Symantec Data Loss Prevention OverviewUNIXBusinessApplication

Symantec Data Loss Prevention is the #2 ranked solution in top Data Loss Prevention (DLP) tools. PeerSpot users give Symantec Data Loss Prevention an average rating of 8.4 out of 10. Symantec Data Loss Prevention is most commonly compared to Microsoft Purview Data Loss Prevention: Symantec Data Loss Prevention vs Microsoft Purview Data Loss Prevention. Symantec Data Loss Prevention is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 17% of all views.
Symantec Data Loss Prevention Buyer's Guide

Download the Symantec Data Loss Prevention Buyer's Guide including reviews and more. Updated: March 2023

What is Symantec Data Loss Prevention?

Keeping sensitive corporate information safe and compliant has never been easy. But today, you’re faced with a totally new set of data protection challenges. Sensitive information is leaving the safety of your corporate network as more employees share files over consumer cloud storage services and access those files on their own mobile devices. The number of targeted cyber attacks continues to grow, as cybercriminals develop effective new methods for defeating traditional security measures and stealing corporate information. And as all of these factors converge, it becomes increasingly difficult to manage corporate information and protect it against loss and theft. 

Symantec Data Loss Prevention (DLP) provides a comprehensive approach to information protection that embraces today’s cloud- and mobile-centered realities. With DLP, you can:

• Discover where data is stored across all of your cloud, mobile, network, endpoint, and storage systems

• Monitor how data is being used, whether your employees are on or off the network

• Protect data from being leaked or stolen—no matter where it’s stored or how it’s used

Symantec Data Loss Prevention was previously known as Symantec DLP.

Symantec Data Loss Prevention Customers

Hadassah University Hospital, Her Majestys Government (HMG), United Kingdom, Hitachi Consulting Software Services India Pvt Ltd., Hua Nan Bank, Hyundai Department Store Group,
JW Marriott Hotel Seoul, Lake Health, McCann Erickson Israel, Molina Healthcare Inc., PGi, Quilvest Switzerland Limited, State of Nevada Public Employees Benefits Program, Symantec Corporation (Enterprise Security), The Royal Liverpool and Broadgreen University Hospitals NHS Trust, The Royal Liverpool and Broadgreen University Hospitals NHS Trust (DLP), The Saudi Industrial Property Authority, TSO cloud, Visa, Yunnan Power Grid Company

Symantec Data Loss Prevention Video

Symantec Data Loss Prevention Pricing Advice

What users are saying about Symantec Data Loss Prevention pricing:
"The price of Symantec DLP is fair. I don't recall the cost of the license, but it wasn't outrageous enough that it was an obstacle to approval. I'm not concerned with how much per seat or server, but I know they charge a lot."

Symantec Data Loss Prevention Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Serif Muammer Sak - PeerSpot reviewer
Cyber Security Consultant at a comms service provider with 201-500 employees
Consultant
Consitent, accurate, and simple
Pros and Cons
  • "The accuracy in terms of the rate of detection is good."
  • "Reporting could be improved."

What is our primary use case?

It's important for information security due to the fact that it's a powerful solution. It defines sensitive secret data on the customer's environment and monitors for any breaches.

How has it helped my organization?

There are two things this solution has helped improve. 

In terms of the DLP, it can protect from data breaches in your company since you need to define secret and sensitive data in your organization. And the DLP solution monitors all of this data. For example, if you have personal data, you can define this data to the DLP, and then, if someone tries to send this data outside of your organization, this solution would prevent that data breach or generate an alert. 

The second way the DLP solution can help is by implementing best practices. For example, every organization has a business flow. This business flow can sometimes be wrong according to regulations. For example, with GDPR, if you are working with European customers, European clients, or European residents, you need to follow GDPR regulations. Or, if you are working with the payment industry or storing credit card data, you need to follow PCI DSS rules. This DLP solution can help customer organizations ensure they follow best practices.

What is most valuable?

The level of simplicity in terms of ease of use is moderate. It's not easy to implement. There are some requirements from organizations. For example, businesses must be rated to implement this solution. If businesses want to implement data loss prevention or information security policies, they have to be accredited. However, with Broadcom's product, it's easy to implement. There are modules you can deploy and use. It's easy to plan and easy to deploy, however, you do need to have a proper plan in place.

If we compare with other solutions, Broadcom's Symantec Data Loss Prevention has different kinds of detection techniques. It's just keyword, structural data, OCR, or a combination of all these metrics.

The accuracy in terms of the rate of detection is good. I have worked with big enterprises with this solution. For example, we had 30,000 endpoints with the data loss prevention solution, and I also managed 10,000 clients with Symantec Data Loss Prevention. The accuracy has been pretty good. You just need to fine-tune your policies. If you create policies in the proper way, Symantec works really well.

DLP helps us find sensitive data and apply policies based on user risk. First of all, we need to define which data is sensitive and which data is secret. DLP couldn't find it by itself. Therefore, we need to create a normal policy. Then DLP can manage this risk. 

The solution comes with a default configuration. This can be adjusted. If you need to follow GDPR requirements and GDPR defines your personal sensitive data, you can adjust for that. You can set predefined detectors. You can use this in a policy to protect yourself and ensure compliance.

DLP has helped to reduce the work or the time our DLP administrator spends on data loss protection.

It's a consistent product. You just need to create a policy one time, and then you can apply it to all of the channels you are monitoring.

What needs improvement?

I'm not sure about scanning speeds. In my previous experience, we had some problems and some speed issues. The data loss prevention feature is working pretty well; however, sometimes, if you want to discover or scan the data stored in the customer environment, it could take a long time. Sometimes the customer states, "I want to scan a computer," and it takes a few hours. It seems to sometimes be unnecessarily long. 

