on mobile devices, like blackberry or symbian
- latency, throughputs, other performance issues.

Can someone send me some info?

Best regards,

Mihai

Filed under: , , , ,
0 votes
jjesse's picture
jjesse
4 weeks 6 days ago

Currently there is no 64-bit

Currently there is no 64-bit agent for Endpoint as far as I know, trying to get the offical word but as far as i understand on the endpoint side it is 32-bit only.  Will double check that

Also there is not a supported agent for mobile devices, yet I have heard that it is on the roadmap.

For data rest it does not matter whether or not the server is 64-bit or 32-bit as you doing the scanning against  the file share/database/etc... 

A lot of the performance issues/throughputs/latency all depend on how you set things up and also what product within DLP you are talking about as well (Data in Motion vs Data at Rest).

Each DAR scan can be throttled and scheduled around backup windows, work hours, etc.

Drop me a note if you have further questions or would like to talk in person

Jonathan Jesse
Practice Principle
ITS Partners

0 votes
Jim - DLP Support Team's picture
Jim - DLP Support Team
1 week 6 days ago

x64 info, mobile device, and performance

-We can scan againist 64bit shares and databases, however Enforce, EDPA and Detection servers must remain on 32-bit OS.
Article ID: 50079 Network monitor does not show traffic on RHEL x64
Article ID: 42256
Can Vontu run on a 64 bit OS?
Applies To

 
 
• Vontu Installation/Upgrade
Problem Summary

 
 
If you have a 64-bit OS installed, will Vontu run on it?
 
Solution

 
 
Vontu does not currently support 64-bit OS. You can run on 64-bit hardware, but the OS must be installed as 32-bit.

-Mobile device support is currently not available
-Discover Performance/throughput:  See - Symantec DLP Network Sizing Guide KB 46671 https://kb-vontu.altiris.com/article.asp?article=46671&p=4

Public Article ID: 49240
Discover Performance Troubleshooting
Applies To

 
 
• Vontu Discover Server
 
 
Problem Summary

 
 
My Discover Scan is slower than I would expect. How can I determine where the bottleneck is?
 
Solution

 
 
In general, the performance bottleneck for Discover scans is the transfer to the Discover machine.  Linux Discover processes are 1/3 slower than Windows. 
  1. Setup your target
  2. Check your policy groups.  Are there any empty policy groups?  This will affect Discover performance.
  3. Run the scan for 10 minutes, keeping an eye on CPU usage on the Discover machine. Then pause the scan. Calculate the scan rate in GB/Day using the information on the Scan Detail page.
    • If it is at least 250 GB/Day then all is good.  Resume the scan. 
    • If it is much less than 250 GB/Day go to step 4.
  4. Was the CPU usage on the Discover machine close to 100% during the 10 minutes of scanning? 
    • If so, you are probably limited by cracking.  Check to see if the target has a lot of XLS and/or PDF files.  If this is the case, there is not much that can be done except add more hardware. 
    • If CPU was not maxed out, go to step 5.
  5. Manually copy 2GB worth of representative files from the target to the Discover machine and calculate the transfer rate.  (It is important to copy the actual files that you will be scanning as the average file size has a big impact on transfer rates.) 
    • If this rate is slower than 300 GB/Day, then you are probably limited by network issues.  Check NIC settings and make sure they are compatible with the relevant switch settings.  Check number of hops and move Discover closer to target if possible. 
    • If the rate is greater than 300 GB/Day go to step 6
  6. Turn off collection of ACL and Owner information.  In Crawler.properties, set filesystemcrawler.collectaclandowner = false.  Restart the Discover monitor.  Run the 10 minute test again. 
    • If this solves the problem, then you need to weigh the value of scan rate vs security meta-data.  Collecting the extra meta-data takes time and there probably isn't anything that can be done to speed it up.
 

____________
Jim Martin | Sr. Technical Support Engineer |
Data Loss Prevention, Symantec
http://go.symantec.com/vontu

Looking for something else?
Chances are you can find it in our Knowledgebase
https://kb-vontu.altiris.com

Symantec Corporati

0 votes