-
-
- Converting your LOB tables from BasicFiles to SecureFiles format in Symantec Data Loss Prevention 14.6 and 15.x:
- Error: "ORA-28000: the account is locked" in Symantec DLP Enforce
- How to change the "protect" user password in the Oracle database for Symantec DLP
- How to default to the local database when logging in from the command line
- How to Extend Oracle tablespace (LOB_TABLESPACE, USERS, etc.) when almost full
- How to Removing Oracle Database Client Software for symantec DLP
- Show all articles ( 1 ) Collapse Articles
-
- Best Practice for Endpoint Agents with Antivirus Protection
- Creating a new agent attribute in Symantec DLP
- Generating agent installation packages for Symantec DLP
- How to collect the Endpoint Agent logs
- How to install the Symantec DLP Agent (Windows)
- How to remove the Symantec DLP Endpoint Agent (Mac)
- How to remove the Symantec DLP Endpoint Agent (Windows)
- How to Speed up the incident traffic from endpoint to endpoint server
- How to start DLP Agents that run on Mac endpoints
- How to troubleshoot DLP Agent status not reporting as expected on Enforce
- Troubleshoot Agents not reporting into the Enforce Console
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 7 ) Collapse Articles
-
- Configuring LDAP Lookup Plugins in Symantec DLP 15.5+
- Creating a new agent attribute in Symantec DLP
- Default ports used by Symantec DLP
- Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components
- fixing Enforce Server migration fail for three-tier environments due to "DatabaseProcessCheck"
- Generating Syslog messages from Symantec Data Loss Prevention
- How To Access DLP incidents
- How to Configure AD User login Authentication in Enforce for Data Loss Prevention 15.x and above
- How to configure the LDAP Lookup Plug-In within Symantec DLP
- How to create a report in Symantec DLP
- How To create a user role in Symantec DLP
- How to create users in Symantec DLP
- How to create, sign, and import an SSL certificate signed by a Trusted Certificate Authority
- How to create, start & stop Discover scans in Symantec DLP
- How to enable Finest level logging on DLP agents
- How to enable Syslog Logging for Symantec Data Loss Prevention
- How to export incidents in Symantec DLP
- How to filter incidents and Summarise in Symatec DLP
- How to gather a process dump using the ProcDump Tool
- How to increase the max number of incidents exported within Symantec DLP
- How To Login to the Symantec DLP Console
- How to Obtain a Broadcom/Symantec Support Site ID
- How to obtain the Symantec DLP Server Log files: location and description
- How to restart Symantec DLP services (14.6-15.0)
- How to restart Symantec DLP Services for Oracle Patching
- How To Restore the DLP Enforce Server across platforms in three-tier deployments
- How to set incident status in Symantec DLP
- How to solve Error: "Error 1802: Corrupted incident received"
- The maximum number of Agents than can be allowed to export, print or mail from Agents Summary Report or Agents Legacy Summary Report.
- What Are the Differences Between the “same” and “any” Components in Symantec DLP Rules?
- Show all articles ( 25 ) Collapse Articles
-
- Best Practices for Scanning Files Larger Than 30MB Using Discover
- Default ports used by Symantec DLP
- How To Access DLP incidents
- How to filter incidents and Summarise in Symatec DLP
- How To troubleshoot DLP Network Discover scan common errors
- Symantec Network Detection is not working for DLP User Groups that index the Domain Users AD Security Group
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 2 ) Collapse Articles
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
0 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |
- KB Home
- DLP Programmes
- Discovery Programme Design Considerations
When mapping out the requirements for a Data Discovery programme, there are a number of options to consider and many sources it is important to draw from. If you have a PIM (Personal Information Management) programme already in place you can use the output from this in order to help focus the elements for a Discovery service. If you do not have a PIM this is not a problem, you can still get to the same point through planning and mapping out your requirements with your team.
Discovery programmes usually fall into two categories:
- Discovery of sensitive data in inappropriate storage locations
- E-Discovery and mapping of sensitive data for future referencing
Whichever one of these programme types you are looking to run the next questions to determine answers to are consistent across both exercises:
- What content do you actually want to find? (for example)
- Personal Data – PII, SPII, employment information, medical records
- Sensitive Corporate information – Intellectual Property, Code, Designs
- Financial Sensitive Data – Banking information, customer financial records, company financial records
- What combinations of data do you hold? (for example) – Different combinations impact sensitivity levels
- Personal Data – name, address, date of birth, bank details
- Financial Data – Mergers and Acquisitions
- Company finance – End of quarter/ year results
- Where is the data located? (for example)
- On-Premises file storage
- SharePoint Platform
- MS Exchange Folders
- Document management system
- Local User Drives
- Cloud Data – O365, Dropbox, Box, Salesforce, ServiceNOW, Slack, Github
- What is the sensitivity level of the data?
- Do you have classification levels for sensitivities?
- Are they published within your organisation?
- Do have an ability to classify the electronic content?
Once you have formulated answers to the previous questions, then you can look at the next stage:
- Where should data be located?
- Where should it not be located?
Although the latter may seem like rather an obvious question, it is actually an important distinction. For example, scanning for HR content in an HR drive is often counter-productive. This is an area where you expect to find this type of content and will generate a lot of detected incidents for not much gain. The answers for these questions is tied back to our original ask, what type of discovery programme are you wanting to run; a Discovery for where sensitive data should not be located? Or an e-discovery programme to find where all the sensitive data is located, so you can reference and search this data later on, potentially for DSARS, or Right To Be Forgotten also known as Deletion Requests.
The other reason why the distinction of the type of programme you are wanting to run is important is because your technology choice may be different depending upon the searching you want to achieve.
Many DLP platforms such as Symantec, Forcepoint, Digital Guardian are good at searching for content and highlighting when that content is found, and they will create incident tickets against the files discovered. However, if you are attempting to run an E-Discovery programme and simply cataloguing the data you find and all of the locations it has been found in, DLP platforms may not be the toolset to use. It is cumbersome to run DLP scans of all of your storage areas and attempt to keep a track of the content that is flagged as incident tickets. Also, upon running a follow-up scan, DLP platforms are designed to highlight when documents have been removed, not continue to flag as the content is still present. The DLP discovery function is really highlighting where a problem exists, showing the investigator and helping remove the problem so a follow-up scan would show how much remediation has taken place and files have been secured.
A good example of this would be:
- scanning a transfer drive that is meant to be cleared out weekly to ensure that no sensitive content has been left in there
- Scanning a public file share to ensure that no-one has accidentally saved PII to the location and given the whole organisation access to find it
If you are looking to map all data and its locations then using a full E-Discovery platform such as Privaci, BigID, or Commvault’s Activate are much stronger options. These platforms specifically scan for all sensitive data in the content, keep a record of where the files are located and also create reference index’s so data can be searched for and the location records pulled back for the investigator, potentially for a DSAR or Deletion Request to be fulfilled.
These are just some of the questions to consider when planning the initial stages of your data discovery programme.
Please check for our additional articles for the next steps.
0 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |