Symantec Data Loss Prevention Reviews

Our primary use case for Symantec Data Loss Prevention revolves around addressing internal data security concerns, particularly email communication and data leakage prevention.

Symantec Data Loss Prevention has significantly improved our organization, particularly regarding data management and incident response. The solution has streamlined internal processes and enhanced data security measures. By integrating Symantec into our management systems, we've achieved better packaging and handling of sensitive information.

The most valuable features of Symantec Data Loss Prevention (DLP) are the Optical Character Recognition (OCR) functionality and its automation capabilities.

The product's pricing and support services need improvement.

The platform is stable. Initially, there were minor delays during the setup phase, especially when implementing certain features on the cloud. However, these issues have been resolved over time, and the system runs smoothly. It has been consistently reliable for the past three years. While it may demand slightly higher bandwidth, it remains easily adaptable to any network environment.

I rate the platform's scalability a nine out of ten. Currently, we are working with three companies as our customers for the product, one of which boasts over 10,000 users.

Our experience with customer service and support has improved over time. Previously, we encountered technical issues and concerns while working in the same area of DLP. However, in 2020, we noticed a positive shift. The team has become more responsive and effective in addressing our needs. The personnel handling technical support are helpful.

To deploy Symantec to protect sensitive information in our company, we implement various policies such as web, endpoint, mail, and cloud prevention. While the deployment process itself is simple, there is a requirement for an Oracle database, which can add a layer of complexity, particularly for smaller businesses that may not have the infrastructure readily available. However, we offer a software solution that manages this aspect. We leverage both on-premises and cloud-based functionalities, with customization options available for policies. Default configurations work well for cloud-based deployments, and we utilize comprehensive licensing packages. Cloud management simplifies deployment and implementation tasks significantly compared to on-premises setups, reducing the burden on our team and clients. However, there can be challenges when transitioning existing customers from on-premises to cloud-based solutions, particularly regarding feature availability and accessibility.

The platform is expensive.

The platform provides valuable data for preventing loss in various ways. It operates on a cloud-based platform and is beneficial through email and the web.

The incident response capability has been instrumental in mitigating potential data loss. The response agents are deployed strategically, and licenses govern their access. It ensures that only authorized personnel with the appropriate IT label can intervene.

I rate it an eight out of ten.

We use Symantec DLP for endpoint, network, and storage data loss prevention. Symantec DLP is deployed across multiple locations and departments, covering around 10,000 users. 

With Symantec DLP, we can identify where most of our sensitive data resides. By scanning the database and file server, we can find sensitive data and determine how people use it with the analytical view. For example, we discovered someone copying some sensitive data and project information during their two-week notice period. The SOP for any solution implemented in the infrastructure is placed in SharePoint. They tried to copy that information and send it to their personal email. We identified the potential leak and notified the leaders of the firm.

The endpoint DLP isn't something that provides 100 percent coverage. It is a strategic solution and a process by which we strengthen rules and policies for detecting and identifying sensitive information and how it can leave the company. The DLP solution doesn't provide total coverage, but it can protect about 70 percent of our daily process activity. It also reduces the time DLP admins spend on these tasks by about 20 percent.

Symantec also helps us meet our regulatory requirements. Symantec DLP has preset rules for PCI DSS compliance that we can use to monitor if any users are sending credit card numbers to outside parties. It has similar features for compliance with GDPR and other types of regulations.

The most valuable aspect of Symantec DLP is its broad coverage. Symantec DLP covers USB, Outlook email clients, and web traffic. If we install the endpoint DLP, we can cover multiple channels, including the clipboard and printer. 

What distinguishes Symantec from other solutions is the technology to create policies based on our customer's requirements, like ID items and index documents. We can fingerprint our documents so that any attempt to send the data outside the organization is detected. Symantec DLP has Described Content Matching if you need to send unstructured data. We can carry out the rule with the Described Content Matching technology. 

This enables us to create multiple rules. Symantec offers various technologies, like Index Document Matching, Described Content Matching, and Exact Data Matching. We can also create rules for structured data stored in the Excel database.

In addition to these features, Symantec DLP also provides email traffic monitoring, giving us visibility into on-prem Exchange email servers and cloud-based tools like Office 365. We can extend DLP detection to all email and SMTP traffic. 

I rate Symantec DLP a ten out of ten for ease of use and implementation. It's easier to use than other DLP solutions. 

