Symantec Data Loss Prevention Reviews

We primarily use the solution for the endpoint machines within the environment.

I'm able to track everyone who is trying to send information outside the environment and to know if they are not supposed to be sending it. I'm also able to see the people who are accessing or maybe try to access the information they are not supposed to be accessing based on their level of classification.

It gives me overall control of who has got access to what and at what point and who can do what with specific information.

The backend side of the server needs improvement.

In a majority of cases, most of the companies are using DLP for endpoint sessions, where you have a user that might be communicating information outside of the company. However, they forget there are actual interfaces that can directly communicate with either the database or other files within the data center that uses end-to-end encryption. In those cases, you might need things like your DLP to be able to monitor and block some of that. The solution needs to catch information communicated through the data center on the server-side.

The solution is quite stable, especially when you run it on a Linux platform and when you code it and set it end-to-end on a Windows machine.

I've never had any issues around scalability, mostly because of the environment I'm running on. We have about 50 users on the solution currently. 

It's used quite extensively in our environment as a security cluster, but going forward I don't think we will be adding more people to the environment. It's a minimized environment, so there's a limit to the number of people that are allowed to work with it.

We've never had an issue outside our capabilities, so we've never had to contact technical support.

I previously used McAfee DLP at a different company. I'm not sure what my current organization used previously.

The initial setup of the solution was straightforward. It took us less than a week to make sure that we created all the rules. 

The setup itself it took less than two hours. However, applying all the rules and the configurations, and all the different qualities took longer. It total, everything took close to a week.

We only need two people for deployment and maintenance.

We implemented the solution ourselves.

Licensing depends on how you plan your deployment. If you have carefully planned it and you've already looked at the storage capacity and how it's going to grow over a period of two to five years, then you'll hardly have any problems or issues. If you have not planned it correctly then you might run into some issues.

We are using the on-premises deployment model.

I would advise others that the solution does need careful planning before attempting an implementation.

I would rate the solution nine out of ten.

Our primary use case for this solution is to protect data from being stolen from the company. It protects and monitors data that moves out without us knowing about it. 

The features I like most about this solution is the endpoint modules because it gives us the protection we need. 

I do have a problem with the database. It uses the Oracle database and sometimes this causes some problems. I would prefer it to use the MS SQL database because it has a more stable connection than the Symantec database.

I think it is very stable. The only problem is the Oracle database where the connection sometimes works through the enforce server. But other than that it's very stable.

The scalability is good because some of the environments we are implementing it in, has 7,000 users. Others have 1,000 users. So it all depends. My job is only to implement it and enforce the policies at the customer.

The technical support is perfect. If there is any problem or if anything goes wrong, the technical support team answers me immediately and they solve the problem, so it's a very good technical support team.

I used Forcepoint DB and the McAfee DB. I implement all of them, so I didn't switch.

The initial setup was not complex and it was very easy to install the Symantec database. It comes with a guide that explains every small step in detail. The deployment took about two to three days. However, if you install all the modules, it may take up to two weeks.

I am an integrator for this solution and I work mostly alone.

I compared this solution with Cisco Stealthwatch. And I work on solutions like Forcepoint DP too. But I prefer Symantec DLP and I usually recommend this solution first when a client asks about the different options. It is, however, the more expensive option. So if the client's budget doesn't allow it, I recommend Forcepoint.

I would recommend others to read the manual carefully before they start implementing it because it explains every small detail on how it works. 

I will rate it a nine out of ten.

The primary use case is for handling confidential data, such as customer data, employee data, and IT confidential information. We used this solution in some contracting work. We classify the data by assigning each division user their own classification, e.g., confidential, restricted, internal, or public. According to the data we get from the customer, we find fairly unique keywords and common words from the data and we put it on the Symantec DLP engine as a use case or policy. If, for example, the content or classified files cannot leave the organization, I can turn the use case into a policy as keywords mentioning specific data and unique keywords in the documents. This restricts documents from leaving the organization. That's how I create a policy based on the use case.

