Symantec - Data Loss Prevention

Drive total protection of your sensitive data with the most comprehensive detection technologies and unified policies of Symantec’s industry leading Data Loss Prevention (DLP).

Product Overview

Highest level of data protection

  • Broadest data protection for
    communication channels: cloud, email,
    web, endpoints, and storage.
  • Fewer false positives with comprehensive
    detection technologies.

Single pane of glass

  • Single console for policy management,
    incident response, reporting and
  • One set of policies and workflow for all
    communication channels: cloud, email,
    web, endpoints, and storage.

Wide range of integrations

  • Integrates with Symantec Information
    Centric Security and the Integrated Cyber
    Defense Platform.
  • Broad integration support for user
    behavior, third-party encryption, data
    classification and rights management

Stop data loss with the highest level of protection

Keeping information safe and compliant has never been easy. But today,  enterprises face new and unexpected security problems. As more companies unplug their on-premises systems and move to cloud-based services, company data becomes more vulnerable to accidental exposure by inexperienced cloud users and configuration errors. Cloud security isn’t the only concern for enterprises. Targeted cyber-attacks have become all too common as cyber criminals develop effective new methods that circumvent traditional security measures and exploit users to steal valuable data from companies. Symantec’s Data Loss Prevention (DLP) solution delivers the highest level of protection you need to prevent data breaches and safeguard your company’s reputation. With our industry-leading technology, you get comprehensive discovery, monitoring and protection capabilities that give you total visibility and control over your confidential data.

Keep data safe while in use on endpoints

As employees become more mobile through the use of smartphones, tablets and laptops, company data becomes more vulnerable to data leaks and thefts – on and off the corporate network.

The Symantec DLP for Endpoint solution provides all the protection you need to keep sensitive data safe and protected on endpoints. It provides complete discovery, monitoring and protection capabilities for data in use across a broad range of channels: email, cloud apps, network protocols, external storage, and virtual desktops and servers.

With Symantec DLP, a single lightweight endpoint agent enables two modules: DLP Endpoint Discover and DLP Endpoint Prevent.

Symantec DLP Endpoint Discover

Scans local hard drives and gives you deep visibility into sensitive files that users are storing on their laptops and desktops. It provides a wide range of responses including local and remote file quarantining, and policy-based encryption and digital rights management enabled by the DLP Endpoint FlexResponse API.

Symantec DLP Endpoint Prevent

Monitors users’ activities and gives you fine-grained control over a wide range of applications, devices and platforms. With Endpoint Prevent, you can alert users to incidents using on-screen popups or email notifications. Users can also override policies by providing a business justification or cancelling the action (in the case of a false positive).

Protect data in motion over the network

The widespread adoption of collaboration tools and cloud apps, coupled with risky employee behaviour that companies may not even be aware of, increases the risk of data exposure over business communications. The Symantec DLP for Network solution monitors and prevents sensitive data from being leaked over a wide range of communication protocols across your network.

DLP Network Monitor
captures and analyses outbound traffic on your corporate network, and detects sensitive content and metadata over standard, non-standard and proprietary protocols. It is deployed at network egress points and integrates with your network tap or Switched Port Analyser (SPAN). Network Monitor performs deep content inspection of all network communications
with zero packet loss, unlike other solutions that sample packets during peak loads and put you at high risk for false negatives.

DLP Network Prevent for Email protects sensitive messages from being leaked or stolen by employees, contractors and partners. It monitors and analyzes all corporate email traffic, and optionally modifies, redirects, or blocks messages based on sensitive content or other message attributes. Network Prevent for Email is deployed at network egress points and integrates with mail transfer agents (MTAs) and cloud-based email including Microsoft® Office 365 Exchange. Network Prevent for Email is available as software or virtual appliance.

DLP Network Prevent for Web protects sensitive data from being leaked to the Web. It monitors and analyzes all corporate web traffic, and optionally removes sensitive HTML content or blocks requests. Network Prevent for Web is deployed at network egress points and integrates with your HTTP, HTTPS or FTP proxy server
using ICAP. Network Prevent for Web is available as software, hardware appliance, or virtual appliance.

Protect data at rest across storage repositories

Digital data is growing significantly, largely due to internally generated documents, yet few companies are focused on governing and protecting it. With Symantec DLP for Storage, you can discover and secure sensitive data at rest – the data stored on file servers, endpoints, cloud storage, network file shares,
databases, SharePoint and other data repositories.

