Symantec Protection Center (SPC) is a common user interface which lets you centralize data and management of Symantec and third-party security products on one web console. This consolidation provides increased visibility into the status of the security of your enterprise systems by letting you see many aspects of security at one time.
Using SPC you can:
View reports.
View notifications.
Perform remediation tasks.
Configure SPC settings.
Manage integrated products.
SPC leverages the power of the Symantec Global Intelligence Network (GIN) to provide customers with real-time feedback on the security of their enterprise systems, offering information on detected vulnerabilities, known threats within customer networks, and malicious traffic exiting customer networks. SPC also offers intelligent prioritization of security risks to let customers prioritize risk resolution through integration with patching systems and ticketing systems or change configuration settings in the security products.
By integrating Symantec Data Loss Prevention with Symantec Protection Center (SPC), you can administer Data Loss Prevention servers, manage policies, and remediate incidents from within the SPC interface. This single console is especially useful if you have other Symantec products that integrate with SPC. For example, if you also use Symantec Messaging Gateway, you can integrate both it and Data Loss Prevention with SPC. Doing so would enable you to sign on once for both products (single sign-on) and monitor and manage both product configurations from the same SPC interface.
In addition, you can also integration non-Symantec security-related products with SPC. Refer to the SPC documentation for this type of use.
Note: Integrating your Enforce Server with SPC does not affect the operation of Symantec Data Loss Prevention. You can still access and use Data Loss Prevention from the standalone instance of the Enforce Server administration console if you so choose.
Considerations and requirements for integrating the Enforce Server with SPC :
Before integrating the Enforce Server with SPC, keep in mind the following considerations:
i] Symantec Data Loss Prevention version 11.1 integration with SPC is only at the interface level. There is no reporting integration for Symantec Data Loss Prevention through SPC.
ii] Integration with SPC is not compatible with the certificate authentication installation mode of Symantec Data Loss Prevention.
If you have already installed or enabled Symantec Data Loss Prevention for certificate authentication mode, and you want to integrate the Enforce Server with SPC:
a] Disable certificate authentication mode for the Enforce Server.
b] Integrate the Enforce Server with SPC.
c] Renew certificate authentication mode for the Enforce Server.
iii] The ability to integrate the Enforce Server with SPC is enabled by default.
You can disable this feature by changing the SPC authentication setting in the file \Protect\configManager.properties.
Before integrating the Enforce Server with SPC, adhere to the following requirements:
i] Synchronize the system clocks to within the same minute for both the SPC appliance host and any Enforce Server host you want to integrate with SPC.
ii] Make sure you can ping the SPC host from the host where the Enforce Server is installed, and vice versa.
iii] Create a dedicated Data Loss Prevention role and user that is granted the "Symantec Protection Center Registration" privilege.
This privilege allows a user to instruct the Enforce Server to trust a certificate. This is a significant privilege and is only necessary for registering and unregistering the Enforce Server with SPC. It is recommended that you revoke this privilege after you complete the registration of the Enforce Server with SPC. At the least, you should limit the number of users who are added to this dedicated role and granted this privilege. Note that the "Symantec Protection Center Registration" privilege by itself does not allow a user to log on to the Enforce Server.
vi] To give Data Loss Prevention users access to the Enforce Server through SPC, you must map the Data Loss Prevention users to SPC.
To simplify user access, it is recommended that you create a user in SPC with the same name and password as the corresponding user account in the Enforce Server.
The following steps assume that you have already installed Symantec Protection Center (SPC). If you do not have an instance of SPC installed, refer to the Symantec Protection Center Getting Started Guide that is available here http://www.symantec.com/business/protection-center to obtain and install SPC.
There are two methods for integrating the Enforce Server with SPC:
1] By adding a single known Enforce Server instance to SPC.
2] By discovering and registering one or more Enforce Server instances with SPC.
Now,
1] By adding a single known Enforce Server instance to SPC.
Complete the following steps to integrate a single known Enforce Server instance with SPC.
Procedure Step 1: Create a dedicated Data Loss Prevention role and user with the SPC privilege.