Another unique feature which I have found is a solution that we needed for one of our customers. They provided laptops at one of their facilities. Their users had administrator access, but the company cannot control those laptops. They are things, moving outside and inside for technical work. They noticed that their users have personal email accounts through Gmail and they installed Google Drive on their laptops. The problem is when Google Drive synchronizes, most of these company documents have a few admins that sync back up to these personal laptops. 

After deploying Symantec, we created a policy for data loads. We found some confidential files had been backed up to the cloud from their personal laptops. The company documents back up through employees' personal Google Drive. They found it and informed the company, who restricted the application purpose for those employees.

The customer was happy about the solution.

They have a feature on the management side called the document indexer. If you have a unique document with many near-identical versions, which have one or several values that change, while the rest of the content stays the same. You can collect 50 of those documents and put them into this feature of the Symantec DLP system. It will compress them and create a profile specifically for that document. 

For example, if you are getting a daily performance report for your company, each report will be completely the same, except some of the numerical values may change. I can collect 50 documents from the last 50 days and put them into the system to compress the documents and create a profile. I can then put this in a policy that will monitor only those documents. If an employee tries to send those documents outside without authorization, the system will block the documents. I have found the data indexer in Symantec, but I didn't find it in McAfee.

Each company is used to working their own way because they invested in developers and they worked with their project team already. We have worked on some projects and got feedback from the customer. Most of the time I develop this data loss deployment, when I assign data loss threshold values, some data thresholds will need to be higher. For example, IT users need a higher threshold because technical documents include confidential work.

In a 60 page technical document the confidential work might appear 50 times. If that document comes out of the machine or if he tries to send it to another IT user, it will technically be considered data loss because of the threshold value end for the confidential work. In that same way, I have to fine tune those metrics depending on the customer or customer group and the employee group. IT needs certain metrics. A financial user or financial goods need different metrics.

That fine-tuning has to be done for the customer as well as the vendor. If I take Symantec DLP, we have to have some final fine tuning but we may need some time developing this depending on the customer. This is an area where something can be done to improve the product. 

Also, due to the cloud emerging technology in the world at the moment, most of the content and data that we use from the cloud if from some organizations in Europe and the US. For those users, I think Symantec DLP has already provided a testing agent. Those are advantages and improvements that could be made to Symantec DLP.

Their user interface and other features are fine as is.

It's stable. Currently, we are running on two and a half to almost three months. Up to now, I haven't experienced any system issue at the customer place. I used to go and do some fine tuning in the policies only.

It's scalable. There are three users for this solution at the customer. They are information security engineers. Two are senior and one is just an engineer.

Those users are responsible for the solution and the entire agent count is 800 users. For 800 users endpoints have been installed.

It's fine for now, but I think they are planning to expand the solution to another 500 users by next year.

We have experience and most of the time you get very good technical support. In our experience, we only needed support four times for some fine tuning because there is some fine tuning that I cannot do. In those cases, I created a ticket from the support portal and within three or four days they replied. They could typically rectify the issue within one or two weeks. Afterward, they send a report survey for evaluation. 

In short, the technical support is great.

The setup is straightforward. The only complexity comes from the Oracle Database side. Other than that, it is straightforward. It took a half hour to install it. Once you install the manual server, and the detection server on another server you just have to install the alias. I didn't have much problem installing the system.

I installed it myself. Implementation took one day.

I initially checked with the customer how to do their implementation and then I gave them the system requirements. Only then did I go on to staff, once they had given me access to the servers. I only did preliminary planning with technical staff first, then sat down with the customer and planned it more thoroughly.

Only three people take care of this solution from the management side. Externally, there is also a special SI engineer and a travel engineer.

In terms of pricing, Symantec DLP works with Oracle Database. Oracle Database licensing is much more expensive than other databases. That might be a drawback for customers.

The pricing is on a yearly subscription basis. For the current customer year, we already paid up front as part of the first three years.

