Hi,
It depend of your architecture, but there is different way to do this :
- You could send some test emails and do some measurement between system upward and downward your DLP system to see what is latency induced by your email prevent servers
- You could activate higher log level during a certain amount of time (in logs page on enforce UI you have a email prevent config which switch server to verbose mode, easy to apply no restart needed and you could go back to normal logs in same way). these verbose logs will provide you some time processing measurement at DLP level. Of course this wont include latency induced by network component.
- You could also used symantec document about this which gives some values for this induced latency. I know that client may not trust vendor information but it is a good start.
- You could devellop your own tool to perform this measurement by sending email to prevent server and receiving email from prevent and then measure time between two.
Regards