To add or register the Enforce Server administration console with SPC, you must first grant the SPC Registration privilege to a Data Loss Prevention role and assign a user to that role. It is recommended that you create a dedicated role and user for the specific purpose of integrating the Enforce Server with SPC.
To create a dedicated role for integrating the Enforce Server with SPC:
a] Log on to the Enforce Server administration console as a user with User Administration privileges.
b] Create a new role.
c] To this role grant the Symantec Protection Center Registration privilege.
d] There is no need to grant this role any other privileges.
e] Create a new user account.
f] Add the new user to the newly created role.
Note: The Symantec Protection Center Registration privilege does not allow a user to log on to the Enforce Server.
Procedure Step 2 : Add and enable the Symantec Data Loss Prevention product in SPC.
To add the Data Loss Prevention product to SPC:
i] Logon to the SPC appliance as a user with SPC administrator credentials.
ii] Select the Admin tab.
iii] Click Add Product.
iv] At the Add and Enable Product Instance screen enter the following information:
a] Product
Select Symantec Data Loss Prevention from the drop-down menu.
b] Host name or IP address
Enter the host name or IP address of the system where the Enforce Server administration console is installed.
c] Product user name
Enter the name of the user you created in Step 1 who is granted the "Symantec Protection Center" privilege.
d] Password
Enter the password for this user.
e] Click Enable.
The system indicates successful enablement.
f] Click Finish.
Procedure Step 3 : Verify that Symantec Data Loss Prevention was added to SPC and enabled.
To verify that Data Loss Prevention was added to SPC:
i] In the SPC console, navigate to the Admin > Supported Products screen.
ii] In the Enabled Supported Products tab, verify that you see that Symantec Data Loss Prevention 11.1.0.0 is listed and the host name or IP address of the Enforce Server host that you have added.
Procedure Step 4 : Provide SPC user access to Symantec Data Loss Prevention.
Once the Enforce Server is integrated with SPC, you need to map each Data Loss Prevention user to SPC so that each user can access the Enforce Server administration console by SPC.
To provide Data Loss Prevention users with access to the Enforce Server through SPC:
i]In the SPC console, select Admin > User Management.
ii] Click to add a new user.
iii] Select the option Locally Authenticated Account.
Note: Refer to the SPC documentation for details on creating multiple user accounts by LDAP synchronization.
iv] Enter the User name and Password, and, optionally, the user's actual name and email address.
v] Click .
vi] Click Next at the "Protection Center Permissions" screen.
These permissions are specific to SPC. Since you are mapping Data Loss Prevention users, there is no need to give these users SPC privileges.
vii] Click Next at the "Grant Organizational Access Rights" screen.
viii] At the "Link to Integrated Products" screen:
a] Integrated Product
Select the Enforce Server instance that you added.
b] Linked User Name
Enter the name of the Data Loss Prevention user to whom you want to grant SPC access.
c] Click Add to add the new user and mapping.
d] Click .
The system confirms the privileges granted.
ix] Click .
Note: The SPC user account can be mapped with either an Enforce user or an Enforce Role\Enforce user combination. In the user-only method, when the user logs on to Enforce using SPC, the default role is used. In the case of the role\user method, the user logs on to Enforce in the specified role and cannot change his or her role. When performing the mapping, you can use the following syntax while entering the Enforce user name to lock the user into a specified role: <enforce role>\<enforce user>, for example: remediator\bob.
Procedure Step 5 : Verify Enforce Server integration with SPC.
To verify successful integration:
-
Log out of SPC.
-
Log back into SPC as the user you created in Step 4.
-
At the SPC Home screen, select the target icon in the upper left of the interface.
-
Select the Symantec Data Loss Prevention option.
-
Select the host name or IP address of the Enforce Server instance you added.
The Data Loss Prevention system should appear with you logged in as the user you created and mapped.
Procedure Step 6 : Troubleshoot any connection issues.
