The second article in this series will run you through a high-level overview of some of the technology behind the DLP Suite.
In the previous article, I highlighted what DLP covers, which is quite comprehensive, and as a refresher, you can refer to the information below:
* Endpoints - through Desktop email, removable storage, web apps and virtual desktops
* Networks - through Email, web, FTP, Instant Messaging and IPv6 network technology
* Storage - File servers, DBs, Exchange, SharePoint and NAS devices
* Cloud - Cloud apps, Office365 Exchange, Gmail & B
Endpoints
Protecting endpoints takes use of 2 key modules namely:
1. Symantec DLP Endpoint Discover which scans local HDDs, allowing you to see what files are stored there. Based on various responses, the data can be quarantined (locally or remotely), as well as encryption and digital rights management.
2. Symantec Endpoint Prevent monitors a user's activities and allows you to have control over apps, devices and platforms. If something is triggered in the environment the user canbe notified in a variety of ways.
Endpoints are protected on a number of fronts from browsers (Chrome, Firefox and IE for example), to cloud apps (such as Box, Dropbox and Google Drive which all enable "shadow IT" to run parallel and against corporate policies), to virtual desktops (Citrix, Microsoft Hyper-V and VMware). This is especially useful with more users taking advantage of being in a mobile workforce and accessing data across devices from laptops, through to cell phones and tablets. Protecting company data across those devices across a number of environments, whilst allowing a heterogeneous admin environment is key.
Networks
1. DLP Network Monitor inspects all data packets running across the network to ensure that no sensitive data leaves the company externally.
2. DLP Network Prevent for Email offers a number of features to stop data being stolen, sent out, or changed by employees or malicious outside users. It can modify the data to edit out information, redirect a message to a specific mailbox for further inspection or block the message entirely. This would run according to a set of rules put in place to prevent information from being removed in 1 form or another.
3. DLP Network Prevent for Web will stop data from being sent across to offsite locations via protocols such as HTTP, HTTPS or FTP.
A useful feature of Network Prevent is that it is available as software, a hardware appliance or a virtual appliance. The concept of a virtual appliance is especially good allowing you to run your application on a supported hypervisor or cloud platform, meaning faster restores or easier upgrades through the protection of the appliance by snapshot. The agility behind a software appliance is something I wrote about a couple of months ago, so check that out.
Storage
Symantec DLP for Storage allows you to discover sensitive data and secure it at rest. It uses 3 components to do this:
1. Symantec DLP Network Discover scans a variety of storage (file shares, DBs etc) across a number of OS file syste,s (Windows, Linux, AIC and Solaris) and recognises a large number of files. This allows you to be in a position to cover the data you need to protect.
2. Symantec DLP Network Protect works on top of Network Discover and will automatically clean up and secure all the exposed files. These would be files that haven't been protected yet, whilst also allowing file quarantining, and applying DRM to specific files.
3. FlexResponse API Platform allows you to build your own custom remediation actions. You can build what you want in order to respond to specific triggers, allowing more flexibility in responses.
Cloud
There are 2 components to this:
1. Symantec DLP Cloud Detection Service checks any information from a cloud app and from web traffic and then enforces sensitive data policies as configured within DLP. Cloud apps include Box, Dropbox, and Salesforce amongst others. Essentially you could block those applications from being used (and prevent a parallel "shadow IT" situation), or control who has access to the applications and data themselves.
2. Symantec DLP Cloud Service for Email will monitor on-prem Exchange servers along with Microsoft Office 365 Exchange Online to protect against data leaks, or encrypt emails and quarantine any emails designated for that purpose.
As I mentioned before, DLP allows you to manage the application from a central location, or single pane of glass. Management simplicity is key when your environment is large, and meaning you don't have to move between disparate applications to do what you need too.
For more information, check the links below: