Nov 16 2020

Review: Protect Your Lifeblood with Symantec Data Loss Prevention

DLP solution keeps critical agency data secure no matter where it lives in a complex hybrid infrastructure

Even more than in the private sector, federal agencies’ data is both their lifeblood and their responsibility. Frequently, they are legally required to protect it from unauthorized disclosure or theft.

Keeping data safe is more complicated than ever, with information stored on hybrid platforms that exist both on-premises and in multiple clouds, as well as on employee endpoints and BYOD devices.

Symantec created its Data Loss Prevention solution with all that in mind. It’s a unified management platform that can be controlled from a single location, no matter how complex the infrastructure it’s guarding. It’s installed as a series of content detection servers combined with lightweight agents connected to endpoints.

For this review, the platform was examined as a whole package, with most optional modules installed. But agencies can pick and choose only the components that they prefer or need.

Mastering the main management console is easy for anyone with a good understanding of data. From the console, I was able to configure and deploy agents across operating systems and platforms after only a few hours of self-guided training.

Agencies Get Automated Classification of Data

An automated data classification feature identifies what information needs to be protected without knowing where that information resides within a network. Several government and private ­industry frameworks can help with initial ­policy deployments.

The platform, once configured, acts as a ­security information and event management (SIEM) system for protected data. It can detect data trying to leave a ­network by almost any channel, even as part of an image file. And it can even find ­specific ­violations before they can become problematic.

Alerts are very specific, allowing admins to quickly zero in on a problem, examine quarantined data or audit automatic actions taken by the platform.

The Symantec Data Loss Prevention platform gives systems administrators an uncomplicated way to manage a ­critical and increasingly complicated threat to government data.

Symantec Data Loss Prevention

Put Users in the Fight Against Poor Data Handling

Many agencies will probably opt to keep their discovered DLP violations secret, but the Symantec Data Loss Prevention platform can also be used as a training tool to improve employee data handling. Accidental data loss is far more common than purposeful data theft.

Symantec can help administrators train their users in good data handling practices through the Symantec Data Loss Prevention program. There will always be users who don’t care or aren’t technically proficient enough to follow the rules, but many simply don’t understand why data handling policies are so critical and why they should pitch in to keep information safe.

With Symantec DLP, an admin can let users know why a data transfer they tried to perform was blocked or quarantined by the platform, after a generic alert tells them that their transfer was stopped. Or, a manager can point out when sensitive data on a user’s device is being stored in an unsafe manner — the user may have a legitimate reason for sharing the data, but simply chose an unsafe avenue. 

Administrators can also opt to have the platform explain its actions in depth, showing which standard or regulation would have been violated were the action allowed to proceed, or suggesting alternative methods of taking the same action safely. Automatically providing users with that information as a potential breach occurs is excellent reinforcement.

Although the Symantec Data Loss Prevention platform is not a traditional training tool, it can help educate users about data security issues. This could improve data handling techniques without resorting to time-consuming training or in-depth classes.

Symantec Data Loss Prevention

Initial Detection Algorithms: 130
Compliance Protection Frameworks: GDPR, PCI DSS, HIPAA, Sarbanes-Oxley Act
Supported Cloud Control Points: Microsoft Office 365, Google Workspace, Dropbox, Box, IBM/Lotus Notes
Image Protection: Optical character and sensitive image recognition
Supported Endpoints: Apple OS 10.10 +; Microsoft Windows Server 2008 +; Windows 7+; Citrix XenApp 6.5+; Citrix XenDesktop 7.6+; Microsoft Hyper-V Server; VMware Workstation 6.5x; VMware Horizon 6.0.1 +

Symantec