Upcoming DLP Webcast: DLP 10.5 & Data Insight

One of the things my company does is webcasts hosted twice a month.These are free and provide information about upcoming Symantec products or can provide training on how to use one of the Symantec products.

In June, I am presenting a webcast on DLP 10.5 and the new feature Data Insight.

ITS will answers questions like:
– “Whose Data Is It Anyway?”
-  "Who owns the data?"
– " How is the data used?"
– "How do I protect the data?"
Data Insight and Data Loss Prevention
Data Insight will first be available as part of Symantec Data Loss Prevention and will be the only data loss prevention solution to deliver an integrated data owner and remediation capability. Unstructured data on shared file systems is a large source of critical business information, and over-exposed content presents a significant risk for data breaches. Data Insight with Symantec Data Loss Prevention helps organizations identify their most critical information and enables simplified data clean-up and remediation through automated data owner identification. Data Insight also provides continuous monitoring and auditing of data usage to help ensure adherence with corporate policies and regulatory compliance. In addition, the technology monitors who has accessed or modified individual files, and can notify information security teams and data owners that data has been exposed. Armed with visibility into who is accessing and using the information, organizations can make rule-based ownership inferences and alter access to stored data in order to prevent data breaches.


Data Insight provides information on unstructured data, data that sits in a file share and provides information on how that data is used, who is using, etc.

Join us for the webcast and learn about this great product

What is missing from Ubuntu?: Manageability

A recent blog post on planet.ubuntu.com, argues the one thing that is missing is manageability of the Ubuntu system.  I couldn’t agree more with this post.  In the post the author argues the problem with Ubuntu adoption in business is not how shinny things look, or how well the software works in the cloud, the problem is management of systems.

A little background here:  For the last 4 years or so I have been an endpoint management consultant (laptops/desktops/severs).  I have clients that manage anywhere between 50 desktops and 150,000 desktops.  For Windows desktops there are numerous companies that allow you to manage those machines and reduce full time equivalencies (FTE’s).  Some examples are:  Altiris, Landesk, Kace, etc.  Canonical has created its own solution Landscape instead of working with the existing companies to get their product (Ubuntu) supported.

What really stands out from this entry is this section:

And so, Microsoft continues to win on the desktop. Not because an individual PC running Windows is easier for most people to use, but because its easier to set up Active Directory to work with Outlook and Exchange than it is to roll your own directory service with the tools available out of the box on Ubuntu. Bug #1 will never be solved until directory services and authentication are integrated into every aspect of Ubuntu.

And he couldn’t be more correct.  Until there is a true competitor to Active Directory, Exchange, Outlook, and the MANAGEMENT of the machines Ubuntu will not succeed in the Enterprise.

Take a look at the blog and all the blueprints that have withered without focus in regards to the issue:  (List taken from the blog)

Catching up on DLP Links

There’s been a lot of discussion on the web these days in regards to DLP and also some of the moves Symantec made in regards to its purchase of PGP Corporation and also GuardianEdge:  Press Release here

Here are some more links that I’ve come across recently:

  1. Cisco Security Services and also Cisco’s Risk Assessment Service:  Didn’t even know that Cisco offered a DLP Solution, but it is based around the IronPort product.  I don’t know anything in regards IronPort but will plan to learn more as we have one customer who is looking at it instead of Symantec DLP
  2. Whitepaper released: Quick Wins with Data Loss Prevention:  This links to a whitepaper sponsored by McAfee and you can download the white paper from that link as well.  It is an interesting white paper and have added it to my collection
  3. How to shape an effective DLP policy:  An Information Week article that talks about how an organziation should write DLP policies.  More on this later.
  4. Breakout session from Symantec Vision:

Getting caught up on links

Have a lot of links in my browser tonight but haven’t had a chance to digest and really understand all of them.

So this post is a dump of a bunch of them, to come back later with more thoughts on

1.  25 Scenes from Symantec Vision:  Missed Vision this year but didn’t hear much about it.  Find it interesting how they comment on things us old Altiris people take for granted, such as Steve Morton’s Keynote style, Usergroup challenge, etc.

2.  DLP: Million Problems – One Solution:  Haven’t read this one yet, but looking forward to it

3.  DLP – Protecting What Matters Most:  Seems to be an overview of DLP, will have to read this one through

4. States’ Rights Come to Security Forefront

5.  DLP Primer

6.  Data Loss Prevention comes of Age

5 Myths about DLP

Came across this slidedeck, through a Google Alert and wanted to pass it along.  While this is geared towards the Small to Medium sized business DLP is still important and should be implemented.

I would take some issue with “Myth 2 – Expensive Third Party Solution”.  In this myth they argue that “implementing a $100k software solution from Symantec or McAfee is impossible.”  While I would agree that the full solution of DLP from Symantec is expensive, you don’t have to buy the whole suite at one time, thus limiting the expense. What is the primary concern of your data?  Is it leaving the organization?  Then implement DLP at the Network level.  Concerned about data on endpoints? Then take a look at DLP on the endpoint.

One of the benefits of the Symantec solution is that it is very modular, only purchase what you are implementing now.

Overview of DLP 10

Symantec has recently released an update to its DLP (Data Loss Prevention) product, version 10 and this article will provide a brief overview of some of the changes and differences.  More posts to follow will highlight other parts of DLP 10.


