In today’s corporate environment, a lot of data is generated and moved every day. Almost without exception, all employees are able to collect and move large amounts of data, but unfortunately, they do not always know which data is sensitive and not always able to keep this data confidential. The most diverse IT systems used in everyday work enable confidential and protected data to be forwarded or copied to unauthorized recipients either accidentally or intentionally, thereby risking the company’s legal compliance, business interests, and reputation, causing damage that can be expressed in serious numerical amounts. We can hear from the press almost daily of cases in which companies have suffered significant damage as a result of data loss, but we need to know that, in addition, most cases are not made public. Fortunately, more and more companies realize the dangers inherent in data loss, and those with foresight are not waiting for a serious incident to occur. Furthermore, more and more people are realizing that DLP technology can provide an effective, central tool for mapping the data stored in various IT systems, identifying incidents and handling them appropriately, and this is certainly relevant in relation to the provisions of the GDPR.
For more than ten years, the introduction and support of data loss prevention technology (DLP) and technology-related consulting have played a central role in our company’s life. We cast our vote for Symantec’s DLP from the beginning, and to this day we are committed to the vendor’s solution, which has been consistently ranked among the leaders in Gartner’s DLP Magic Quadrant for the ten years since Gartner conducted such analyses. Since then, in the results of several independent analyses, Symantec’s solution has emerged among the market leaders. Successful Symantec DLP implementations at the world’s largest companies contributed to this status, and that Symantec is constantly working to develop a suitable solution for the latest challenges (e.g. cloud services, data loss issues of mobile devices) in its product. Our customers here are also using it with satisfaction, the feedback is positive.
What are the pillars of Symantec’s DLP?
Symantec DLP can scan different file servers, network shares, cloud storage providers in search of documents containing confidential data, and it also fully discovers these on endpoints own physical drives, so a complete picture of who is storing what type of data on the company’s devices is available. With its help, the places where there should not be sensitive data are quickly found, and new data areas are often revealed, which need to be subject to more precise regulation and control compared to the previous practice.
Symantec DLP monitors the movement of data and the activities performed on the data through a wide variety of channels. It monitors data traffic, letters and attachments transmitted over the Internet and via various protocols, and examines their content. It monitors the activities of users, what they print, what they copy to USB or burn to CD, what they save from network shares to their computers, with whom they share what through a wide variety of Internet services.
In addition to monitoring and activity logging, it can also prevent unauthorized operations on the data to be protected: you can prohibit copying to USB data storage devices, uploading via browsers, quarantine mail, block network traffic, request user intervention if necessary, i.e. if the user performs a certain action on the data to be protected by DLP, DLP can display a pop-up warning window, where it draws the user’s attention to act more carefully in this case, giving the possibility to even cancel the action that has already been started.
It is also possible to automatically encrypt data and documents moving out of protected networks and devices in accordance with the implemented rules, which “travels” together with the file and ensures that the permissions granted to it can be modified or revoked later.
A comprehensive solution against data loss
Symantec’s complete information-centric security solution consists of several components; these components can also be used independently. The local, on premise version of Symantec DLP, which formed the core of what was described above. It performs the discovery of data repositories, the control of sensitive data transmitted over the network, the detection and protection of endpoints.
This can be extended to the cloud by using Symantec CloudSOC, the vendor’s CASB solution, and the use of cloud detectors, so that not only data traffic on the internal network, but also the control of mobile devices (laptops, phones) that leave the protected environment during work can be solved.
By combining DLP with the Microsoft Information Protection (MIP – AIP) product, we can expand the range of control options with the functions of automatic encryption and authorization management, and users can be more effectively involved in the labelling of documents, when saving created files, we can also force users to set the document they are working with to the category established by DLP. The rules created in DLP can be further refined along the MIP tags.
By correlating the data of DLP and other security devices (endpoint protection, firewalls), Information Centric Analytics helps to filter out users who pose a risk.
Cloud extension of data loss prevention
With the rise of various cloud services and their gradual adaptation, the security issues related to them immediately arise, mainly because employees are increasingly accessing these resources from outside the protected internal network, for example from home or other remote locations.
As a pair of purely on premise proxy and email filtering solutions, Symantec also offers cloud alternatives, such as Web Security Service and Email Security.cloud. Thanks to cloud detectors connected to them, both can be equipped with the same DLP capabilities that we are already used to in the local infrastructure, even optical character recognition (OCR) is supported. In addition, when integrated with these services, DLP management remains in the local console, or cloud DLP hits/incidents can be investigated from the local console, and the rule system remains unified, the same policy can be valid both on premises and in the cloud.
The CASB (Cloud Access Security Broker) technology appeared as one of the cornerstones of the safe use of cloud services, which, integrated with the services and embedded in the data flow, provides insight into their use, detects suspicious and problematic activities and users, and protects data in motion. In addition to all of this,Symantec CloudSOC, in addition to its own DLP rules, can also be integrated with a cloud DLP detector, so the advantages seen in the previous point can be leveraged here as well.
DLP control of purely cloud-based Microsoft (O365) and Google (GSuite/Workspace) email solutions can be done directly through the integration of the detector without using a central Symantec service.