Symantec Data Loss Prevention: Product overview
Expert Bill Hayes checks out the Symantec Data Loss Prevention suite, featuring an architecture consisting of content-aware detection servers, endpoint agents and unified management.
Symantec offers a comprehensive approach to data loss prevention that covers both on-premises and cloud environments, as well as mobile devices.
The antivirus vendor's approach to data loss prevention (DLP) has evolved quite a bit over the last decade. Symantec acquired DLP maker Vontu in 2007, and they integrated the company's technology into the Symantec security suite. Symantec's DLP offering later expanded to included many different components, including Symantec DLP for Cloud Storage, Symantec DLP Cloud Prevent for Microsoft Office 365, Symantec Data Loss Prevention for Endpoint, Symantec Data Loss Prevention for Mobile, Symantec Data Loss Prevention Network and Symantec Data Loss Prevention for Storage.
Today, the product is integrated with the cloud access security broker capabilities of the Symantec CloudSOC. The current version of Symantec Data Loss Prevention, 14.6, includes integration with products from Blue Coat Systems, which Symantec acquired in 2016.
Deployment
Symantec Data Loss Prevention's architecture consists of content-aware detection servers and endpoint agents, plus a unified management platform. The suite is scalable to hundreds of thousands of users and devices. It can also be deployed on premises, in hybrid cloud environments and as a managed service through a Symantec managed security service provider partner.
Amazon Web Services (AWS) support enables DLP content detection servers to be deployed on AWS infrastructure. This enables organizations to monitor and protect sensitive data found in AWS-hosted instances of Microsoft Exchange and SharePoint.
On the other end of the spectrum, the DLP management server, content detection servers and Oracle database can be deployed on a single physical server for small organizations or remote offices, thereby reducing hardware and maintenance costs.
Mobile protection
The Symantec Data Loss Prevention suite also includes monitoring for mobile devices and mobile email through Symantec DLP for Mobile with Mobile Email Monitor and Mobile Prevent. Mobile Email Monitor supports Android and iOS devices and can detect when employees download sensitive corporate data to their mobiles devices using the Microsoft Exchange ActiveSync protocol.
Enterprise and endpoint protection
Traditional enterprise architectures are supported with several tools and components within the Symantec Data Loss Prevention suite.
For the Symantec Data Loss Prevention for Endpoint product, the Symantec DLP Endpoint Discover and Symantec Endpoint Prevent modules control data in use. These modules perform local scanning, detection and monitoring for macOS, Windows 7, Windows 8 and Windows 10 machines.
On the endpoints, these modules also monitor and control cloud storage sync folders, Outlook and Lotus Notes email clients, HTTP/HTTPS and FTP protocol traffic, removable storage media -- such as USB, media transfer protocol, CompactFlash and SD cards -- plus eSATA and FireWire for portable drives. The modules also monitor and control virtual desktops, such as Citrix, Microsoft Hyper-V and VMware.
Data in motion is addressed by Symantec DLP Network Monitor, Network Prevent for Email and Network Prevent for Web. Data at rest is monitored using Symantec DLP Network Discover, Network Protect, Data Insight and the Data Insight Self-Service Portal.
Cloud features
The suite supports cloud deployments with Symantec DLP for Cloud Storage and Cloud Prevent for Microsoft Office 365.
Symantec DLP for Cloud Storage is a data-at-rest tool that scans Box Business and Enterprise accounts. It can help determine where sensitive information is being stored, how it's used and who is receiving it. It can be configured to help users correct policy violations by placing visual tags on Box files so users can remediate policy violations using the Symantec DLP Self-Service Portal.
The Cloud File Sync and Share feature keeps users from syncing sensitive data files from their desktop to cloud file sharing sites such as Box, Dropbox, Google Drive, Hightail, iCloud and Microsoft OneDrive.
Symantec DLP Cloud Prevent for Microsoft Office 365, meanwhile, monitors and controls emails sent from Microsoft Office 365 instances of Microsoft Exchange Online. It works with current Symantec DLP policies for Exchange, enabling an organization to migrate its Exchange servers to the cloud.
Summary
The Symantec Data Loss Prevention suite is designed to meets the needs of large enterprises, as well as small and medium-sized enterprises. The product covers a variety of areas, including endpoint data in use, network data in transit, and files and databases at rest. Symantec Data Loss Prevention addresses on-premises, mobile and cloud data and can be deployed on both physical servers -- Windows Server, Red Hat Enterprise Linux and others -- and cloud infrastructures, such as AWS. Symantec is currently readying version 15 of the product, though a release date has not been made public yet.
Organizations interested in Symantec Data Loss Prevention should contact the vendor or an authorized reseller partner for pricing and other information.