We had a partnership with Symantec so we didn't use any other solution because we signed an agreement with them and we started deployment with the customer. We evaluated the system with the customer and once the customer confirmed that we should secure Symantec DLP we deployed the solution.

My advice is that the DLP solution is the emerging platform in the world at the moment. First, we had to get some idea on how data works at the customers: data in motion, data in rest, data traveling, etc. Typically data travels through emails from the endpoint by USB, email and CD writing it to a CD or copying it to a network share or from a network share. Those are what you need to know before starting the day of implementation. How this data travels inside and outside the environment.

I would rate this solution as nine out of ten, because they are a leader, competing with some other vendors, providing updates, releasing new versions, and providing technical improvements on their side. I would say it's fine.

We use this to protect our client's data. They are China Mobile, China Unicom, and China Telecom.

When our Oracle database is corrupted, we have the ability to restore the data. This helps a lot.

The most valuable feature for us is the ability to backup our database, and restore it if necessary.

This product should be integrated with virtualization technology and work with other applications.

The stability of this product is good. I would rate it as very stable.

I feel that the scalability is good, but the virtualization could be improved. We only have one or two people that use the software. 

This is our original solution. The product was included on our servers that were shipped directly from HP and IBM.

The initial setup was done by our experienced engineer. The setup is not difficult and one or two hours is enough to complete it.

Our in-house engineer handled the implementation.

The pricing and licensing for this product is good.

We considered other data loss prevention business products, including the Dell EMC backup solution.

We are actively looking for a product that handles virtualization easily and efficiently. We would like to see support for virtual environments.

I would rate this product an eight out of ten.

We are only using the security part of it.

We are solution providers. We suggest this solution to our clients for data loss prevention. It also can prevent Trojan and virus attacks on data centers.

The synchronize application detection policies have been very good. We are able to use it with the cloud service connectors and manage it on the cloud.

We want a more proactive reporting structure.

Have a regular newsletter or report to the implementers, letting them what is going on in the market. It should contain case studies and use cases.

There are some features available in the competitors, like Trend Micro and McAfee, which are not available in Symantec.

The stability is at 85 to 90 percent.

We have two people looking after the maintenance and two people monitoring the endpoints.

We have between 150 to 200 users on any one client. Overall, we have approximately 2000 users.

We share feedback regularly with the Symantec technical support team. They provide us feedback and patches based on the reports (client specific) that we send them.

We did not have a solution previous to Symantec.

The initial setup is not very complex. You just have to run it from the configuration spreadsheet. If you follow the applied process, it is fine. If you deviate from the process, then the process can begin to become complex due to lack of understanding. You have to enable all the files based on size and there are some endpoint issues, as well.

It didn't take us very long deploy.

We implemented it in-house since we have people who are certified on Symantec. Before the product is implemented, we send those people over to Symantec. Then, they bring back Symantec's best practices.

We have six to seven Level 2 support people who do the implement part.

The pricing is competitive and not pricey. We also receive corporate discounts.

Initially, when checked out quite a few products, like Trend Micro, we found this product to be the most user-friendly.

Right now, their roadmap is not very visible, so we are trying out McAfee. Currently, we are simultaneously running both McAfee and Symantec.

We plan to increase our usage of this type of product since our clientele is increasing in numbers.

The primary use case is to protect the content our data, e.g., if a document is marked as a confidential, it should not suddenly be sent into the Internet via email.

I have been the product for two years.

We are able to contain our confidential data in our environment. Previously, we had no controls placed on our documentation. 

• The administration part is pretty simple. 
• Detection is pretty accurate.

They could improve the predefined reports because they don't have much information. We would like detailed reports.

If they could include the same features for their mobile device product, like Android and iOS, it would be helpful.

It is stable. Maintenance only takes one person.

It is pretty scalable.

We have around 1500 users, which include the accounting department, HR department, and other business units.

The technical support is very good.

We were not using a solution before Symantec DLP.