The detection capabilities are also excellent. I rate Symantec DLP eight and a half out of ten for detection. I give Symantec an eight out of ten for accuracy and seven out of ten for scanning speed. 

Symantec DLP doesn't provide complete cloud coverage. We need another DLP solution to monitor our cloud applications. 

I've used Symantec DLP for around five years.

Symantec DLP is stable. 

Symantec DLP is scalable.

I rate Symantec's support an eight out of ten. 

Positive

I used Forcepoint and McAfee. Symantec is easier to implement and manage. The coverage is also better. Symantec easily covers email and web traffic. I rate Symantec's detention capabilities an eight out of ten versus seven for Forcepoint and five for McAfee.

Deploying Symantec DLP is a little complex. We had to create an Oracle database when we implemented the solution. That part was difficult, but the rest was straightforward. 

There are three phases of implementation and many tasks in the beginning. First, we had to identify our sensitive data, where they are, and how they are being used. It was a long process initially. After finding all those things, we implemented the DLP solution in the infrastructure. We had been using an endpoint DLP, which didn't cover most email traffic, so we implemented email and web DLP.

We had to do a lot of work in the early stages, but the solution doesn't need much oversight once it's mature in the infrastructure. One or two people can manage it. I and one of my team members administer it. Two other people handle the incident management. Few changes are required after it is fully deployed and mature. You occasionally need to modify some rules and add some exceptions. 

The initial installation took about a week, but it takes nearly a month to configure all the policies. Two admins and one engineer were responsible for the deployment. Maintenance involves the database, networking team, and DLP teams. That's five people altogether.

Symantec saves us time and costs. It enables us to easily monitor all the incidents and quickly configure policies. The solution reduced our operating costs by about 20 to 25 percent. 

Symantec's pricing is competitive. I would recommend Symantec DLP over cheaper solutions because it provides a broader range of detection across various channels that isn't easy to achieve with other solutions. The solution also makes compliance with multiple regulatory regimes easier. 

I rate Symantec Data Loss Prevention an eight out of ten. 

Symantec Data Loss Prevention is an enterprise-level solution and we utilize it for its customization, and flexibility across the platform as well as the excellent support and feature levels compared to other similar solutions.

There is still potential for improvement when it comes to data discovery over a network. How successful the process is depends largely on the network configuration and connectivity to the destination. Utilizing a detection server or network discovery can help facilitate the data discovery process. Recently, I discovered around 15,000 to 20,000 shareholders for Symantec using DLP for data discovery. Agent Discovery is also highly effective, with no performance issues showing up when performing endpoint discovery for the Symantec database.

I have not had much experience working with Macs, but they come with an in-built security feature. This can be challenging to work with, as not all features are supported in comparison to Windows. However, the solution recently became compatible with the Linux operating system, allowing us to deploy agents on this system as well.

Symantec Data Loss Prevention is a globally accepted product that provides an enterprise-level view of an organization. Although some of the features the solution offers are being utilized, there is still more potential to be explored if the organization puts more focus on using them to their fullest potential. Recently, the ICD or ID features, which cover all increase points and every other technology, were introduced. The solution provides features that correlate all events and generate top results. In DLP, the role bit and success management are present, allowing us to escalate incidents. We can also define an escalation process, allowing data owners to view incidents and escalate them as necessary. This functionality is provided by the solution. The primary goal of the DLP is to monitor and control the organization's data usage, as well as to facilitate audibility and accountability. Symantec Data Loss Prevention is well-suited to fulfill these needs.

The solution helps us find sensitive data and apply policies based on user risk. We can use indexing for highly confidential documents that are not to be published or shared with more than two to five people outside of the organization, such as the board of directors. Indexed Document Matching is a useful feature that can help ensure that the document remains secure. We can create remote detection over the product and map the UNC part. The data owner will put the file of a particular document, which will be converted into IDX format. We can then apply the policy remotely so that the data will not come to the DLP admin or any other person and will remain protected.

The solution offers a range of pre-defined data identifiers to meet all regulatory requirements, such as those mandated by the GDPR, PHI, PCI, and USUN. These data identifiers can be used to identify and protect personal data globally.

The solution helped reduce the time our DLP administrator spends on data loss protection. Spending time monitoring the data is essential. We have to stay up to date and investigate any issues that arise in order to improve health monitoring by fine-tuning incidents and reducing false positives because automation is not available. 

The solution offers a one-click view from a single console, with detailed incident investigation capabilities that capture activity from end users, the web, and email. Symantec Data Loss Prevention provides comprehensive information conveniently and efficiently while also conforming to good architectural standards.

Compared to Forcepoint DLP, we can see that the email is not available. In Symantec, we are dependent on other products, such as DashMagiq, to release quarantined emails. This is because DashMagiq is able to do this through its API integration with the Office 365 email box. Unlike Forcepoint DLP, we don't have the option to release quarantined emails ourselves.

The detection capabilities are comprehensive. The solution covers all channels and supports cloud scanning. Additionally, the cloud-based solutions provided by CASB offer additional functionalities and now include AdvExt.

Symantec Data Loss Prevention has good detection accuracy. In some instances, the solution can produce a false positive. The solution's Application Monitoring feature allows us to monitor data that should be uploaded through an application; however, it can trigger an incident when the application is opened. The features provided by Broadcom are generally practical, but some of the less-used features may not be as accurate.

Before the release of version 16.0, some features were missing. Location-based detection and USB print blocking are still not available. This means we cannot configure the blocking of a USB printer, and we also cannot identify whether a system is on the network or off the network in a large environment. Additionally, the feature that is currently available is not fully operational. The domain-based resolution can sometimes take time to determine whether the system is accessible over the network or not.

From a management perspective, it takes a lot of time to manage the infrastructure. It seems that having cloud options available would reduce the overhead of managing infrastructure. Depending on the organization, we can choose to have the solution on-premises or on the cloud. If we choose the cloud, we can focus more on data loss prevention instead of managing the infrastructure.

I have been using the solution for seven years.

Both the free and paid technical support from Symantec are good.

Positive

I give the solution a nine out of ten.

It helps us meet requirements. There is no product that gives you 100 percent coverage, but it's quite an improvement. It gives us added value.

When it comes to operational costs, a lot of false positives have been eliminated. It's an ongoing activity.

It has good options for policy findings. You can do granular policy enhancements with multiple options. And the SMB blocking is a very good feature.

Other good features include 

• application control
• integration with other proxy servers
• data discovery.

And the dashboard is very user-friendly. The solution is very easy to use, if you know the baselines, concepts, and how to implement things, it's very easy.

In terms of detection, that's up to us to decide exactly what we want. Whatever we have found has been worth it.

Symantec Data Loss Prevention also supports Macs and Linux. It's up to you how you filter your traffic. A normal user's machine should not have Linux. Usually, that would be a server-level operating system, but there are different controls for different operating systems.

I have been using Symantec Data Loss Prevention for over 10 years.

We use the violations that we see to understand the new techniques used to bypass data leakage. When there is any such "enhancement," we provide it to Symantec, and they work on it to give us a fix for it.

Where things could be improved is that product engineering takes time to respond when we make a request. They get on a call for troubleshooting, but fixing the issue takes time. Symantec was bought by Broadcom.

Positive

Compared to competitors, it gives added value, but not every product gives you everything. Compared to other solutions, Symantec DLP is very good when it comes to the quality of detection.

If you're thinking of using a cheaper solution, often, it's only when a breach happens that management puts money into cyber security. These are very critical functions and these controls are necessary to know what your employees are doing and what kind of data is going out, is in ingress, or in motion. Security can't be compromised. There is no cheap product. Evaluate what your company requires.

If that kind of security is required, I would recommend Symantec DLP. It depends on your needs.

We use Symantec DLP because we have different kinds of users who have been moving around for the mobility of their work, they work either from office, home or other offices. So the encryption of this solution supports us in controlling the data within the organization and not getting any data breached. 

All of the features are really important, including DLP for the OCR and endpoint. It will be all of the combined features that will give you the strength to control the data. Every feature has its own uniqueness, different control and will help you to protect the data. 

Their support program needs a lot of improvement. If you are stuck somewhere, getting their support can be difficult. 

Adding the feature of control over Bluetooth is very important right now, most BOPs are don't get control over the Bluetooth function. The features would become more friendly and their dashboard would help us. 

I have been working with this solution for four years. 

I would rate stability an eight out of ten. 

I would rate the scalability an eight out of ten. Our company has about two to three thousand users of this solution. 

Their support program needs to be improved. 

