Share your experience using SecureTrust Data Loss Prevention

My use case for the GitGuardian Platform is application security.

My impression of the GitGuardian Platform's capability to detect secrets in real time is actually really amazing, because it lets us protect or block the pipelines in which we deploy new applications so we can acknowledge when a secret is hardcoded in a repository, or when we have already hardcoded secrets within templates in our repos.

We adopted it a year ago, and it has been doing great in our teams, especially for developers. The impression so far has been good.

The severity scoring has helped us in incident management because it is doing the correct job. We got many secrets leaked within our platform and it was making the correct warnings regarding that particular secret, as we had a hardcoded Google Cloud API key. It was marked as a critical severity, so we had the chance to correct it, regenerate that secret and work again on not hardcoding secrets within our code.

GitGuardian's public leak detection significantly enhances our organization's data security by continuously monitoring public repositories. It allows us to proactively identify accidental exposures of sensitive credentials or secrets.

Regarding the exceptions in GitGuardian Platform, we know that within the platform we have a way to accept a path or a directory from a repository, but it is not that visible at the very beginning. You have to figure out where to search for it, and once you have it, it is really good, but it is not that visible at the beginning. This should be made more exposed.

The documentation could be better because it was not that comprehensively documented. When we started working with GitGuardian Platform, it was difficult to find some specific use cases, and we were not aware of that. It might have improved now, but at that time, it was not something we would recommend.

I have been using the GitGuardian Platform for almost a year now.

The deployment of the GitGuardian Platform was easy.

From 1 to 10, I rate the stability of the GitGuardian Platform a 10, as there are no downtimes.

I would rate the scalability as a 10, since we did not have any problems.

For technical support, I would give a solid 10. They have someone who speaks Spanish, which made it easier for us.

Positive

I am comparing it with Advanced Security from GitHub and Cycode.

Two of us were involved in the deployment process.

It took a week to deploy the GitGuardian Platform, just to standardize the process.

Two of us were involved in the deployment process.

Regarding return on investment, we have actually saved time and resources because before having GitGuardian Platform, we had two or three people working in every repository looking for secrets with open-source tools. It took a long time to find secrets or many patterns, and at the time, we had to configure our own patterns to find them. I cannot specify the exact return on investment, but I can surely say that we have saved significant time and resources, particularly in terms of people and automation.

I would compare the GitGuardian Platform to other solutions or vendors on the market as being easier to use, but it is not integrated with the CSM that we are using right now. That is the difference. It is easy to use, but it could be easier.

We are customers in our company's relationship with the vendor.

I work primarily with the CLI, focusing on pipelines and automations rather than the platform itself. The platform has remained almost the same within the year that we have been working with it.

We are not utilizing the automated playbooks yet.

I cannot determine if the pricing is cost-effective.

The vendor can contact me if they have any questions or comments about my review.

I have rated the GitGuardian Platform a 10 out of 10.

Public Cloud

Microsoft Azure

Symantec Data Loss Prevention is completely designed for the enterprise area because it enables great segmentation. For example, if you have four branches in different cities of Turkey, you can create different detection servers. You can create a detection server for the endpoint of location one, create a web detection server to detect all web data loss, and create all these servers for each location and user sets, computer sets.

The discover options are very different, and you can discover what's happening in your network and file servers. We had a case where a banking company not using Symantec Data Loss Prevention lost 500 customer information pieces and their personal credit notes through screenshots. A malicious actor created reports for different 500 people, not taking the PDF file of the personal report but instead taking first credit note page screenshots, stealing all data via screenshots. When this case occurred, I suggested there must be a detection method for images because Data Loss Prevention solutions must analyze the details of all images. Initially, Symantec created an OCR module, and they are now fully capable of searching what's inside images.

When discussing this with DLP customers, they asked about bank robbery scenarios involving credit notes and whether Symantec could detect this. I wrote this concern to product development at Symantec. Many engineers wrote to Symantec HQ about this issue, and subsequently, they added the feature.

Symantec Data Loss Prevention is completely designed for enterprise area, permitting extensive segmentation. You can create various detection servers for different locations, allowing organizations to tailor the DLP solution to each branch and user set. The detection capabilities extend into the network and file servers, enriching the discover options. Symantec's OCR module enhances image analysis, crucial for detecting data loss via screenshots, improving the overall security posture against data breaches.

Symantec Data Loss Prevention provides a centralized management console with an Enforce server, which is the management server. According to your license, you can create many servers. In one of the biggest banking companies, there were 22 detection servers in HQ for different email gateways, web gateways, file servers, and endpoint groups. In another banking company with about 4 or 5,000 users, they installed six servers, managing all DLP activities on just one Enforce server for each company.

Symantec is integrating all branches of DLP to the cloud side. If a company hosts their emails on the cloud, Symantec is capable of handling DLP processes of this email traffic. If their file servers are completely on cloud, Symantec can also discover all file server features working on the cloud. Symantec continues adding these features, and it works more effectively with each version.

A significant case highlighted an improvement need when a banking company lost 500 customer information pieces through screenshots. The data theft occurred through individual screenshots of credit note pages rather than taking complete PDF files. This incident led to the suggestion for implementing image detection methods, as Data Loss Prevention solutions needed to analyze image details. Symantec responded by creating an OCR module, enabling the capability to search within images.

The pricing structure remains an area for improvement. We lost a POC despite installing 2,000 endpoints because Symantec Data Loss Prevention is more expensive compared to other solutions. Although the competing product couldn't match all the best practices, the price difference influenced the final decision.

I started working with DLP in 2011 at Comtera, a McAfee distributor. Since 2016, I have been working exclusively with Symantec Data Loss Prevention as my sole product.

We are currently at Redington, one of two distributors in Turkey. In technical support, we have a lab environment for Symantec. When we open a case about our NFR license or installation, including demo installations, they respond quickly. We conduct sessions to solve problems for customers, and they also perform these processes. The support provided from both Symantec Turkey and distributor companies enables us to support customers and partners effectively. The support side of Symantec is commendable.

The basic installation of Symantec Data Loss Prevention is efficient. Installing the database and Enforce server takes less than a day. For a configuration with five detection servers and one Enforce server, the complete setup takes only two days. However, in Symantec DLP education, it's emphasized that installation is only 10% of the DLP processes.

After installation, remediation studies, incident analysis, rule creation, and fine-tuning are necessary to receive true incidents. Initially, Symantec Data Loss Prevention generates thousands of incidents, but after fine-tuning and eliminating false positives, this number reduces to approximately 50 or 60.

The pricing structure affected a POC deployment where we installed 2,000 endpoints. Despite being a successful POC, the client chose another product due to cost considerations. Symantec Data Loss Prevention is more expensive compared to competing solutions.

I would rate Symantec's support as 8.5 out of 10. The Symantec Data Loss Prevention tool deserves a perfect 10 out of 10 rating. As technical professionals, we must be trusted advisors, and this trust must be earned. While not all Symantec products deserve top ratings, with their EDR solution potentially rating at six or five, the DLP solution truly merits the highest score.

Overall review rating: 10/10

Hybrid Cloud

Other