The initial setup is complex; it was not a very straightforward implementation.

The deployment took less than two months.

Our implementation strategy was simple. We started the rollout with a few users, then to the documents and emails, and afterwards, the policies. 

We had a local implementation partner who helped us with the implementation. We had a good experience with them.

Deployment took two engineer from our team.

The pricing and licensing are based on per user endpoints.

We did not evaluate other solutions.

Determine what data you want to protect before implementing this solution.

Previously, what was happening was that anyone could send any data outside. We now know who is sending what data and where. We can then question them: "Why have you sent that data?"

In DLP one of the most valuable features is that you can check attachments. 

In addition, it gives me the data such that, if someone is using a browser and email, I'm able to figure out who is sending the data.

Symantec customer support is very bad.

We are finding delayed response if the macOS is updated. They need to make sure their solution is compatible.

Also, if any data at all is going outside of our network and it matches our screening it has to be captured and we should see it detailed properly: Who is sending it, where they're sending it.

The stability has met our expectations.

I'm not good with the scalability. It's not capturing everything. If someone's trying to send from Gmail to some other browser or if someone is using Safari in a Windows machine, under those conditions it's not captured. 

This is the first product of its kind for us. Nobody seemed to know much about this product but we figured out how to use it, and the vendor gave us training, so we have been able to handle it.

The initial setup is a little complex. But once you go through it you get used to it. After using this product it becomes easy to handle, easy to understand. Our deployment took about two months for 2,000 users. 

Our strategy was simple. I needed to implement it for every user so that we could monitor any data.

We used the vendor's support and it was nice working with them. They helped a lot when it came to the deployment.

I wasn't involved in the pricing negotiations but from what I know the pricing is good, it's not too expensive. If you negotiate you can get a good price.

We evaluated multiple solutions, such as McAfee.

We have around 1,500 users in HR, admin, the finance department, and IT. For maintenance of the solution we have two people. It's covering all users at the moment so there are no plans to increase usage.

I rate the solution at eight out of ten. It is fulfilling our requirements.

The Network Monitor component is the most advanced on the market. Combined with the other Network DLP components (Prevent for Web, Prevent for Email, Discover and Prevent), Symantec offers one of the best network DLP solutions in the market. Another component that is very valuable from my point of view is the Data Insight component that allows the client to have full visibility into the company data.

Data Insight is a very good component that steps outside the standard DLP functions, but helps the client to gain visibility over the data usage, ownership and permissions.

The Symantec DLP solution is very complex, and installation requires many components. Also, Oracle is only the DB used by Symantec.

I have experience with Symantec DLP since 2013.

Sometimes the Oracle instance need to be restarted, when using full Windows deployment.

When in a heavy-usage environment, you can have some latency problems when the DLP management page loads. If the problem persists and the loading time is too high, you should restart the service. Usually, this behavior is very rare and I saw it on the Windows implementation.

When implementing the DLP solution, we use the Symantec sizing guide, and we use the recommended configuration. The Symantec DLP license is per user, so it's hard to have issues with scalability

Usually, we use the local distributor team for issues and they are very OK. When needed, we opened cases at Symantec support, and it was a pretty decent relationship. Some clients complained that they didn't fulfill the request very fast.Starting again this year we have a local vendor presence and that helps us in front of the clients.

Symantec L3 technical support technicians are very good.

Initial setup is straightforward, as you use the same installation kit, and you choose which component to install.

Symantec only sells the DLP software. When you buy, it you should budget the server licenses, the storage and the hardware. Scale your implementation when you have your exact number of the monitored users. Be prepared to extend the resources if you increase the number of users. The Oracle DB is licensed for use only with Symantec.

If you are a small firm with less than 150 users, Symantec can be too pricey.

We also evaluated McAfee DLP, WebSense (Forcepoint) DLP, and Digital Guardian.

We are a system integration firm, and we also sell McAfee DLP and WebSense DLP (Forcepoint).