The solution has a simple setup and upgrade process. But both things require time to mature and further improve. The deployment process takes only a day if you have the hardware. 

The product pricing is above average, near to high. 

Trend Micro has a complete suite just like Symantec DLP. Both are good products and nearly equal to each other.

I would rate this product an eight out of ten. 

We have some sectors that have sensitive data, and for that reason we use  Symantec Data Loss Prevention. We have some policies on those sectors so that if somebody uses an ID number or some other sensitive number, we record it in our system.

The benefit is that users can't copy or send sensitive data to another user outside our organization.

It has also helped save so much time. For me, as an administrator of the agents, who installs and puts group policies and rights in place, it saves me 20 or 30 percent of my time.

We can see everything about the users, meaning what kinds of data they use on their computers. When you install the Symantec agent on users' PCs, you define a role for the users and set the policy. We have set rights such that users can't copy sensitive data or send it via email or to USB. After, you can search monthly or yearly and see what kind of data they have used or shared and where they shared the data.

We also like the analytics and reports. We can get yearly reports, six-month reports, and monthly reports for analytics that we can export.

And for administrators and system engineers, it's easy to use, install, maintain, and upgrade. It's also easy for end-users.

For detection, it has a great algorithm. It can recognize ID numbers and everything that you put in a policy for the end-users. That is really great for us as an institution where we have sensitive data. It recognizes all the sensitive data when someone tries to transfer it or put in other data. When that happens it sends me a notification that somebody needs to use an ID or sensitive data. Its accuracy of detection is high.

Another positive aspect is that the speed of discovery is very high. We are very satisfied.

I would like to see changes to the analytics. 

I have been using Symantec since 2018, making it about five years.

It has constantly worked fine for me all these years. I haven't had any problems with it. It's highly stable.

It's also highly scalable.

The support could be more knowledgeable.

However, the firm we bought it from supports me very well. I would rate that firm a 10 out of 10.

Positive

We have only used Symantec File Share Encryption and Data Loss Prevention.

We have it installed on-premises on virtual services.

Deploying it to the end-users was not complex. It was very easy for me. I installed it on about 40 computers, each used by two users, who are all in one location. It took two or three weeks in total.

In terms of maintenance, I maintain the agents and all the servers where Symantec is installed.

I would highly recommend Symantec DLP. This is the best algorithm that I have seen compared to other products.

We use DLP to monitor network traffic and prevent sensitive data from being exfiltrated outside of the company. Symantec also helps us discover data at rest in an environment that may be sensitive. The solution covers more than 10,000 users across various business units and layers, including endpoints, networks, and storage.

DLP is a control instrument for ensuring that an organization complies with regulatory requirements. For example, banks have requirements for storing credit card data, GLBA regulations, etc. DLP can help a bank avoid fines and protect it from civil liabilities.

Companies are audited annually, and DLP improves their risk posture. It ensures business operations won't get shut down because we don't know what we don't know. There are also internal threats, such as people leaving with privileged information on a USB. For instance, an earnings report could be stolen by a disgruntled worker and leaked to competitors. Symantec provides good definitions in the rule set. It can be customized to scan inside documents and pattern-match any unstructured data to comply with what the company needs.

The data-at-rest features are the most valuable because they let us identify data infected with ransomware and prevent employees from being exploited through phishing attacks. If an employee is compromised, the attacker can access servers and deposit ransomware. This enables the attacker to exfiltrate data remotely using employees' credentials. It might be valuable data that could cause a business reputational and financial damage if stolen and publicized. It could also be credit card data or personal health information stored on critical servers.

The false positive rate is excellent. It's about 90 percent accurate and gets better as we fine-tune the rule sets. When we have new incidents, we can work to lower the overall risk based on user behavior on the endpoint, the kinds of data we out on SharePoint, and the type of web or FDP traffic generated internally. I assess the effectiveness of a policy based on the number of false positives generated. We need to tune the rule set if it's greater than 20 percent. 

The solution's data recovery is fast. It depends on the size of your storage, but I have no complaints about the speed of data recovery because there are several detection servers with the necessary horsepower to handle the amount of data that needs to be discovered. It could be remotely scanning a SharePoint server or a file server. The local agents can process data in the expected timeframe.

The upgrade process is convoluted. The server and database software must run in line with third-party providers like the Oracle database. If an Oracle database reaches the end of its life, then servers must be decommissioned, and you need to bring new servers online.

