Symantec Data Loss Prevention Reviews

We primarily use the solution in order to detect the exfiltration.

The exfiltration capabilities are great. You can put all of these rules in the product to detect the patterns and text. You can build the rules to detect credit cards and personal information, for example. 

Technical support, by and large, is very helpful.

In general, it's a solid, dependable product.

The database is a problem for us, as it's running on Oracle and not everybody likes that. There's a licensing issue with the database. There's a sizing issue with licensing. They did improve it a bit. It supports a virtual server now. However, the pricing and the fact that you install it on the machine and you have to count all the CPU, makes it a problem. It's workable. We dedicated a physical machine to it. It's a bit of a legacy solution. 

The licensing is a bit of an issue for us. They need to work on the way the licensing is set up.

A feature we would like to see is entropy detection in text. We need something that detects when you send an email and you try to hide something by using simple encryption techniques. It's typically called entropy. If we had entropy detection in the regular text that would be ideal

I've been working with the solution for about a year. It hasn't been that long.

It's a pretty solid, reliable product. We haven't had any issues with it overall.

We've found the technical support to be quite helpful and responsive. We're very happy with the level of support we receive.

The licensing is an issue. You need to get a dedicated machine. Otherwise, you have to pay for all the CPU in your data center or all the clusters in VMware. It used to be two issues. One was the support of virtualization and one was licensing. In the latest release, they solved the virtualization. They said "Okay, you can run the database and everything could be on the virtual machine", which is great. The other issue of licensing is still a pending issue. We still have to run on the dedicated hardware, however, it needs to be a small cluster or a small machine, to not pay for the entire cluster.

We are Symantec partners.

We are using the latest version of the solution. I'm not sure of the exact version number, however.

Overall it's an excellent product. It helps you reach your goal and solve some issues. We did it in six months. It's really an excellent product. There is a bit of a legacy component about the database and the way it works. We can see that the evolution of the technology was a bit slow for the backend, however, the product itself is solid.

I'd rate the solution at a nine out of ten overall. We've been largely quite satisfied with its capabilities.

• Detects the percentages of text and interrogate words within documents and emails.
• Finds leaks of documents and restricted controlled information.
  

We use it to discover unacceptable employee behavior, such as threats and bullying. It helps us identify insider threats.

I would like to see a reduction in false positives.

I have used this solution for three years.

There haven’t been stability issues with the product. There have been stability issues with the user community when trying to embargo documents.

There were no scalability issues other than some impact on sending large documents when tracking content for restricted data.

The technical support has been excellent. We had DLP engineers on site.

The installation was pretty straightforward. We had to adjust for policy allowances. Once the user community gained some experience, we were able to expand the scope.

I have no real comment as we had an enterprise license. Make sure you cover all users and plan growth metrics.

We evaluated alternative solutions, but I can't recall which ones. We had an enterprise license and the product integrated with the SIEM well. There was little reason to go outside of the existing contracts.

Take the following steps:

1. Go to monitoring for 90 days.
2. Start to reduce the allowed events. Start at 100 and reduce by 20 per month.
3. Communicate any failures. (Allow for application changes, as legacy apps may be guilty of data transfer that is embedded in the architecture/file transfer.)

Previously, what was happening was that anyone could send any data outside. We now know who is sending what data and where. We can then question them: "Why have you sent that data?"

In DLP one of the most valuable features is that you can check attachments. 

In addition, it gives me the data such that, if someone is using a browser and email, I'm able to figure out who is sending the data.

Symantec customer support is very bad.

We are finding delayed response if the macOS is updated. They need to make sure their solution is compatible.

Also, if any data at all is going outside of our network and it matches our screening it has to be captured and we should see it detailed properly: Who is sending it, where they're sending it.

The stability has met our expectations.

I'm not good with the scalability. It's not capturing everything. If someone's trying to send from Gmail to some other browser or if someone is using Safari in a Windows machine, under those conditions it's not captured. 

This is the first product of its kind for us. Nobody seemed to know much about this product but we figured out how to use it, and the vendor gave us training, so we have been able to handle it.