Reporting could be improved. The detection features are good, and the configuration is basic. It's really easy to use, or it's really to learn from scratch. However, the reporting features must be improved as the product doesn't provide us with many reporting screens. We only have an incident results screen, and we have filters we can use, and that's it. There are no other reporting features. It's really limited. 

Buyer's Guide
Symantec Data Loss Prevention
March 2023
Learn what your peers think about Symantec Data Loss Prevention. Get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
688,083 professionals have used our research since 2012.

For how long have I used the solution?

I've been using the solution for five years. 

What do I think about the scalability of the solution?

The scalability is easy. You just need to install core components and then you scale. You create a new server, and then you can add 10,000 clients, for example. 

How are customer service and support?

I work with Symantec technical support. If you don't have premium support; it's not easy to fix your issues via technical support.

I've not had the best support experience. I know for other products it's the same. Technical support is usually the weakest part of the company if you are creating a ticket to fix an issue. It was really hard to manage the ticket status. You're always waiting for someone else just to get back to you. It's not easy to manage support. You really need to push them to fix issues. They always say the same thing, and it takes a long time to resolve things. 

I've worked with other support teams, and they have been pretty good. For example, the encryption support team is very good. This support team, you really have to push to escalate. 

How would you rate customer service and support?

Negative

Which solution did I use previously and why did I switch?

I used, for a limited time, ForcePoint DLP and McAfee DLP.

How was the initial setup?

I've handled deployments in the past. I've deployed four or five organizations from scratch.

The setup process is moderate in terms of difficulty. You need to plan which channels you want to monitor. This solution uses Oracle Database, and you need to calculate scalability and extensions. It's not too easy, and it's not the hardest.

If you deploy the DLP properly, you need to have business support from the business side. Two or three people can deploy this solution or all required service policies, et cetera. However, we need support from the organization since you couldn't define a policy by yourself. You need to understand what data is important and which data is sensitive. You need to talk with all of the stakeholders. For example, software developers. You need to sit with them, and you need to talk about what they are working on, and which data is important. You need to talk with human resources, finance, the entire company.

Generally, we deploy the solution in a central way. We will have one central management console and then granular access for stakeholders. For other business functions, for example, we can create a GDPR policy for the HR business since we need to follow the guidelines. And then, other shareholders can access the central data to granular access. 

In the past, I have deployed 26 DLP components into an organization with 2000 clients. It was a huge project.

Once deployed, you need to maintain the solution. You need to follow product updates. Databases are updated with new features and security fixes. A database update is not very common. You just need to update the database once a year. Also, for example, if a new Windows or Google Chrome, or Firefox version becomes available, you will also need to update your DLP product. Every three or four months, you likely have maintenance tasks related to updates. 

What about the implementation team?

I work as an integrator. I work with clients and customers and uncover what they want to achieve, what their situation is, and which resources they have got in their data center. Once I have completed deployment with them, I work as an integrator and as a consultant.

What's my experience with pricing, setup cost, and licensing?

I am not aware of the exact pricing of the solution. 

Which other solutions did I evaluate?

I have worked with different customers, and we have evaluated different DLP solutions for our customers. However, all of my experience is a limited experience. I have one year of experience with ForcePoint and McAfee DLP.  

Customers or enterprises looking for the best detection options would need to look at Symantec Data Loss Prevention as it has the best detection options. 

The other solutions just follow basic keyword detection. A complete DLP solution should monitor all of the other aspects. Symantec has powerful monitoring features and options that can provide us with much more than just basic options.

What other advice do I have?

I work as an integrator.

While the solution may support Mac and Linux, Windows endpoints are more important. Every business uses IT directories and manages internal clients with Windows. Symantec already supports Mac endpoints, just not Linux clients or Linux agents. However, that's not a common thing anyway. It's a special condition. You will need a Linux agent if you are using those servers in your environment. Generally, we don't need to install a server-level agent. We also monitor a gateway-level inspection. For example, if your server is open to the internet, generally from a security perspective, the security personnel must follow a gateway-level inspection.

And the end of the day, this works for a Windows client. Generally, we don't require Linux agents for the data loss prevention solution. However, it depends on the business and it depends on the environment.

If someone just wants to use the cheapest option available, they likely will get just keyword detection. They might not get OCR or email attachment monitoring. 

I cannot say that Symantec has helped reduce operating costs. However, I can say that, in general, if you don't lose data, you don't lose money.

I'd rate the solution nine out of ten. The reporting and technical support are not the greatest; however, overall, the product is good.

If an organization has a proper data classification solution or qualification levels in their organization, a DLP implementation will be much easier for them. Otherwise, they will have to work on their DLP deployment policy creation, and then they have to create a data classification policy. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
PeerSpot user
Meleria Mangaring - PeerSpot reviewer
Systems Engineer at Trends and Technologies, Inc
Reseller
Top 5
Great Data Loss Prevention technology with impressive granularity and good stability
Pros and Cons
  • "With respect to the amount of intelligence that they have with respect to how they formed the DLP solution, for example, exact data matching. If you compare Forcepoint with Symantec, Symantec is more sophisticated than Forcepoint."
  • "The one downside for Symantec is that, due to its transition from Symantec to Broadcom, there's been a lot of changes. I am based in the Philippines and we don't have a contact person locally for any Symantec."

What is most valuable?

I've been working with Forcepoint, Symantec, and also McAfee. From my experience with the three of them, Symantec has one of the best LP solutions on offer. Forcepoint is on par with Symantec on some points, however, with respect to the granularity of how Symantec has laid it out for the customers, is much easier when compared to Forcepoint. The client also has more opportunities for customization.