When the maintenance packages are deployed to the management server, they don't get pushed to the detection servers. Each detection server must be manually installed rather than automatically made from a single server. If it's a large enterprise, you need to manually install it or use a GPO or some other technology, which I never use. 

The vendors should also give a heads-up long before updates are released so internal teams can meet their change management lead times. Some vendors don't provide enough notice. They often announce a new version or a vulnerability that needs patching a week before it comes out. It should be a month before. 

The upgrade packages should have better documentation on the upgrade procedure instead of prerequisites spread throughout multiple documents. The wording should be more precise.

I have used the solution for ten years.

Symantec DLP is highly stable. I've operated on Linux and Windows. Linux is stable and doesn't require much patching, but Windows requires more patching, and the service sometimes needs to be restarted. 

Symantec DLP has unlimited scalability if you buy enough licenses. Symantec has servers in the USA, Canada, Asia, and Europe that manage policies differently. For example, Europe has its own compliance rules for GDPR. Incident response can be managed well and segmented away from the rest of the world. You can implement Europe-specific policies. 

I rate Symantec technical support a seven out of ten. 

Neutral

I previously used an appliance called Websense to analyze traffic for data loss. I used other Broadcom tools before Broadcom bought Symantec called Broadcom Proxy and CloudSOC Gateway. I didn't switch from Websense to Broadcom. It was just something I tried, so it wasn't a full deployment. Symantec DLP is head and shoulders above the competing on-prem DLP solutions.

There are a few tricky parts when setting up Symantec DLP, but it's straightforward overall. We used an integrator for the deployment and didn't experience any hiccups after they were finished. About ten people from my company were involved. 

We have two or three people doing maintenance on the solution, like weekly health checks to ensure services are running and traffic flows through the console dashboard. We need to check the incidents generated from the detection servers and verify that everyone can log in. The main part of maintenance is periodic system updates and vulnerability patches.

We see an ROI. During testing, I found it captures and blocks immediately. DLP is able to perform the necessary alerts. We can work with the business and get them on board to see what kind of data they use. We can assign the right roles and manage each business to assess its performance in terms of data loss. Symantec enables us to generate reports to show if their security posture or data loss is changing over time. It's a valuable tool that does what it claims. 

The price of Symantec DLP is fair. I don't recall the cost of the license, but it wasn't outrageous enough that it was an obstacle to approval. I'm not concerned with how much per seat or server, but I know they charge a lot. 

If you're thinking about going for a cheaper solution, I suggest a close comparative analysis of the strengths and weaknesses of each solution by researching online and reading the vendor's documentation. You have to define your security requirements and look at factors like false positive ratios and whether it meets your compliance needs. Some companies only need to meet the minimum regulatory requirements, so a cheap solution that ticks all the right boxes might work. However, if security is the primary goal, you should compare the strengths and weaknesses of that cheap vendor against two or three other DLP vendors.

I didn't evaluate other solutions before choosing Symantec DLP this time, but I evaluated other DLPs for different projects. However, those were cloud-based DLPs, so it's not an apples-to-apples comparison. 

I rate Symantec Data Loss Prevention an eight out of ten.

The tool's most valuable feature revolves around the area of IDM.

Creating any new Microsoft policy is easier compared to Symantec Data Loss Prevention. The creation of any new policy in Symantec Data Loss Prevention needs to be made easier.

I have been using Symantec Data Loss Prevention for around five years.

The solution's technical support is available at a toll-free number. We can directly connect with the tool's support team, but it takes some time. The follow-ups will be there from Symantec's end.

Positive

I switched from Symantec to Microsoft. At the time, there were a lot of, and I had an opportunity to work with, Microsoft Teams. I chose to use Microsoft because I got the opportunity to use the tool, and I want to explore this as well. Other DLPs were there in the market, but most of them were associated with Microsoft.

Microsoft's policy management features are better than Symantec's.

The product's deployment phase was easy.

The tool has impacted our cost savings and reduced incident response times. The tool helps save money and protect data.

I think it is an expensive tool.

The policy management capabilities are really effective.

The tool's policy management capabilities aid us in the area of compliance.

The tool integrates with other security tools, just like how Microsoft works.

I have not dealt with any AI capabilities in the tool.

I recommend the tool to others. The software is sufficient, especially support-wise, and it is the same as Microsoft.

I rate the overall tool an eight out of ten.