Symantec Data Loss Prevention Reviews

The Network Monitor component is the most advanced on the market. Combined with the other Network DLP components (Prevent for Web, Prevent for Email, Discover and Prevent), Symantec offers one of the best network DLP solutions in the market. Another component that is very valuable from my point of view is the Data Insight component that allows the client to have full visibility into the company data.

Data Insight is a very good component that steps outside the standard DLP functions, but helps the client to gain visibility over the data usage, ownership and permissions.

The Symantec DLP solution is very complex, and installation requires many components. Also, Oracle is only the DB used by Symantec.

I have experience with Symantec DLP since 2013.

Sometimes the Oracle instance need to be restarted, when using full Windows deployment.

When in a heavy-usage environment, you can have some latency problems when the DLP management page loads. If the problem persists and the loading time is too high, you should restart the service. Usually, this behavior is very rare and I saw it on the Windows implementation.

When implementing the DLP solution, we use the Symantec sizing guide, and we use the recommended configuration. The Symantec DLP license is per user, so it's hard to have issues with scalability

Customer Service:

Usually, we use the local distributor team for issues and they are very OK. When needed, we opened cases at Symantec support, and it was a pretty decent relationship. Some clients complained that they didn't fulfill the request very fast.Starting again this year we have a local vendor presence and that helps us in front of the clients.

Technical Support:

Symantec L3 technical support technicians are very good.

Initial setup is straightforward, as you use the same installation kit, and you choose which component to install.

Symantec only sells the DLP software. When you buy, it you should budget the server licenses, the storage and the hardware. Scale your implementation when you have your exact number of the monitored users. Be prepared to extend the resources if you increase the number of users. The Oracle DB is licensed for use only with Symantec.

If you are a small firm with less than 150 users, Symantec can be too pricey.

We also evaluated McAfee DLP, WebSense (Forcepoint) DLP, and Digital Guardian.

We are a system integration firm, and we also sell McAfee DLP and WebSense DLP (Forcepoint).

• Detects the percentages of text and interrogate words within documents and emails.
• Finds leaks of documents and restricted controlled information.
  

We use it to discover unacceptable employee behavior, such as threats and bullying. It helps us identify insider threats.

I would like to see a reduction in false positives.

I have used this solution for three years.

There haven’t been stability issues with the product. There have been stability issues with the user community when trying to embargo documents.

There were no scalability issues other than some impact on sending large documents when tracking content for restricted data.

The technical support has been excellent. We had DLP engineers on site.

The installation was pretty straightforward. We had to adjust for policy allowances. Once the user community gained some experience, we were able to expand the scope.

I have no real comment as we had an enterprise license. Make sure you cover all users and plan growth metrics.

We evaluated alternative solutions, but I can't recall which ones. We had an enterprise license and the product integrated with the SIEM well. There was little reason to go outside of the existing contracts.

Take the following steps:

1. Go to monitoring for 90 days.
2. Start to reduce the allowed events. Start at 100 and reduce by 20 per month.
3. Communicate any failures. (Allow for application changes, as legacy apps may be guilty of data transfer that is embedded in the architecture/file transfer.)

1) Keeps monitoring data and protects sensitive information on computers. 2) One of the very few DLP tools with machine learning capabilities that easily classifies various documents and takes care of many administrative chores. 3) With the help of the above technology, DLP is able to greatly reduce the number of false alarms. 4) Supports various types of encryption mechanisms. 5) Now available for tablets as well. 6) Has support for blocking of data copying to removable media.

1) Use of machine learning algorithm is good when it comes to automate the administrative chores. However, this feature is still unstable and sometimes the document classifier fails to properly classify even a similar looking document, thereby putting the document in a wrong group. 2) The feature of blocking the copying of sensitive data to removable media puts the responsibility on the end user, for correctly identifying the sensitive docs and enforcing the right policies. 3) Should have a feature to completely block USB ports. 4) Detecting P2P communication using ports is not that useful and requires a signature based engine to detect and block peer-to-peer traffic, irrespective of ports used.

Automated monitoring of sensitive data is a much needed feature. However, the machine learning algorithms that wrongly classify documents is a major problem, when it comes to applying security policies based on document categories. A good feature is the blocking of sensitive data copying to removable storage. DLP is specifically targeted for mid and large enterprises.

The solution is pretty stable. They are not bad; they are pretty complete. But I'm not a big fan of Symantec.

The most valuable feature is file-level DLP. It gives the possibility of creating rules; it's possible to know when a file is with the laptop or computer and servers. It can be any type of file.

The console is not the best one. There is room for improvement in the management console. 

I have been working with this solution for one year now. 

The stability is good enough. I would rate it an eight out of ten. 

It is a scalable solution. We have this in all geographies nowadays. So, it's very scalable.

I would rate the scalability an eight out of ten.

Overall, I would rate the solution a seven out of ten. Because it's not only a question of technicality, it's a question of privacy, it knows everything, so I don't like it much.

On-premises