With respect to the amount of intelligence that they have with respect to how they formed the DLP solution, for example, exact data matching. If you compare Forcepoint with Symantec, Symantec is more sophisticated than Forcepoint. 

I would prefer Symantec over Forcepoint. 

With respect to how Symantec Data Loss Prevention works now, it's got an edge over all the rest of the Data Loss Prevention with the exact data matching and also the partial matching. We've done a test with that with other solutions, for example, with McAfee and Forcepoint. Symantec is really more sophisticated when it comes to partial matching as compared to other solutions. There's data around this as well. There's a document about a specific confidential file. We will configure everything so that 50% of the data from a document should be scanned. The rest will be detected as black or whatever the option should be or the response should be.

With Symantec, they are capable of doing that. Only a part of the document is scanned and they are capable of detecting the amount of information that is supposedly secure and that should not be sent outside to any unauthorized users. Technically, Forcepoint can also do that, but there are certain limitations. Forcepoint can only do so much. With Symantec, it's very straightforward. You can just specify the version page and then upload the identifier, upload a sample, for example, a series of programming codes. You upload that, you give a sample, and then, just like that, you can already specify a specific response for that and it will be detected. That's also one of the samples that we were able to do with one of our clients. 

Aside from exact data matching and aside from partial matching, there is better machine learning. 

Symantec can offer a more sophisticated OCR. The optical character recognition, which we often showcase specifically for hospitals with x-rays, CT scans, and ultrasounds, is quite useful.

What needs improvement?

The one downside for Symantec is that, due to its transition from Symantec to Broadcom, there's been a lot of changes. I am based in the Philippines and we don't have a contact person locally for any Symantec.

We no longer have any contact for any Symantec opportunities. It's getting hard for us to request a demo license, or trial license, for a proof of value or proof of POC. Basically, speaking with respect to the technology, technically speaking, Symantec is really good, however, on the commercial side, we're really having a problem with that. 

We always have a problem with respect to the commercial side and how we are offering it to the client. It gets really costly with the database as it's strictly required that clients must have an Oracle database and it's quite expensive if you would compare that to Microsoft SQL. From the technical side, what they need to improve is the database. I'm talking about the on-premise, as, with the on-premise, the database that they require is strictly Oracle and not many end-users are using Oracle for their databases. Some are using MySQL. So it gets really costly when we're offering Symantec and then we have to renew. Oracle is expensive.

What they need to improve is the management console. It's pretty straightforward, however, they need to upgrade it to make it more attractive. While it's easy to understand, from an end-user perspective, they need to upgrade it so that it will be more pleasing on the client's side. It would make them more inclined to look up, for example, for maintenance or visibility and monitoring.  

For how long have I used the solution?

I've been working with the solution for two or three years. I've only been working within the industry for two or three years, or something like that.

What do I think about the stability of the solution?

It's stable. Out of all the data loss preventions that I've experienced, Symantec, with respect to its technology, is quite good. Aside from the database, I don't have much of a complaint with Symantec, technically speaking. 

What do I think about the scalability of the solution?

We work mostly with enterprises, however, we also work with some SMBs.

In terms of scalability, it is scalable. Symantec Data Loss Prevention is not only for endpoints. It is also for networks, the cloud, and also for email. It pretty much covers your entire infrastructure.

How are customer service and technical support?

With respect to the partner support, previously, when we started working with Symantec, support was pretty straightforward and really helpful. I've only been handled a support case a couple of times. It's not much, however, they've been really accommodating. That said, when the transition happened, from Symantec to Broadcom, when Broadcom acquired Symantec, that's when things got really hard for us. Not only from the technical side, not only from the support side but even from the commercial and pre-sales side. It's gotten really difficult requesting licenses, requesting trials, requesting support cases, et cetera.

Which solution did I use previously and why did I switch?

I've been working with Forcepoint, Symantec,

the last project that we worked on, we worked on the latest version of Symantec. I just can't remember what version was it.

and also McAfee. That's the closest solutions that I've been working with most recently.

I only started learning Forcepoint come 2020, and I have done a POC. However, I find Symantec to be better overall if you compared the two.

How was the initial setup?

The setup is straightforward, as long as you know what you're doing. Back in the day, when I was just starting to learn data loss prevention, it got really confusing. For those who are just starting to learn how it works, it's important to note how the flow works - from identifying what data to protect, to the responses that should be applied to the policies that were configured. It's also important to note the architectural side. You need to pay attention to how the endpoint was set up, as well as the database and the detectors. 

My last deployment for Symantec took a month, however, it came with the testing already. We did it phase by phase. What really took a long time for us to set it up, was encryption, which we deployed together with the data loss prevention. We had Symantec Data Loss Prevention and at the same time, Symantec Endpoint Encryption. We would deploy them together. That client also had the programming codes. We had to deal with a lot of programming codes and it took us a lot of time to review. We had a sit-down meeting with the customer in order for them to disclose the necessary information we would need for the pilot deployment. Then we had to do testing after that. That's why, in that case, it took a month.

What's my experience with pricing, setup cost, and licensing?

They have a subscription based on one-year, three-year, and five-year terms.

The pricing is adequate and good enough for the market.

What other advice do I have?

I'm a reseller. We used to have a partnership with Broadcom, or rather, with Symantec. We're still working on Broadcom. I believe we still have that partnership in place.

In the last project that we worked on, we worked on the latest version of Symantec. I just can't remember what version it was.

I'd rate the solution at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Buyer's Guide
Symantec Data Loss Prevention
March 2023
Learn what your peers think about Symantec Data Loss Prevention. Get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
688,083 professionals have used our research since 2012.
Associate at a insurance company with 10,001+ employees
Real User
Top 5
Great technical support, good features, and scales well
Pros and Cons
  • "We can integrate with some other tools such as Splunk, which is very useful."
  • "In the object capture recognition, which we implemented recently, there are a lot of false positives that have been happening."

What is our primary use case?

I am an L2 engineer. I'm doing the part of the implementation and the agent upgrades. If any requirements come in for Oracle upgrading we go forward and make it happen. Apart from that, we are doing agent installation and troubleshooting. 

Moreover, we'll be in contact with the SCCM team, and give packages to them. They will push the package to all the machines for the SCCM. We can connect to the virtual team and do the other lines for server backups or upgrades. 

What is most valuable?

The solution is very good at fingerprinting the documents. This means, basically if a user tries to modify the data or change the file extensions, the system will recognize this action. It will offer the DLP images, so it will fingerprint the data. If a user is trying to modify data, they're trying to change the extension to whatever data, it will tune in on the IP, based on the indexing. 

There are a lot of features. We can modify only particular agent configurations. 

A new feature I've seen is a device block, which is very interesting. Previously, we used to create a policy for blocking certain data, which was transferred from our local machine to the mobile media. Now, we found that there'll be one more option called agent configuration device control. Under the device control, there'll be a block device connections option. It will alert us that a USP has been blocked. 

The solution offers very good virtual machine learning. The ML will capture information based on certain policies. We haven't used it yet. We're still learning about it.

The solution offers good data classifications. What we used to do, is we used to create one template and we used to sit with different project team members. We'd collect the information from the project managers, on the management side. We'd put the information into one Excel sheet and collect the information from that. Now, we're using that to review one data classification tool. What it will do now is, whenever you're working in the document, is it will ask you to determine the data. It will ask that if it is internal or confidential.  

We can integrate with some other tools such as Splunk, which is very useful.

What needs improvement?

The problem is most companies use a single data protector. The drawback is that they will install Oracle in one server and the application also in one server and detection also, all in one server. If the server crashes, everything crashes. Things should be implemented on another server. 

Previously, when we had Dropbox, if we transferred a document, we would get a popup, and if we transferred 500 documents, we would get 500 popups. We're looking to find out if there is a way around this.

If we get a fatal error issue, if the agent isn't working out, we need a hard fix file. We need to check in pre-production machines. 

When we're doing data scanning, the machines can be slow. 

In the object capture recognition, which we implemented recently, there are a lot of false positives that have been happening. We are expecting them to fix this issue soon.

For how long have I used the solution?

I've been using the solution for four and a half years at this point.

What do I think about the stability of the solution?

Occasionally, there are stability issues. If that's the case, I can help clients troubleshoot them.

What do I think about the scalability of the solution?

The solution is very easy to scale. If a company needs to expand it, it can do so with relative ease.

How are customer service and technical support?

Whenever any issues are reported, for example, a fatal error or multiple errors, or if any machines come up with a blue screen, et cetera, well look for patch releases. We tend to do that monthly and push them to machines.  However, sometimes the issues might be very bad. For example, sometimes the KB will be not compatible with the Symantec DLP, or some of the versions. Maybe an agent will be corrupted, or a machine will get rebooted multiple times.

Initially, we'll check the logs. We'll do the checking and the troubleshooting and the removal of agents if necessary. We initially collect requirement logs and upload them to the Symantec portal. From those details, they will create a hard fix file for us and we will implement it. 

We work well together. We're quite satisfied with the level of service they provide and the assistance they give when we have issues. 

How was the initial setup?

The initial setup is straightforward.

Usually, if we are doing it from the scratch, every time when we are doing the implementation, there will be one document that will be created for other servers. 

If new users come on, they'll reference the document. It's part of our best practices. 

We recommend that someone should be available via stacking, somewhere. For example, to set up the password with the protector, or as an admin password. We used to prefer at least one person. If we get stuck, we'll have a Symantec engineer on a call to assist us. 

Usually, I'll do everything from the scratch, setting up the port under whatever LAN is required and what other system requires. 

For an Oracle installation, it will take three hours or four hours. And for the server that's at least one hour. A total of five hours to six hours is required in order to complete our implementation.

The maintenance is contract-based. Some of the clients will ask that only I implement the Symantec DLP. Then we'll do the implementation and we'll create some documents as per requirements. Clients will ask the contract be for one year or two years, and we'll do the analysis and the reports, which we need to send on a daily basis and weekly basis and monthly basis and quarterly basis. On yearly ones, we'll do the auditing. 

We used to delete the duplicate machines, or any machines supposed to be in stock or offline. Every month we will send the policy to our customers asking if there is anything they want to add, or any rule they want to delete, or anything specifically they want to create, et cetera. For example, if there are any personal kinds of users they want to monitor. We'll whatever they recommend. This is the type of maintenance I do.

What's my experience with pricing, setup cost, and licensing?

The pricing is moderate. It's not the cheapest, or the most expensive. 

There are various types of licenses. For example, if you are a customer for endpoint prevention, that is a different license. And if you want to cloud prevent, that is a different license. It's flexible. If you need to purchase a full suite, you can purchase it, or if you want only endpoint or cloud or network, you can buy it as a separate command.

What other advice do I have?

We are implementors. 

As of now, in my current company, I was designed to DLP around seven months back. My previous company is a service-based company. Normally we will connect with other partners. 

Usually, we are service providers, so we'll take the project from Symantec and we will implement the approach for our business partners. Then we'll go directly to the onset location and we'll stay there and we'll do the implementation and we'll create a policy, as per the requirements. We'll do the handout documents to the management team, and we'll relocate them to the local engineers. These kinds of activities I've done. For around four years, I've continuously been doing this DLP and encryption.

I'd recommend the solution. I'd rate it at a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Senior Consultant at a consultancy with 10,001+ employees
Consultant
Top 20
The data-at-rest features help identify data infected with ransomware and prevent employees from being exploited through phishing attacks
Pros and Cons
  • "The data-at-rest features are the most valuable because they let us identify data infected with ransomware and prevent employees from being exploited through phishing attacks. If an employee is compromised, the attacker can access servers and deposit ransomware. This enables the attacker to exfiltrate data remotely using employees' credentials. It might be valuable data that could cause a business reputational and financial damage if stolen and publicized. It could also be credit card data or personal health information stored on critical servers."
  • "The upgrade process is convoluted. The server and database software must run in line with third-party providers like the Oracle database. If an Oracle database reaches the end of its life, then servers must be decommissioned, and you need to bring new servers online. When the maintenance packages are deployed to the management server, they don't get pushed to the detection servers. Each detection server must be manually installed rather than automatically made from a single server. If it's a large enterprise, you need to manually install it or use a GPO or some other technology, which I never use."

What is our primary use case?

We use DLP to monitor network traffic and prevent sensitive data from being exfiltrated outside of the company. Symantec also helps us discover data at rest in an environment that may be sensitive. The solution covers more than 10,000 users across various business units and layers, including endpoints, networks, and storage.

How has it helped my organization?

DLP is a control instrument for ensuring that an organization complies with regulatory requirements. For example, banks have requirements for storing credit card data, GLBA regulations, etc. DLP can help a bank avoid fines and protect it from civil liabilities.

Companies are audited annually, and DLP improves their risk posture. It ensures business operations won't get shut down because we don't know what we don't know. There are also internal threats, such as people leaving with privileged information on a USB. For instance, an earnings report could be stolen by a disgruntled worker and leaked to competitors. Symantec provides good definitions in the rule set. It can be customized to scan inside documents and pattern-match any unstructured data to comply with what the company needs.

What is most valuable?

The data-at-rest features are the most valuable because they let us identify data infected with ransomware and prevent employees from being exploited through phishing attacks. If an employee is compromised, the attacker can access servers and deposit ransomware. This enables the attacker to exfiltrate data remotely using employees' credentials. It might be valuable data that could cause a business reputational and financial damage if stolen and publicized. It could also be credit card data or personal health information stored on critical servers.

The false positive rate is excellent. It's about 90 percent accurate and gets better as we fine-tune the rule sets. When we have new incidents, we can work to lower the overall risk based on user behavior on the endpoint, the kinds of data we out on SharePoint, and the type of web or FDP traffic generated internally. I assess the effectiveness of a policy based on the number of false positives generated. We need to tune the rule set if it's greater than 20 percent. 

The solution's data recovery is fast. It depends on the size of your storage, but I have no complaints about the speed of data recovery because there are several detection servers with the necessary horsepower to handle the amount of data that needs to be discovered. It could be remotely scanning a SharePoint server or a file server. The local agents can process data in the expected timeframe.

What needs improvement?

The upgrade process is convoluted. The server and database software must run in line with third-party providers like the Oracle database. If an Oracle database reaches the end of its life, then servers must be decommissioned, and you need to bring new servers online.

When the maintenance packages are deployed to the management server, they don't get pushed to the detection servers. Each detection server must be manually installed rather than automatically made from a single server. If it's a large enterprise, you need to manually install it or use a GPO or some other technology, which I never use. 

The vendors should also give a heads-up long before updates are released so internal teams can meet their change management lead times. Some vendors don't provide enough notice. They often announce a new version or a vulnerability that needs patching a week before it comes out. It should be a month before. 

The upgrade packages should have better documentation on the upgrade procedure instead of prerequisites spread throughout multiple documents. The wording should be more precise.

For how long have I used the solution?

I have used the solution for ten years.

What do I think about the stability of the solution?

Symantec DLP is highly stable. I've operated on Linux and Windows. Linux is stable and doesn't require much patching, but Windows requires more patching, and the service sometimes needs to be restarted. 

What do I think about the scalability of the solution?

Symantec DLP has unlimited scalability if you buy enough licenses. Symantec has servers in the USA, Canada, Asia, and Europe that manage policies differently. For example, Europe has its own compliance rules for GDPR. Incident response can be managed well and segmented away from the rest of the world. You can implement Europe-specific policies. 

How are customer service and support?

I rate Symantec technical support a seven out of ten. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I previously used an appliance called Websense to analyze traffic for data loss. I used other Broadcom tools before Broadcom bought Symantec called Broadcom Proxy and CloudSOC Gateway. I didn't switch from Websense to Broadcom. It was just something I tried, so it wasn't a full deployment. Symantec DLP is head and shoulders above the competing on-prem DLP solutions.

How was the initial setup?

There are a few tricky parts when setting up Symantec DLP, but it's straightforward overall. We used an integrator for the deployment and didn't experience any hiccups after they were finished. About ten people from my company were involved. 

We have two or three people doing maintenance on the solution, like weekly health checks to ensure services are running and traffic flows through the console dashboard. We need to check the incidents generated from the detection servers and verify that everyone can log in. The main part of maintenance is periodic system updates and vulnerability patches.

What was our ROI?

We see an ROI. During testing, I found it captures and blocks immediately. DLP is able to perform the necessary alerts. We can work with the business and get them on board to see what kind of data they use. We can assign the right roles and manage each business to assess its performance in terms of data loss. Symantec enables us to generate reports to show if their security posture or data loss is changing over time. It's a valuable tool that does what it claims. 

What's my experience with pricing, setup cost, and licensing?

