Symantec Data Loss Prevention Review

Enables us to create policies to control sensitive company data

What is our primary use case?

The primary use case is for handling confidential data, such as customer data, employee data, and IT confidential information. We used this solution in some contracting work. We classify the data by assigning each division user their own classification, e.g., confidential, restricted, internal, or public. According to the data we get from the customer, we find fairly unique keywords and common words from the data and we put it on the Symantec DLP engine as a use case or policy. If, for example, the content or classified files cannot leave the organization, I can turn the use case into a policy as keywords mentioning specific data and unique keywords in the documents. This restricts documents from leaving the organization. That's how I create a policy based on the use case.

How has it helped my organization?

Another unique feature which I have found is a solution that we needed for one of our customers. They provided laptops at one of their facilities. Their users had administrator access, but the company cannot control those laptops. They are things, moving outside and inside for technical work. They noticed that their users have personal email accounts through Gmail and they installed Google Drive on their laptops. The problem is when Google Drive synchronizes, most of these company documents have a few admins that sync back up to these personal laptops. 

After deploying Symantec, we created a policy for data loads. We found some confidential files had been backed up to the cloud from their personal laptops. The company documents back up through employees' personal Google Drive. They found it and informed the company, who restricted the application purpose for those employees.

The customer was happy about the solution.

What is most valuable?

They have a feature on the management side called the document indexer. If you have a unique document with many near-identical versions, which have one or several values that change, while the rest of the content stays the same. You can collect 50 of those documents and put them into this feature of the Symantec DLP system. It will compress them and create a profile specifically for that document. 

For example, if you are getting a daily performance report for your company, each report will be completely the same, except some of the numerical values may change. I can collect 50 documents from the last 50 days and put them into the system to compress the documents and create a profile. I can then put this in a policy that will monitor only those documents. If an employee tries to send those documents outside without authorization, the system will block the documents. I have found the data indexer in Symantec, but I didn't find it in McAfee.

What needs improvement?

Each company is used to working their own way because they invested in developers and they worked with their project team already. We have worked on some projects and got feedback from the customer. Most of the time I develop this data loss deployment, when I assign data loss threshold values, some data thresholds will need to be higher. For example, IT users need a higher threshold because technical documents include confidential work.

In a 60 page technical document the confidential work might appear 50 times. If that document comes out of the machine or if he tries to send it to another IT user, it will technically be considered data loss because of the threshold value end for the confidential work. In that same way, I have to fine tune those metrics depending on the customer or customer group and the employee group. IT needs certain metrics. A financial user or financial goods need different metrics.

That fine-tuning has to be done for the customer as well as the vendor. If I take Symantec DLP, we have to have some final fine tuning but we may need some time developing this depending on the customer. This is an area where something can be done to improve the product. 

Also, due to the cloud emerging technology in the world at the moment, most of the content and data that we use from the cloud if from some organizations in Europe and the US. For those users, I think Symantec DLP has already provided a testing agent. Those are advantages and improvements that could be made to Symantec DLP.

Their user interface and other features are fine as is.

What do I think about the stability of the solution?

It's stable. Currently, we are running on two and a half to almost three months. Up to now, I haven't experienced any system issue at the customer place. I used to go and do some fine tuning in the policies only.

What do I think about the scalability of the solution?

It's scalable. There are three users for this solution at the customer. They are information security engineers. Two are senior and one is just an engineer.

Those users are responsible for the solution and the entire agent count is 800 users. For 800 users endpoints have been installed.

It's fine for now, but I think they are planning to expand the solution to another 500 users by next year.

How are customer service and technical support?

We have experience and most of the time you get very good technical support. In our experience, we only needed support four times for some fine tuning because there is some fine tuning that I cannot do. In those cases, I created a ticket from the support portal and within three or four days they replied. They could typically rectify the issue within one or two weeks. Afterward, they send a report survey for evaluation. 

In short, the technical support is great.

How was the initial setup?

The setup is straightforward. The only complexity comes from the Oracle Database side. Other than that, it is straightforward. It took a half hour to install it. Once you install the manual server, and the detection server on another server you just have to install the alias. I didn't have much problem installing the system.

What about the implementation team?

I installed it myself. Implementation took one day.

I initially checked with the customer how to do their implementation and then I gave them the system requirements. Only then did I go on to staff, once they had given me access to the servers. I only did preliminary planning with technical staff first, then sat down with the customer and planned it more thoroughly.

Only three people take care of this solution from the management side. Externally, there is also a special SI engineer and a travel engineer.

What's my experience with pricing, setup cost, and licensing?

In terms of pricing, Symantec DLP works with Oracle Database. Oracle Database licensing is much more expensive than other databases. That might be a drawback for customers.

The pricing is on a yearly subscription basis. For the current customer year, we already paid up front as part of the first three years.

Which other solutions did I evaluate?

We had a partnership with Symantec so we didn't use any other solution because we signed an agreement with them and we started deployment with the customer. We evaluated the system with the customer and once the customer confirmed that we should secure Symantec DLP we deployed the solution.

What other advice do I have?

My advice is that the DLP solution is the emerging platform in the world at the moment. First, we had to get some idea on how data works at the customers: data in motion, data in rest, data traveling, etc. Typically data travels through emails from the endpoint by USB, email and CD writing it to a CD or copying it to a network share or from a network share. Those are what you need to know before starting the day of implementation. How this data travels inside and outside the environment.

I would rate this solution as nine out of ten, because they are a leader, competing with some other vendors, providing updates, releasing new versions, and providing technical improvements on their side. I would say it's fine.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Symantec Data Loss Prevention reviews from users
...who compared it with McAfee ePolicy Orchestrator
Add a Comment