To debug connection issues:
i] If your browser cannot connect to the Enforce Server from SPC, make sure that you have loaded the Enforce Server certificate in the browser. You can do this by accessing the Enforce Server administration console standalone outside of SPC.
ii] The Data Loss Prevention users you map to from within SPC must have appropriate privileges to access Enforce Server resources, build policies, and so forth. If you can log on to the Enforce Server from SPC but cannot do anything inside the administration console, update the Data Loss Prevention user privileges.
iii] If the registration fails and you receive the error "A time synchronization error has been detected," make sure that the system clocks on both the SPC host and the Enforce Server host are in sync to the minute.
iv] If you have integrated more than one Enforce Server instance, from within SPC click the arrow beneath the Symantec Data Loss Prevention product heading and then select the Enforce Server instance that you want to access.
Procedure Step 7 : Revoke the SPC Registration privilege.
Once you have successfully integrated your Enforce Server instance with SPC, it is recommended that you disable the user account that you assigned to the "Symantec Protection Center Registration" role for SPC integration (Step 1). Once integration is complete, there is no need for a user to have this privilege. If you need to redo the integration or unregister the Symantec Data Loss Prevention product from SPC, you can add re-enable the user account assigned to the SPC role.
Please refer Unregister the Enforce Server from SPC.
Now We'll see the second method i.e
2] By discovering and registering one or more Enforce Server instances with SPC.
Complete the following steps to discover and registers one or more Enforce Server instances for integration with SPC, and to troubleshoot any integration issues you may encounter.
Procedure Step 1 : Grant the SPC Registration privilege to a Data Loss Prevention role and user.
Refer to Step 1 in Table: Add a single known Enforce Server instance to SPC.
Procedure Step 2 : Discover one or more Enforce Server instances.
To discover an Enforce Server instance:
i] Logon to the SPC appliance with administrator credentials.
ii] Select Admin > Settings > Product Discovery from the SPC console interface.
iii] Enter the IP address of the Enforce Server host in the Discovery IP Selection field.
To integrate more than Enforce Server instance with SPC, enter a comma-separated list of IP addresses.
iv] Select (check) .
v] Click .
A message appears beneath the Discover Products button that indicates that the Enforce Server host was successfully discovered.
Procedure Step 3 : Register one or more Enforce Server instances with SPC.
To register a discovered Enforce Server instance:
i] In the SPC console, select Admin > Product Registration.
ii] Select the tab .
iii] For the Host name, select the IP address for the Enforce Server host.
iv] Enter the User name and Password of the Data Loss Prevention user who has been granted the "Symantec Protection Center Registration" role previlege (from Step 1).
v] Click .
On the right side of the console you should see a message indicating that the Enforce Server instance was successfully registered: "Supported product was successfully enabled!"
Procedure Step 4 : Verify that one or more Enforce Server instances were registered with SPC.
Refer to Step 3 in Table: Add a single known Enforce Server instance to SPC.
Procedure Step 5 : Provide user access to Symantec Data Loss Prevention from SPC.
Refer to Step 4 in Table: Add a single known Enforce Server instance to SPC.
Procedure Step 6 : Verify Symantec Data Loss Prevention integration with SPC.
Refer to Step 5 in Table: Add a single known Enforce Server instance to SPC.
Procedure Step 7 : Troubleshoot any connection issues.
Refer to Step 6 in Table: Add a single known Enforce Server instance to SPC.
Procedure Step 8 : Revoke the SPC Registration privilege.
Refer to Step 7 in Table: Add a single known Enforce Server instance to SPC.
************The following steps provide instructions for unregistering an Enforce Server instance from SPC.**************
Procedure Step 1 : Log on to SPC as an administrator.
Logon to the SPC appliance as a user with SPC administrator credentials.
Procedure Step 2 : Unregister the Enforce Server instance from SPC.
To unregister an Enforce Server instance from SPC:
i] Select Admin > Supported Products.
ii] In the Enabled Supported Products tab, select the Enforce Server instance you want to unregister.
iii] Select Disable Product at the top left of the screen.
This option is listed beneath the Supported Products heading.
iv] Enter the user name and password of the Data Loss Prevention user who is granted the Symantec Protection Center Registration privilege.
v] Click Disable.
The system displays a message indicating if the unregistration completed successfully.