First, Symantec DLP Network Discover finds confidential data by scanning network file shares, databases, and other enterprise data repositories. This includes local file systems on Windows, Linux, AIX, and Solaris servers; Lotus Notes and SQL databases; and Microsoft Exchange and SharePoint servers. DLP Network Discover recognizes more than 330 different file types—including custom file types—based on the binary signature of the file. It also provides high-speed scanning for large, distributed environments, and it optimizes performance by scanning only new or modified files.

Next, Symantec DLP Network Protect adds robust file protection capabilities on top of Network Discover. Network Protect automatically cleans up and secures all of the exposed files Network Discover detects, and it offers a broad range of remediation options, including quarantining or moving files, copying files to a quarantine area, or applying policy-based encryption and digital rights to specific files. Network Protect even educates business users about policy violations by leaving a marker text file in the file’s original location to explain why it was quarantined. Symantec DLP also includes a FlexResponse API Platform that allows you to build custom file remediation actions. FlexResponse provides easy turnkey integration with other Symantec and third-party file security solutions—including Symantec File Share Encryption and Adobe LiveCycle.

Protect data in the cloud

Security concerns persist as companies continue to migrate legacy IT applications to public cloud services where it’s difficult to get the same level of visibility and control of sensitive data as on their own private servers. With Symantec’s DLP Cloud Services, you can extend powerful data protection controls to the cloud with the convenience of cloud-delivered DLP. They provide rich discovery, monitoring and protection capabilities for a wide range of cloud applications as well as on-premises applications.

The Symantec DLP Cloud Detection Service inspects content extracted from cloud app and web traffic, and automatically enforces sensitive data policies. It offers enhanced cloud-to-cloud integration with Symantec CloudSOC, our industry leading cloud access security broker solution, to protect data in motion and data at rest across more than 100 cloud apps such as Office 365, G-Suite, Box, Dropbox, and Salesforce. The DLP Cloud Detection Service also offers enhanced integration with Symantec’s Web Security Service to monitor web traffic – even when it’s encrypted – and protect roaming and mobile users.
The Symantec DLP Cloud Service for Email provides accurate, real-time monitoring of corporate email traffic by leveraging built-in intelligence and advanced detection capabilities that minimise false positives. It also provides real-time protection against data leaks with automated messaging blocking, or message modification to enforce downstream encryption or quarantining.

The DLP Cloud Service for Email supports Gmail for Work, Microsoft Office 365 Exchange Online as well as Microsoft Exchange Server. It is available standalone or bundled with the superior email threat protection capabilities of Symantec’s Email service.

Manage from a single pane of glass

As your data spreads across a wider range of devices and storage environments, the ability to consistently define and enforce policies becomes even more critical. Symantec DLP gives you a unified management console, the DLP Enforce Platform, which allows you to write policies once and then enforce them everywhere – across all data loss channels.

With the DLP Enforce Platform, you can:

  • Use a single web-based console to author data loss policies, remediate incidents, and perform system administration across all of your endpoints, mobile devices, cloud-based services, and on-premise network and storage systems.
  • Take advantage of more than 70 pre-built policy templates and a convenient policy builder to get your system up and running quickly.
    Leverage robust workflow and remediation capabilities to streamline and automate incident response processes for high traffic environments.
  • Apply business intelligence to your risk reduction efforts with a sophisticated analytics tool, Symantec IT Analytics for DLP, which provides advanced reporting and ad-hoc analysis capabilities.

Get unmatched visibility into confidential data

From data fingerprinting to machine learning, Symantec DLP accurately finds sensitive data in whatever guise it takes.

At the core of any DLP solution is content-aware detection. Content-aware detection techniques make it possible to find sensitive data stored in virtually any location and file format. Symantec DLP offers the most  comprehensive detection with advanced machine learning, image recognition, fingerprinting and describing technologies that accurately classify data so you don’t have to worry about false positives and impacting business users.

Symantec DLP utilises a combination of advanced technologies to accurately detect confidential data —whether it’s at rest or in motion – and includes a variety of out-of-the-box policies (HIPAA, GDPR, PCI DSS, etc.) to help enable compliance with lower effort.

Described Content Matching detects content by looking for matches on specific keywords, regular expressions or patterns, and file properties. Symantec DLP provides more than 130 Data Identifiers out-of-the-box, which are pre-defined algorithms that combine pattern matching with built-in intelligence to prevent false positives.