The price of Symantec DLP is fair. I don't recall the cost of the license, but it wasn't outrageous enough that it was an obstacle to approval. I'm not concerned with how much per seat or server, but I know they charge a lot. 

If you're thinking about going for a cheaper solution, I suggest a close comparative analysis of the strengths and weaknesses of each solution by researching online and reading the vendor's documentation. You have to define your security requirements and look at factors like false positive ratios and whether it meets your compliance needs. Some companies only need to meet the minimum regulatory requirements, so a cheap solution that ticks all the right boxes might work. However, if security is the primary goal, you should compare the strengths and weaknesses of that cheap vendor against two or three other DLP vendors.

Which other solutions did I evaluate?

I didn't evaluate other solutions before choosing Symantec DLP this time, but I evaluated other DLPs for different projects. However, those were cloud-based DLPs, so it's not an apples-to-apples comparison. 

What other advice do I have?

I rate Symantec Data Loss Prevention an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Manager at a financial services firm with 1,001-5,000 employees
Real User
Helps to meet all regulatory requirements, is customizable, and flexible
Pros and Cons
  • "The detection capabilities are comprehensive."
  • "From a management perspective, it takes a lot of time to manage the infrastructure."

What is our primary use case?

Symantec Data Loss Prevention is an enterprise-level solution and we utilize it for its customization, and flexibility across the platform as well as the excellent support and feature levels compared to other similar solutions.

How has it helped my organization?

There is still potential for improvement when it comes to data discovery over a network. How successful the process is depends largely on the network configuration and connectivity to the destination. Utilizing a detection server or network discovery can help facilitate the data discovery process. Recently, I discovered around 15,000 to 20,000 shareholders for Symantec using DLP for data discovery. Agent Discovery is also highly effective, with no performance issues showing up when performing endpoint discovery for the Symantec database.

I have not had much experience working with Macs, but they come with an in-built security feature. This can be challenging to work with, as not all features are supported in comparison to Windows. However, the solution recently became compatible with the Linux operating system, allowing us to deploy agents on this system as well.

Symantec Data Loss Prevention is a globally accepted product that provides an enterprise-level view of an organization. Although some of the features the solution offers are being utilized, there is still more potential to be explored if the organization puts more focus on using them to their fullest potential. Recently, the ICD or ID features, which cover all increase points and every other technology, were introduced. The solution provides features that correlate all events and generate top results. In DLP, the role bit and success management are present, allowing us to escalate incidents. We can also define an escalation process, allowing data owners to view incidents and escalate them as necessary. This functionality is provided by the solution. The primary goal of the DLP is to monitor and control the organization's data usage, as well as to facilitate audibility and accountability. Symantec Data Loss Prevention is well-suited to fulfill these needs.

The solution helps us find sensitive data and apply policies based on user risk. We can use indexing for highly confidential documents that are not to be published or shared with more than two to five people outside of the organization, such as the board of directors. Indexed Document Matching is a useful feature that can help ensure that the document remains secure. We can create remote detection over the product and map the UNC part. The data owner will put the file of a particular document, which will be converted into IDX format. We can then apply the policy remotely so that the data will not come to the DLP admin or any other person and will remain protected.

The solution offers a range of pre-defined data identifiers to meet all regulatory requirements, such as those mandated by the GDPR, PHI, PCI, and USUN. These data identifiers can be used to identify and protect personal data globally.

The solution helped reduce the time our DLP administrator spends on data loss protection. Spending time monitoring the data is essential. We have to stay up to date and investigate any issues that arise in order to improve health monitoring by fine-tuning incidents and reducing false positives because automation is not available. 

What is most valuable?

The solution offers a one-click view from a single console, with detailed incident investigation capabilities that capture activity from end users, the web, and email. Symantec Data Loss Prevention provides comprehensive information conveniently and efficiently while also conforming to good architectural standards.

Compared to Forcepoint DLP, we can see that the email is not available. In Symantec, we are dependent on other products, such as DashMagiq, to release quarantined emails. This is because DashMagiq is able to do this through its API integration with the Office 365 email box. Unlike Forcepoint DLP, we don't have the option to release quarantined emails ourselves.

The detection capabilities are comprehensive. The solution covers all channels and supports cloud scanning. Additionally, the cloud-based solutions provided by CASB offer additional functionalities and now include AdvExt.

Symantec Data Loss Prevention has good detection accuracy. In some instances, the solution can produce a false positive. The solution's Application Monitoring feature allows us to monitor data that should be uploaded through an application; however, it can trigger an incident when the application is opened. The features provided by Broadcom are generally practical, but some of the less-used features may not be as accurate.

What needs improvement?

Before the release of version 16.0, some features were missing. Location-based detection and USB print blocking are still not available. This means we cannot configure the blocking of a USB printer, and we also cannot identify whether a system is on the network or off the network in a large environment. Additionally, the feature that is currently available is not fully operational. The domain-based resolution can sometimes take time to determine whether the system is accessible over the network or not.

From a management perspective, it takes a lot of time to manage the infrastructure. It seems that having cloud options available would reduce the overhead of managing infrastructure. Depending on the organization, we can choose to have the solution on-premises or on the cloud. If we choose the cloud, we can focus more on data loss prevention instead of managing the infrastructure.

For how long have I used the solution?

I have been using the solution for seven years.

How are customer service and support?

Both the free and paid technical support from Symantec are good.

How would you rate customer service and support?

Positive

What other advice do I have?

I give the solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Global Infosec Lead at a tech services company with 501-1,000 employees
Real User
Top 10Leaderboard
It has broad coverage across multiple channels, including USB, web, and email
Pros and Cons
  • "The most valuable aspect of Symantec DLP is its broad coverage. Symantec DLP covers USB, Outlook email clients, and web traffic. If we install the endpoint DLP, we can cover multiple channels, including the clipboard and printer."
  • "Symantec DLP doesn't provide complete cloud coverage. We need another DLP solution to monitor our cloud applications."

