Symantec DLP understanding and benefit
As I am new to this community and just wanted to know the DLP understanding and benefit so that i can understand it well. I am not properly aware of this product. Can anyone share a notes/PPT/resource to understand DLP.
Thanks in advance
Hi Ansh, Please refer
Please refer below
- Discover—Find confidential data wherever it is stored, create an inventory of sensitive data, and automatically manage data cleanup.
- Monitor—Understand how confidential data is being used whether the user is on or off the corporate network, and gain enterprise visibility.
- Protect—Automatically enforce security policies to proactively secure data and prevent confidential data from leaving an organization.
- Manage—Define universal policies across the enterprise, remediate and report on incidents, and detect content accurately within one unified platform.
- Reduce proliferation of confidential data across enterprise data centers, client systems, remote offices, and end-user machines.
- Identify broken business processes transmitting confidential data.
- Monitor and protect communications of sensitive content to public websites.
- Define and deploy universal policies across the enterprise.
The Vontu DLP system is a complete all around solution,
- Vontu Enforce - the enforce server is the heart of the system. This is the main console of the system where we will define all the rules, control all of the servers, treat incidents and generate reports. (This server is mandatory)
- Vontu Endpoint Server - the endpoint server is responsible to deploy policies to the endpoints on our network. The endpoint server is the server that all clients report to.
- Vontu Discover/protect - the discover/protect server is responsible for scanning the databases and fileservers in the organization. The discover server only has the option to alert on confidential data the is found. The protect server has the ability to do something about the information. The server can either copy the file to another location (still keeping the file in the same location) or quarantine the file, and leave a marker file that will point the employee to the security department.
- Vontu Network:
- Network Monitor - we talked about this server before in Chapter One. This is a server that "taps" in to our network (using mirror/SPAN port) and then analyzes the network traffic.
It should be mentioned that the server is completely passive and has no proactive abilities, it will provide us with valuable information, but it won't stop the data flow.
- Network Prevent (Web) - web prevent has the ability to analyze and block/alter traffic that is going out to the internet/intranet (depending on the location being used).
The server receives traffic using the ICAP protocol from a proxy server.
- Network Prevent (Mail) - mail prevent has the ability to analyze and block/alter mails sent from the organization. The mail prevent server receives mails from the organizational
MTA (Mail Transfer Agent).