Exact Data Matching (EDM) identifies sensitive data by fingerprinting structured databases, e.g., “any customer name and their bank account number”. It is particularly effective at detecting GDPR data and has a zero false positive rate when configured correctly. It is unique to the Symantec DLP platform

Indexed Document Matching applies fingerprinting methods to detect data stored in unstructured documents, including Microsoft Office documents; PDFs; and binary files such as JPEGs, CAD designs, and multimedia files. IDM also detects “derived” content, such as text that has been copied from a source document to another file.

Vector Machine Learning protects intellectual property with nuanced characteristics that are rare or difficult to describe such as financial reports and source code. Unlike other detection technologies, Vector Machine Learning does
not require you to locate, describe, or fingerprint the data you need to protect.

Sensitive Image Recognition detects text embedded in images such as scanned forms, documents, screenshots, pictures and PDFs by leveraging our proprietary Form Recognition technology and built-in Optical Character Recognition (OCR) engine

Symantec ICT allows users to classify sensitive data as it is created. This allows data to protected through its life-cycle. User driven data classification triggers encryption that follows the data throughout its life-cycle. Monitor data access throughout the life of a document with the ability to alter the classification based on content dynamically.

Extend data protection beyond DLP

As sensitive data is shared with external users or travels to the cloud and goes outside of your managed environment, it becomes vulnerable to unwanted exposure. Symantec’s Information Centric Security solution provides comprehensive protection for your data throughout its life-cycle beyond your managed premises, with policy driven cloud access security, classification, encryption, user analytics, and web gateways.

  • Cloud Access Security Broker: Extend DLP detection, policies and workflows to cloud apps via integration with Symantec CloudSOC (CASB), and manage incidents on a single console.
  • Data Classification: Identify sensitive files as they are created by leveraging user-driven tags provided by Symantec’s data classification solution, Information Centric Tagging (ICT).
  • Encryption: Enforce strong data encryption everywhere with Data Rights Management and Access Revoking by leveraging DLP integration with Symantec’s cloud encryption service, Information Centric Encryption (ICE).
  • User and Entity Behaviour Analytics: Simplify DLP policy management and incident remediation, and unveil risky behaviour and risky users with Symantec Information Centric Analytics (ICA) powered by Bay Dynamics.
  • Web Gateways and Proxies: Ensure sensitive data doesn’t get leaked over web and cloud traffic, even encrypted traffic, by leveraging DLP integration with Symantec Secure Web Gateways: Symantec ProxySG and Web Security Service
  • User Authentication: Prevent unauthorised access to sensitive data with Symantec VIP, Multi-Factor Authentication and Single Sign-On solution.

Data Loss Prevention System Requirements

Symantec Data Loss Prevention consists of a unified management platform, content-aware detection servers, and lightweight endpoint agents. It also offers you a variety of flexible deployment options, including on-premise, hybrid cloud, and as a managed service through CyberOrchard. Unlike other Data Loss Prevention solutions, Symantec has proven its ability to work in highly distributed environments and scale up to hundreds of thousands of users and devices.

Symantec Data Loss Prevention Management and Detection Servers

  • Microsoft Windows Server 2008 Standard and Enterprise
  • Microsoft Windows Server 2012 Standard, Enterprise, and Data Center
  • Red Hat Enterprise Linux 6.7 through 7.3
  • VMware ESX 5.x and later (not supported for Symantec Data Loss Prevention Network Monitor)

Symantec Data Loss Prevention Endpoint Agent

  • Apple Mac OS 10.10, 10.11, 10.12
  • Microsoft Windows Server 2008
  • Microsoft Windows 7 Enterprise, Professional and Ultimate
  • Microsoft Windows 8.1 Enterprise and Professional
  • Citrix XenApp 6.5, 7.6, 7.9, 7.11, 7.12
  • Citrix XenDesktop 7.6, 7.9, 7.12, 7.14
  • Microsoft Hyper-V Server
  • VMware Workstation 6.5.x
  • VMware View 4.6, VMware Horizon 6.0.1, 6.2.1 and 7.1

Oracle Database

  • Oracle
  • Oracle 12c Enterprise

Industry Recommendations

A Leader in Gartner’s Magic Quadrant for 10 Consecutive Times
Symantec Named a Leader With the Highest Scores
Symantec is the Top Player in the DLP Market

Contact us to schedule a complimentary demo session