What is our primary use case?

We use Symantec DLP for endpoint, network, and storage data loss prevention. Symantec DLP is deployed across multiple locations and departments, covering around 10,000 users. 

How has it helped my organization?

With Symantec DLP, we can identify where most of our sensitive data resides. By scanning the database and file server, we can find sensitive data and determine how people use it with the analytical view. For example, we discovered someone copying some sensitive data and project information during their two-week notice period. The SOP for any solution implemented in the infrastructure is placed in SharePoint. They tried to copy that information and send it to their personal email. We identified the potential leak and notified the leaders of the firm.

The endpoint DLP isn't something that provides 100 percent coverage. It is a strategic solution and a process by which we strengthen rules and policies for detecting and identifying sensitive information and how it can leave the company. The DLP solution doesn't provide total coverage, but it can protect about 70 percent of our daily process activity. It also reduces the time DLP admins spend on these tasks by about 20 percent.

Symantec also helps us meet our regulatory requirements. Symantec DLP has preset rules for PCI DSS compliance that we can use to monitor if any users are sending credit card numbers to outside parties. It has similar features for compliance with GDPR and other types of regulations.

What is most valuable?

The most valuable aspect of Symantec DLP is its broad coverage. Symantec DLP covers USB, Outlook email clients, and web traffic. If we install the endpoint DLP, we can cover multiple channels, including the clipboard and printer. 

What distinguishes Symantec from other solutions is the technology to create policies based on our customer's requirements, like ID items and index documents. We can fingerprint our documents so that any attempt to send the data outside the organization is detected. Symantec DLP has Described Content Matching if you need to send unstructured data. We can carry out the rule with the Described Content Matching technology. 

This enables us to create multiple rules. Symantec offers various technologies, like Index Document Matching, Described Content Matching, and Exact Data Matching. We can also create rules for structured data stored in the Excel database.

In addition to these features, Symantec DLP also provides email traffic monitoring, giving us visibility into on-prem Exchange email servers and cloud-based tools like Office 365. We can extend DLP detection to all email and SMTP traffic. 

I rate Symantec DLP a ten out of ten for ease of use and implementation. It's easier to use than other DLP solutions. 

The detection capabilities are also excellent. I rate Symantec DLP eight and a half out of ten for detection. I give Symantec an eight out of ten for accuracy and seven out of ten for scanning speed. 

What needs improvement?

Symantec DLP doesn't provide complete cloud coverage. We need another DLP solution to monitor our cloud applications. 

For how long have I used the solution?

I've used Symantec DLP for around five years.

What do I think about the stability of the solution?

Symantec DLP is stable. 

What do I think about the scalability of the solution?

Symantec DLP is scalable.

How are customer service and support?

I rate Symantec's support an eight out of ten. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used Forcepoint and McAfee. Symantec is easier to implement and manage. The coverage is also better. Symantec easily covers email and web traffic. I rate Symantec's detention capabilities an eight out of ten versus seven for Forcepoint and five for McAfee.

How was the initial setup?

Deploying Symantec DLP is a little complex. We had to create an Oracle database when we implemented the solution. That part was difficult, but the rest was straightforward. 

There are three phases of implementation and many tasks in the beginning. First, we had to identify our sensitive data, where they are, and how they are being used. It was a long process initially. After finding all those things, we implemented the DLP solution in the infrastructure. We had been using an endpoint DLP, which didn't cover most email traffic, so we implemented email and web DLP.

We had to do a lot of work in the early stages, but the solution doesn't need much oversight once it's mature in the infrastructure. One or two people can manage it. I and one of my team members administer it. Two other people handle the incident management. Few changes are required after it is fully deployed and mature. You occasionally need to modify some rules and add some exceptions. 

The initial installation took about a week, but it takes nearly a month to configure all the policies. Two admins and one engineer were responsible for the deployment. Maintenance involves the database, networking team, and DLP teams. That's five people altogether.

What was our ROI?

Symantec saves us time and costs. It enables us to easily monitor all the incidents and quickly configure policies. The solution reduced our operating costs by about 20 to 25 percent. 

What's my experience with pricing, setup cost, and licensing?

Symantec's pricing is competitive. I would recommend Symantec DLP over cheaper solutions because it provides a broader range of detection across various channels that isn't easy to achieve with other solutions. The solution also makes compliance with multiple regulatory regimes easier. 

What other advice do I have?

I rate Symantec Data Loss Prevention an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Flag as inappropriate
PeerSpot user
Cyber Security Consultant at I(TS)² Saudi Arabia
Real User
Top 5
Great data matching capabilities, stable with file integration features
Pros and Cons
  • "An excellent solution for data classification."
  • "Different departments should manage administration, reporting, normalization and incident management."

What is our primary use case?

We use this solution for exact and index data matching, vector machine learning and endpoint prevention. We can use USB, make the solution notify a block policy and make response rules. It allows us to add the directory indication, make the agent configuration from the DLP, and then enforce them.

We can also complete different types of single-tier, two-tier and three-tier installations. For single-tier installation, it can enforce or recommend detections servers on the same servers. For two-tier, it can enforce on the same server and the detection server. And for three-tier, Oracle enforced, and the detection server is on separate servers.

What is most valuable?

The most valuable features are file integration and optical character recognition. It is a new technology integrated in DLP. File recognition technology mainly uses DLP, and we can use encryption technology to integrate the endpoint detection servers. The solution also helps to integrate the cloud access service broker in the DLP console, and we can complete information-centric tagging. For example, we can tag the files as private or public and protect them on the DLP console. In addition, we can classify data according to the environments and handle the files per the policy created from the console.

