Data Loss Prevention

Hi to all,

A customer has a Symantec DLP 11.6 platform with the following components in place:

Symantec DLP Enforce
Symantec DLP Network Monitor
Symantec DLP Networ Prevent for Web & Email
Symantec DLP Endpoint Prevent (+ Agents)
Additional, the confidential information is based in their mainframe (mainly). Users can connect to mainframe to get information using their desktops computers (running Windows XP or Windows 7).

Customer wants to be able to track how users gets that info over the network. Specifically, customer wants to know when and what informtion was queried by a group of users (This just apply for confidential data).

I´m not sure, but I think that DLP Network Monitor cannot inspect other protocols than HTTP, HTTPS, SMTP, Etc.

Do you think that we can meet their expectations with SYMC DLP?

Goltrek

Hi Goltrek,

Firstly DLP Network Monitor cannot detect any secured data , including HTTPS traffic. Endpoint agents can monitor information through "copy from network share" and "copy to network share" (from windows xp\7).  

Hope this helps.

Thanks,

Sourav

Hello Goltrek,

You may be more interested in Data Insight (DI). This is a seperate product that works outside of DLP to track the owner of files over time, the people who access the file and how they access it. You will need to access the files with NFS or CIFS, or be on another supported platform. That way, when you see a file moving through SMTP/Web Prevent, with Discover, or Endpoint, you can have more incident details about the file owner and the last access time.

Data Insight can give them full reports of all the files and the people who access them. DLP integrates with DI. You may want to talk with your Sales Rep about DI and how it can help you.

I hope this helps. Please let me know if you have any more questions.

Best,

Ryan