Symantec Data Loss Prevention Reviews

The primary use case is to protect the content our data, e.g., if a document is marked as a confidential, it should not suddenly be sent into the Internet via email.

I have been the product for two years.

We are able to contain our confidential data in our environment. Previously, we had no controls placed on our documentation. 

• The administration part is pretty simple. 
• Detection is pretty accurate.

They could improve the predefined reports because they don't have much information. We would like detailed reports.

If they could include the same features for their mobile device product, like Android and iOS, it would be helpful.

It is stable. Maintenance only takes one person.

It is pretty scalable.

We have around 1500 users, which include the accounting department, HR department, and other business units.

The technical support is very good.

We were not using a solution before Symantec DLP.

The initial setup is complex; it was not a very straightforward implementation.

The deployment took less than two months.

Our implementation strategy was simple. We started the rollout with a few users, then to the documents and emails, and afterwards, the policies. 

We had a local implementation partner who helped us with the implementation. We had a good experience with them.

Deployment took two engineer from our team.

The pricing and licensing are based on per user endpoints.

We did not evaluate other solutions.

Determine what data you want to protect before implementing this solution.

Previously, what was happening was that anyone could send any data outside. We now know who is sending what data and where. We can then question them: "Why have you sent that data?"

In DLP one of the most valuable features is that you can check attachments. 

In addition, it gives me the data such that, if someone is using a browser and email, I'm able to figure out who is sending the data.

Symantec customer support is very bad.

We are finding delayed response if the macOS is updated. They need to make sure their solution is compatible.

Also, if any data at all is going outside of our network and it matches our screening it has to be captured and we should see it detailed properly: Who is sending it, where they're sending it.

One to three years.

The stability has met our expectations.

I'm not good with the scalability. It's not capturing everything. If someone's trying to send from Gmail to some other browser or if someone is using Safari in a Windows machine, under those conditions it's not captured. 

This is the first product of its kind for us. Nobody seemed to know much about this product but we figured out how to use it, and the vendor gave us training, so we have been able to handle it.

The initial setup is a little complex. But once you go through it you get used to it. After using this product it becomes easy to handle, easy to understand. Our deployment took about two months for 2,000 users. 

Our strategy was simple. I needed to implement it for every user so that we could monitor any data.

We used the vendor's support and it was nice working with them. They helped a lot when it came to the deployment.

I wasn't involved in the pricing negotiations but from what I know the pricing is good, it's not too expensive. If you negotiate you can get a good price.

We evaluated multiple solutions, such as McAfee.

We have around 1,500 users in HR, admin, the finance department, and IT. For maintenance of the solution we have two people. It's covering all users at the moment so there are no plans to increase usage.

I rate the solution at eight out of ten. It is fulfilling our requirements.

The Network Monitor component is the most advanced on the market. Combined with the other Network DLP components (Prevent for Web, Prevent for Email, Discover and Prevent), Symantec offers one of the best network DLP solutions in the market. Another component that is very valuable from my point of view is the Data Insight component that allows the client to have full visibility into the company data.

Data Insight is a very good component that steps outside the standard DLP functions, but helps the client to gain visibility over the data usage, ownership and permissions.

The Symantec DLP solution is very complex, and installation requires many components. Also, Oracle is only the DB used by Symantec.

I have experience with Symantec DLP since 2013.

Sometimes the Oracle instance need to be restarted, when using full Windows deployment.

When in a heavy-usage environment, you can have some latency problems when the DLP management page loads. If the problem persists and the loading time is too high, you should restart the service. Usually, this behavior is very rare and I saw it on the Windows implementation.

When implementing the DLP solution, we use the Symantec sizing guide, and we use the recommended configuration. The Symantec DLP license is per user, so it's hard to have issues with scalability

Customer Service:

Usually, we use the local distributor team for issues and they are very OK. When needed, we opened cases at Symantec support, and it was a pretty decent relationship. Some clients complained that they didn't fulfill the request very fast.Starting again this year we have a local vendor presence and that helps us in front of the clients.

Technical Support:

Symantec L3 technical support technicians are very good.

Initial setup is straightforward, as you use the same installation kit, and you choose which component to install.

Symantec only sells the DLP software. When you buy, it you should budget the server licenses, the storage and the hardware. Scale your implementation when you have your exact number of the monitored users. Be prepared to extend the resources if you increase the number of users. The Oracle DB is licensed for use only with Symantec.

If you are a small firm with less than 150 users, Symantec can be too pricey.

We also evaluated McAfee DLP, WebSense (Forcepoint) DLP, and Digital Guardian.

We are a system integration firm, and we also sell McAfee DLP and WebSense DLP (Forcepoint).

• Detects the percentages of text and interrogate words within documents and emails.
• Finds leaks of documents and restricted controlled information.
  

We use it to discover unacceptable employee behavior, such as threats and bullying. It helps us identify insider threats.

I would like to see a reduction in false positives.

I have used this solution for three years.

There haven’t been stability issues with the product. There have been stability issues with the user community when trying to embargo documents.

There were no scalability issues other than some impact on sending large documents when tracking content for restricted data.

The technical support has been excellent. We had DLP engineers on site.

The installation was pretty straightforward. We had to adjust for policy allowances. Once the user community gained some experience, we were able to expand the scope.

I have no real comment as we had an enterprise license. Make sure you cover all users and plan growth metrics.

We evaluated alternative solutions, but I can't recall which ones. We had an enterprise license and the product integrated with the SIEM well. There was little reason to go outside of the existing contracts.

Take the following steps:

1. Go to monitoring for 90 days.
2. Start to reduce the allowed events. Start at 100 and reduce by 20 per month.
3. Communicate any failures. (Allow for application changes, as legacy apps may be guilty of data transfer that is embedded in the architecture/file transfer.)

1) Keeps monitoring data and protects sensitive information on computers. 2) One of the very few DLP tools with machine learning capabilities that easily classifies various documents and takes care of many administrative chores. 3) With the help of the above technology, DLP is able to greatly reduce the number of false alarms. 4) Supports various types of encryption mechanisms. 5) Now available for tablets as well. 6) Has support for blocking of data copying to removable media.

1) Use of machine learning algorithm is good when it comes to automate the administrative chores. However, this feature is still unstable and sometimes the document classifier fails to properly classify even a similar looking document, thereby putting the document in a wrong group. 2) The feature of blocking the copying of sensitive data to removable media puts the responsibility on the end user, for correctly identifying the sensitive docs and enforcing the right policies. 3) Should have a feature to completely block USB ports. 4) Detecting P2P communication using ports is not that useful and requires a signature based engine to detect and block peer-to-peer traffic, irrespective of ports used.

Automated monitoring of sensitive data is a much needed feature. However, the machine learning algorithms that wrongly classify documents is a major problem, when it comes to applying security policies based on document categories. A good feature is the blocking of sensitive data copying to removable storage. DLP is specifically targeted for mid and large enterprises.

The solution is pretty stable. They are not bad; they are pretty complete. But I'm not a big fan of Symantec.

The most valuable feature is file-level DLP. It gives the possibility of creating rules; it's possible to know when a file is with the laptop or computer and servers. It can be any type of file.

The console is not the best one. There is room for improvement in the management console. 

I have been working with this solution for one year now. 

The stability is good enough. I would rate it an eight out of ten. 

It is a scalable solution. We have this in all geographies nowadays. So, it's very scalable.

I would rate the scalability an eight out of ten.

Overall, I would rate the solution a seven out of ten. Because it's not only a question of technicality, it's a question of privacy, it knows everything, so I don't like it much.

On-premises