What needs improvement?

Different departments should manage administration, reporting, normalization and incident management. For example, for incident management, escalation can be completed in a specific department, and we can notify a manager and send an email when an incident has been triggered. In addition, confidential files that shouldn't be sent as a CV are managed. A DLP is a confidential solution that cannot be used to send unauthorized organizations' data to others.

The previous versions had a flaw when we installed the agents. We can install the agents manually or by the SCCM and easily manage the database and incident services. We can make several rules if we have a network or endpoint. We can also manage dashboards and administrators, super users and view roles. The larger administrator that manages the activities and daily reports has access to the best access tools. We can utilize user roles for the view access tools and to make policies.

For how long have I used the solution?

We have been using this solution for ten years and are using version 15.8. It is deployed on-premises, and the cloud is used for network payment for email.

What do I think about the stability of the solution?

This solution is very stable.

What do I think about the scalability of the solution?

It is very scalable, and there are no issues with maintenance.

How are customer service and support?

We can easily manage technical support unless we need clarification on a version of data or a task for principal clarification. I rate the technical support a nine out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup was straightforward. First, we had to install the Oracle database, which requires 19C if you use version 15.8. Then, we had to deploy and make the info server. After that, we had to complete the Oracle and listener configurations and connect the database. We then had to install the Windows Server and add the detection servers from the endpoint server.

During the installation, we imported different templates in .VSP format. The solution allows you to make policies and procedures with built-in templates, and there are templates for multiple sectors, such as energy, banking, financial, and telecommunication. It can be downloaded from the portal during the installation of the Oracle added to the enforce server. We can make different policies like data matching, index data matching, vector machine learning, and desktop content matching. For example, we can use proximity matching to detect data for 70% matches, 50% matches, or 20% matches. We can also upload different documents for index data matching. Exact data matching is for structured data, and index data matching is for unstructured data. Vector machine learning is for positive and negative threats, and the threshold is set for that purpose. I rate the deployment a ten out of ten.

What's my experience with pricing, setup cost, and licensing?

There is a perpetual license for three, five and two years. There is also a one-year renewable license for different parts. In addition, there are licenses for different consoles, namely Endpoint Discover, Endpoint Prevent, and Network Prevent. So it is an easy tool per the budget firewall and not difficult at all.

What other advice do I have?

I rate this solution a ten out of ten. Regarding advice, it is the best solution and has the best reputation. It is easy to manage and an excellent solution for data classification. It is the best solution I have ever used. We prefer Symantec to other solutions because their products are not difficult to integrate with a single console that is easy to manage.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Senior Systems Engineer at a logistics company with 1-10 employees
Reseller
Top 20
Good machine learning, easily expands, and is largely reliable
Pros and Cons
  • "I like how I have the possibility to check different channels with the same policy set."
  • "They need to expand the channels they check."

What is most valuable?

I like how I have the possibility to check different channels with the same policy set.

The machine learning solution is very good. Many of our partners are not using mostly the machine learning function yet, however, the index document matching, the IDM, and the actual data matching function are the most useful. Those are very, very good functions of the DLP.

What needs improvement?

The OCR functionality could be better. We have OCR functionality. However, it is not as effective. It could be more effective. They need to work on the function that can catch PDF 5 and PDF 5 based on pictures, images, JPEGs, and so on, with text-to-all content. The main goal of this is to check those pictures against corporate policies.

I'd like it if, in DLP, the agent could have more detection capabilities.

Currently, many features can work only with Endpoint Prevention, Network Prevention, and Email Prevention. Those capabilities do not work on the Endpoint Prevent and Endpoint Detection. 

They need to expand the channels they check. It could be wider. So it should be able to check, for example, WhatsApp and mobile solutions, mobile communications, Facebook, et cetera. We're worried about data leakage on these channels. 

For how long have I used the solution?

I've been using the solution for six to eight years.

What do I think about the stability of the solution?

In terms of stability, we have issues, yet not too many. The basic functionality works fine. In my opinion, it is one of the best of the market.

What do I think about the scalability of the solution?

The solution is scalable. 

We can use it in a single tier if there are not too many users and agents. That said, it can be easily extended to use as many server components as we would like. If there are too many people, 4,000 or 5,000 agents and users, we can use 10 or 15 servers. There is no problem with the scalability of DLP. 

On two or three servers, we have around 1,000 agents. Not more than that.

How are customer service and support?

I have problems with Symantec technical support. It is too slow. There are also problems with competency. With the time factor, the reaction time and response time are very long. There was a situation where I had 168 hours between the initial outreach and response. It was not the best for my customer and for me.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I did not previously use a different solution. 

How was the initial setup?

The setup is a bit complex due to the Oracle database. I now have many problems installing and managing the Oracle database. At the moment, I just have a huge problem upgrading Oracle 12 to Oracle 19. It is not too easy. That said, if Oracle and the basic DLP are installed, then it can go smoothly. Afterward, there are no problems with it.

What's my experience with pricing, setup cost, and licensing?

I am not a sales. However, I see Symantec's prices are the highest in the market.

The technical solution is quite good, however, when the customer sees the prices, they tend to say "Okay. It is very good, yet we do need to choose a cheaper one."

What other advice do I have?

I'm a reseller and integrator.

I am just upgrading the previous version, 15.5, to the newest one, 15.8.

I'd rate the solution eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller/Integrator
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Symantec Data Loss Prevention Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2023
Product Categories
Data Loss Prevention (DLP)
Buyer's Guide
Download our free Symantec Data Loss Prevention Report and get advice and tips from experienced pros sharing their opinions.