Symantec Data Loss Prevention pros and cons

The accuracy in terms of the rate of detection is good.

With respect to the amount of intelligence that they have with respect to how they formed the DLP solution, for example, exact data matching. If you compare Forcepoint with Symantec, Symantec is more sophisticated than Forcepoint.

We can integrate with some other tools such as Splunk, which is very useful.

The data-at-rest features are the most valuable because they let us identify data infected with ransomware and prevent employees from being exploited through phishing attacks. If an employee is compromised, the attacker can access servers and deposit ransomware. This enables the attacker to exfiltrate data remotely using employees' credentials. It might be valuable data that could cause a business reputational and financial damage if stolen and publicized. It could also be credit card data or personal health information stored on critical servers.

The detection capabilities are comprehensive.

The most valuable aspect of Symantec DLP is its broad coverage. Symantec DLP covers USB, Outlook email clients, and web traffic. If we install the endpoint DLP, we can cover multiple channels, including the clipboard and printer.

An excellent solution for data classification.

I like how I have the possibility to check different channels with the same policy set.

For detection, it has a great algorithm. It can recognize ID numbers and everything that you put in a policy for the end-users. That is really great for us as an institution where we have sensitive data. It recognizes all the sensitive data when someone tries to transfer it or put in other data.

The exfiltration capabilities are great. You can put all of these rules in the product to detect the patterns and text.

Reporting could be improved.

The one downside for Symantec is that, due to its transition from Symantec to Broadcom, there's been a lot of changes. I am based in the Philippines and we don't have a contact person locally for any Symantec.

In the object capture recognition, which we implemented recently, there are a lot of false positives that have been happening.

The upgrade process is convoluted. The server and database software must run in line with third-party providers like the Oracle database. If an Oracle database reaches the end of its life, then servers must be decommissioned, and you need to bring new servers online. When the maintenance packages are deployed to the management server, they don't get pushed to the detection servers. Each detection server must be manually installed rather than automatically made from a single server. If it's a large enterprise, you need to manually install it or use a GPO or some other technology, which I never use.

From a management perspective, it takes a lot of time to manage the infrastructure.

Symantec DLP doesn't provide complete cloud coverage. We need another DLP solution to monitor our cloud applications.

Different departments should manage administration, reporting, normalization and incident management.

They need to expand the channels they check.

I would like to see changes to the analytics.

The database is a problem for us, as it's running on Oracle and not everybody likes that.