What is our primary use case?
It's important for information security due to the fact that it's a powerful solution. It defines sensitive secret data on the customer's environment and monitors for any breaches.
How has it helped my organization?
There are two things this solution has helped improve.
In terms of the DLP, it can protect from data breaches in your company since you need to define secret and sensitive data in your organization. And the DLP solution monitors all of this data. For example, if you have personal data, you can define this data to the DLP, and then, if someone tries to send this data outside of your organization, this solution would prevent that data breach or generate an alert.
The second way the DLP solution can help is by implementing best practices. For example, every organization has a business flow. This business flow can sometimes be wrong according to regulations. For example, with GDPR, if you are working with European customers, European clients, or European residents, you need to follow GDPR regulations. Or, if you are working with the payment industry or storing credit card data, you need to follow PCI DSS rules. This DLP solution can help customer organizations ensure they follow best practices.
What is most valuable?
The level of simplicity in terms of ease of use is moderate. It's not easy to implement. There are some requirements from organizations. For example, businesses must be rated to implement this solution. If businesses want to implement data loss prevention or information security policies, they have to be accredited. However, with Broadcom's product, it's easy to implement. There are modules you can deploy and use. It's easy to plan and easy to deploy, however, you do need to have a proper plan in place.
If we compare with other solutions, Broadcom's Symantec Data Loss Prevention has different kinds of detection techniques. It's just keyword, structural data, OCR, or a combination of all these metrics.
The accuracy in terms of the rate of detection is good. I have worked with big enterprises with this solution. For example, we had 30,000 endpoints with the data loss prevention solution, and I also managed 10,000 clients with Symantec Data Loss Prevention. The accuracy has been pretty good. You just need to fine-tune your policies. If you create policies in the proper way, Symantec works really well.
DLP helps us find sensitive data and apply policies based on user risk. First of all, we need to define which data is sensitive and which data is secret. DLP couldn't find it by itself. Therefore, we need to create a normal policy. Then DLP can manage this risk.
The solution comes with a default configuration. This can be adjusted. If you need to follow GDPR requirements and GDPR defines your personal sensitive data, you can adjust for that. You can set predefined detectors. You can use this in a policy to protect yourself and ensure compliance.
DLP has helped to reduce the work or the time our DLP administrator spends on data loss protection.
It's a consistent product. You just need to create a policy one time, and then you can apply it to all of the channels you are monitoring.
What needs improvement?
I'm not sure about scanning speeds. In my previous experience, we had some problems and some speed issues. The data loss prevention feature is working pretty well; however, sometimes, if you want to discover or scan the data stored in the customer environment, it could take a long time. Sometimes the customer states, "I want to scan a computer," and it takes a few hours. It seems to sometimes be unnecessarily long.
Reporting could be improved. The detection features are good, and the configuration is basic. It's really easy to use, or it's really to learn from scratch. However, the reporting features must be improved as the product doesn't provide us with many reporting screens. We only have an incident results screen, and we have filters we can use, and that's it. There are no other reporting features. It's really limited.
For how long have I used the solution?
I've been using the solution for five years.
What do I think about the scalability of the solution?
The scalability is easy. You just need to install core components and then you scale. You create a new server, and then you can add 10,000 clients, for example.
How are customer service and support?
I work with Symantec technical support. If you don't have premium support; it's not easy to fix your issues via technical support.
I've not had the best support experience. I know for other products it's the same. Technical support is usually the weakest part of the company if you are creating a ticket to fix an issue. It was really hard to manage the ticket status. You're always waiting for someone else just to get back to you. It's not easy to manage support. You really need to push them to fix issues. They always say the same thing, and it takes a long time to resolve things.
I've worked with other support teams, and they have been pretty good. For example, the encryption support team is very good. This support team, you really have to push to escalate.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I used, for a limited time, ForcePoint DLP and McAfee DLP.
How was the initial setup?
I've handled deployments in the past. I've deployed four or five organizations from scratch.
The setup process is moderate in terms of difficulty. You need to plan which channels you want to monitor. This solution uses Oracle Database, and you need to calculate scalability and extensions. It's not too easy, and it's not the hardest.
If you deploy the DLP properly, you need to have business support from the business side. Two or three people can deploy this solution or all required service policies, et cetera. However, we need support from the organization since you couldn't define a policy by yourself. You need to understand what data is important and which data is sensitive. You need to talk with all of the stakeholders. For example, software developers. You need to sit with them, and you need to talk about what they are working on, and which data is important. You need to talk with human resources, finance, the entire company.
Generally, we deploy the solution in a central way. We will have one central management console and then granular access for stakeholders. For other business functions, for example, we can create a GDPR policy for the HR business since we need to follow the guidelines. And then, other shareholders can access the central data to granular access.
In the past, I have deployed 26 DLP components into an organization with 2000 clients. It was a huge project.
Once deployed, you need to maintain the solution. You need to follow product updates. Databases are updated with new features and security fixes. A database update is not very common. You just need to update the database once a year. Also, for example, if a new Windows or Google Chrome, or Firefox version becomes available, you will also need to update your DLP product. Every three or four months, you likely have maintenance tasks related to updates.
What about the implementation team?
I work as an integrator. I work with clients and customers and uncover what they want to achieve, what their situation is, and which resources they have got in their data center. Once I have completed deployment with them, I work as an integrator and as a consultant.
What's my experience with pricing, setup cost, and licensing?
I am not aware of the exact pricing of the solution.
Which other solutions did I evaluate?
I have worked with different customers, and we have evaluated different DLP solutions for our customers. However, all of my experience is a limited experience. I have one year of experience with ForcePoint and McAfee DLP.
Customers or enterprises looking for the best detection options would need to look at Symantec Data Loss Prevention as it has the best detection options.
The other solutions just follow basic keyword detection. A complete DLP solution should monitor all of the other aspects. Symantec has powerful monitoring features and options that can provide us with much more than just basic options.
What other advice do I have?
I work as an integrator.
While the solution may support Mac and Linux, Windows endpoints are more important. Every business uses IT directories and manages internal clients with Windows. Symantec already supports Mac endpoints, just not Linux clients or Linux agents. However, that's not a common thing anyway. It's a special condition. You will need a Linux agent if you are using those servers in your environment. Generally, we don't need to install a server-level agent. We also monitor a gateway-level inspection. For example, if your server is open to the internet, generally from a security perspective, the security personnel must follow a gateway-level inspection.
And the end of the day, this works for a Windows client. Generally, we don't require Linux agents for the data loss prevention solution. However, it depends on the business and it depends on the environment.
If someone just wants to use the cheapest option available, they likely will get just keyword detection. They might not get OCR or email attachment monitoring.
I cannot say that Symantec has helped reduce operating costs. However, I can say that, in general, if you don't lose data, you don't lose money.
I'd rate the solution nine out of ten. The reporting and technical support are not the greatest; however, overall, the product is good.
If an organization has a proper data classification solution or qualification levels in their organization, a DLP implementation will be much easier for them. Otherwise, they will have to work on their DLP deployment policy creation, and then they have to create a data classification policy.
Which deployment model are you using for this solution?
Hybrid Cloud
*Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Integrator