The initial setup is a little complex. But once you go through it you get used to it. After using this product it becomes easy to handle, easy to understand. Our deployment took about two months for 2,000 users. 

Our strategy was simple. I needed to implement it for every user so that we could monitor any data.

We used the vendor's support and it was nice working with them. They helped a lot when it came to the deployment.

I wasn't involved in the pricing negotiations but from what I know the pricing is good, it's not too expensive. If you negotiate you can get a good price.

We evaluated multiple solutions, such as McAfee.

We have around 1,500 users in HR, admin, the finance department, and IT. For maintenance of the solution we have two people. It's covering all users at the moment so there are no plans to increase usage.

I rate the solution at eight out of ten. It is fulfilling our requirements.

The Network Monitor component is the most advanced on the market. Combined with the other Network DLP components (Prevent for Web, Prevent for Email, Discover and Prevent), Symantec offers one of the best network DLP solutions in the market. Another component that is very valuable from my point of view is the Data Insight component that allows the client to have full visibility into the company data.

Data Insight is a very good component that steps outside the standard DLP functions, but helps the client to gain visibility over the data usage, ownership and permissions.

The Symantec DLP solution is very complex, and installation requires many components. Also, Oracle is only the DB used by Symantec.

I have experience with Symantec DLP since 2013.

Sometimes the Oracle instance need to be restarted, when using full Windows deployment.

When in a heavy-usage environment, you can have some latency problems when the DLP management page loads. If the problem persists and the loading time is too high, you should restart the service. Usually, this behavior is very rare and I saw it on the Windows implementation.

When implementing the DLP solution, we use the Symantec sizing guide, and we use the recommended configuration. The Symantec DLP license is per user, so it's hard to have issues with scalability

Usually, we use the local distributor team for issues and they are very OK. When needed, we opened cases at Symantec support, and it was a pretty decent relationship. Some clients complained that they didn't fulfill the request very fast.Starting again this year we have a local vendor presence and that helps us in front of the clients.

Symantec L3 technical support technicians are very good.

Initial setup is straightforward, as you use the same installation kit, and you choose which component to install.

Symantec only sells the DLP software. When you buy, it you should budget the server licenses, the storage and the hardware. Scale your implementation when you have your exact number of the monitored users. Be prepared to extend the resources if you increase the number of users. The Oracle DB is licensed for use only with Symantec.

If you are a small firm with less than 150 users, Symantec can be too pricey.

We also evaluated McAfee DLP, WebSense (Forcepoint) DLP, and Digital Guardian.

We are a system integration firm, and we also sell McAfee DLP and WebSense DLP (Forcepoint).

In Pakistan, this solution is used mainly in the banking sector for protecting the credit card payment industry. Our clients are generally small businesses. We are partners with Symantec and I'm the manager of information security. 

The most valuable feature is the end point encryption and the solution provides good data loss prevention. 

Symantec needs to improve the policies. If they could gear the policies, or the templates, and publish them, enabling customers to download them, it would simplify things.  They currently have a package uploaded in the system with some policies but there is no option to download our link device. There are some difficulties on the portals with Symantec. In general, the softwares are not available for partners on their portal. If a new patch requires updating on customer sites, those particular softwares are not available on the partner portal. The products they're giving the agent for Linux operating system could be simplified but Symantec is not geared for writing that option for Linux and running windows on it. Symantec doesn't have any agent for DLP on the operating system.

I've been using this solution for 10 years. 

The solution is stable. 

The solution is scalable. 

The initial setup is quite complex and can take around two hours. 

Licensing costs are based on the number of users and can be purchased on an annual, three-year or five-year basis. The cost is high compared to other solutions.

I rate this solution an eight out of 10. 

I use it in my own environment for data loss prevention.

I installed it for testing purposes. I've logged some of my data through different policies. However, I've only done this at the endpoint channel, not on, for example, email channels.

There's only one policy needed to implement for all channels. That's a good point for Symantec. To have one policy for all channels has been great. You don't have a user workload. You can manage everything through a single policy.

