Overview of DLP 10

Symantec has recently released an update to its DLP (Data Loss Prevention) product, version 10 and this article will provide a brief overview of some of the changes and differences.  More posts to follow will highlight other parts of DLP 10.

 

Console Changes
The first thing one will notice when connecting to a DLP 10 system is how the console has changed from previous versions.  The DLP 10 console has been simplified and streamlined to help it to be easier to navigate and make the system easier to be managed.  The new console looks like the following:

startingpage
As highlighted in the next screenshot the menu system has been completely changed as well:

overview1

The menu is broken up into 4 areas, Home, Incidents, Policies, and System.  Home will open up what is set as your home page, in my system I have it setup for the Executive Summary for Endpoint.  Under Incidents we have the Incident Reports, then they are broken out by Network, Endpoint Protect and Discover, providing a simple way to find the incidents you are looking for.  Under Policies we find information related to the following:  Policy List, Response Rules, Endpoint User Groups, Discover Scanning, and Protected Content.  The Discover Scanning section is broken out further into Discover Targets and Discover Servers.  Under Protected Content you will also find Exact data and Indexed Documents.

Hopefully you will find it easier to navigate like I do.
Incident Changes

A lot of work  has been done in the Incident section of DLP 10.  The goal is to be able to understand the incident in under 5 seconds.  Is this a false positive?  Is this something I need to deal with right away?  What information can you tell me about this incident?  All questions that need to be dealt with as soon as possible and the changes made help you answer them quickly.

The example below shows a screenshot of a discover scan using sample data:

incident

The incident is broken down into 3 sections or panes. The first pane provides the key info, history and correlations about the incident (see the following screenshot).

incdientdetail1

By seeing the Key Info right away I know what is going on with this incident at a quick glance and make a decision on whether or not i need to spend more time on it.  In DLP 9 this information was scattered a bit about but can bee seen quickly at a glance.

The second pane of an incident shows the match count behind this incident.  Based on the information I’ve read in the first pane, I will then spend time in the second taking a look at match count and also checking for false positives.

The third pane of an incident shows any custom attributes I am looking for or using.

Policy Changes

There have been some changes and additions to the default policies that ship with DLP however the way to write a policy has not been changed.  One of the policies has been modified to take a part some of the changes in the HITECH act.

policylist

As mentioned previously, under the menu Policies, you have the ability to configure the discover servers and scans and also edit the exact data and indexed documents. 

System Changes

There have been many changes to this part of the console as well.  The system section is broken up into the following areas:  Servers, Agents, System Reports, Settings, Incident Data, and User Management.

One really nice change is the addition of a credential manager, which is found under Credentials.  This allows me to save a credential and re-use it in different scans, etc.  This is found under System –> Settings –> Credentials and looks like the following:

credential

credentialdetail

 

Thanks for spending the time to read this overview of DLP.  In February I will be doing a webinar on DLP and if you are interested you can visit my company’s website (ITS Partners) here for more information and to sign up.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s