The solution is not user-friendly. I've had to do a lot of research to try and figure things out on my own.

Due to its database, I first had to install an Oracle database. This should change. The product should allow for the use of an SQL database, and, if possible, it should have an embedded database. The solution should be easier to integrate on different solutions.

The data classification is very difficult in Symantec. It's hard to integrate the detect activation tools, whereas, in Forcepoint DLP, it's better. It's very user-friendly and the quality is defined and it is very clear. Symantec should try to emulate those aspects of Forcepoint.

It's difficult to implement in a protected environment, due to its architectural layout.

The initial implementation is quite complex.

The technical support has really dropped in quality since Broadcom acquired the product.

I've used the solution for a month so far and for endpoint channel only. It hasn't been too long. 

The solution is stable. I've seen the people are using it in very large organizations with no problems. It doesn't crash or freeze. It's not buggy. There aren't glitches. However, it's difficult to maintain and run the product.

The solution is quite scalable. From articles I found online, it looks like you can manage around 5,000 to 10,000 endpoints easily through Symantec. You can expand it by quite a bit if you need to.

I've only been using the solution myself over the course of a month. I implemented the solution to two or three other users. I do not plan to increase usage as my intention is to move to another product.

The technical support, after Broadcom acquired Symantec, has been not very good. It used to be maintained by Symantec itself. Since then, there has been a drop off in responsiveness and helpfulness. After being acquired by Broadcom, the support, even at the endpoint level, took two to four days.

We aren't satisfied with the level of support. It should be faster.

This is the first DLP I've used, however, I am switching over to Forcepoint DLP. I'm not staying with Symantec.

the initial setup is not straightforward or simple. It's quite complex.

The whole deployment process took about two days or so.

In Symantec, you have to first install the Oracle database, then you can go on to install the enforce server and then detection servers. It will take time.

I have done the entire installation by myself with the help of some installation guides. I did not contact a consultant or integrator for assistance.

We have a license for our clients. However, in my case, I've only used the trial license in my environment.

I've looked into Forcepoint and it seems to be much better as it's user-friendly and there are some other features that I like. I've just looked into it for comparison purposes. I've never actually used it.

I would recommend this product to other organizations, however, I would warn them it's difficult to maintain due to its architecture.

The primary use case of this solution is for data loss prevention and confidential classification for internal public architecture.

We are trying to prevent the data loss of sensitive files that are confidential, and not let them out of the organization's control.

The dashboard, management section, and reporting are good.

We are having support issues. We had local support but since the acquisition, the support is now only five teams. It is very difficult to log in to create a support ticket because no one is available to support our queries. In India, it's especially needed.

It has some feature deficiencies, as well. For example, it won't monitor the remote desktop and the file-sharing to the RDP. It's not detecting it and RDP is not supported well. The issue is not only with RDP, but rather it's with the product used to provide the remote support. If the data is leaked through that application, then Symantec doesn't monitor that section.

There are some features that are not available, which are required by every data loss prevention solution.

In the next release, encryption should be available. For example, if an extended drive is plugged into the endpoint and someone tried to copy the data to the external drive, the Symantec DLP component doesn't encrypt the drive. If you want the encryption feature you have to purchase an additional component for it. This could be an integral part of Symantec today.

This solution is stable. We have not experienced any issues.

There is a problem with technical support. It's not available.

I submitted a case two months ago, and still, I have not received a response.

We deployed locally in our environment. All of the channels such as emails, web, and endpoints are covered.

The pricing is reasonable.

Technical support is very poor. I am frustrated and irritated by the issue, so it is difficult to offer advice or recommend this solution.

If someone would ask me if they should implement this solution, I would have to say no, only because of the support issue. It is a very big concern.

I would rate this solution a four out of ten.

We use this solution for development source code security.

It provides an efficient solution but the enforce server is difficult to understand.

The data matching features are the most valuable due to the easy policy setup and implementation.

I would like to see this solution made more user-friendly, and the administration needs improvement.

The enforce service is difficult to understand, and free courses made available on the internet would be useful.