Console Changes
The first thing one will notice when connecting to a DLP 10 system is how the console has changed from previous versions.  The DLP 10 console has been simplified and streamlined to help it to be easier to navigate and make the system easier to be managed.  The new console looks like the following:

As highlighted in the next screenshot the menu system has been completely changed as well:


The menu is broken up into 4 areas, Home, Incidents, Policies, and System.  Home will open up what is set as your home page, in my system I have it setup for the Executive Summary for Endpoint.  Under Incidents we have the Incident Reports, then they are broken out by Network, Endpoint Protect and Discover, providing a simple way to find the incidents you are looking for.  Under Policies we find information related to the following:  Policy List, Response Rules, Endpoint User Groups, Discover Scanning, and Protected Content.  The Discover Scanning section is broken out further into Discover Targets and Discover Servers.  Under Protected Content you will also find Exact data and Indexed Documents.

Hopefully you will find it easier to navigate like I do.
Incident Changes

A lot of work  has been done in the Incident section of DLP 10.  The goal is to be able to understand the incident in under 5 seconds.  Is this a false positive?  Is this something I need to deal with right away?  What information can you tell me about this incident?  All questions that need to be dealt with as soon as possible and the changes made help you answer them quickly.

The example below shows a screenshot of a discover scan using sample data:


The incident is broken down into 3 sections or panes. The first pane provides the key info, history and correlations about the incident (see the following screenshot).


By seeing the Key Info right away I know what is going on with this incident at a quick glance and make a decision on whether or not i need to spend more time on it.  In DLP 9 this information was scattered a bit about but can bee seen quickly at a glance.

The second pane of an incident shows the match count behind this incident.  Based on the information I’ve read in the first pane, I will then spend time in the second taking a look at match count and also checking for false positives.

The third pane of an incident shows any custom attributes I am looking for or using.

Policy Changes

There have been some changes and additions to the default policies that ship with DLP however the way to write a policy has not been changed.  One of the policies has been modified to take a part some of the changes in the HITECH act.


As mentioned previously, under the menu Policies, you have the ability to configure the discover servers and scans and also edit the exact data and indexed documents. 

System Changes

There have been many changes to this part of the console as well.  The system section is broken up into the following areas:  Servers, Agents, System Reports, Settings, Incident Data, and User Management.

One really nice change is the addition of a credential manager, which is found under Credentials.  This allows me to save a credential and re-use it in different scans, etc.  This is found under System –> Settings –> Credentials and looks like the following:




Thanks for spending the time to read this overview of DLP.  In February I will be doing a webinar on DLP and if you are interested you can visit my company’s website (ITS Partners) here for more information and to sign up.

More employees steal data then ever survey says

The recession is creating camaraderie amongst workforces, at the expense of their employers, is the finding of a transatlantic survey. Carried out amongst 600 office workers in Canary Wharf London and Wall Street New York, 41% of workers have already taken sensitive data with them to their new position, whilst a third would pass on company information if it proved useful in getting friends or family a job.

From an article on a security website, it states more and more employees are stealing data when they leave their current employer.  A couple of interesting stats from the article:

  • 85% of people admit they know it’s illegal to download corporate data.
  • 57% of people say it is easier to take sensitive data this year, up 29% from last year
  • Top of the list is customer and contact details

During this current recession people are doing whatever they can to have an edge, especially in a new job.  If I take my current customer list to me new job, then I will instantly have a leg up.

As an employer you need to protect your data, do you even know where your data is?  Using a tool like Symantec’s DLP you can find that information, track that information and prevent it from leaving your network. 

Welcome to Symantec DLP 10

Symantec has announced version 10 of its DLP product (formerly known as Vontu)  In a press release, Symantec touts DLP 10 as the

Symantec has announced Symantec Data Loss Prevention 10, the industry’s first open data loss prevention (DLP) platform, which aims to give customers more options to find and fix data loss problems. As organizations strive to center their security strategies around information, DLP becomes essential.

Symantec DLP has undergone various changes since they purchased Vontu all geared to making the product stronger and more useful for the security professional.

DLP 10 will “allow companies to apply encryption and enterprise rights management (ERM) based on content and will integrate with additional Symantec products.

One of the products DLP 10 will integrate with Symantec’s Workflow product to help build automatic response and workflows into the product.

DLP 10 will also support 25 languages and add full localization or Japanese, Simplified Chinese and also French.

DLP 10 will release to the public in December

Symantec/Altiris slipping in Redmond Magazine’s User Awards

I’ve been reading Redmond Magazine (formerly MCPMag) ever since I got my first MCP (Microsoft Certified Professional).  Each year, Redmond’s User Awards are voted on by the readers.

This year, Redmond created more categories and had more products to vote on.  However Symantec/Altiris fared worse then last.  Part of me wonders if this was because of how bad Altiris 7 was right out of the gate or because not many have moved to version 7 and version 6 is starting to show it’s age.

Some of the categories that Symantec/Altiris was listed in:

  • Best Software Distribution Product:
    • System Center Configuration Manager won
    • Deployment Solution came in second
  • Best Asset Management/Resource Inventory Product:
    • SCCM won
    • Altiris Service and Asset Management Suite came in 3rd
  • Best Licesnse Managemetn Suite:
    • SCCM won
    • Altiris TMS came in 3rd
  • Best Imaging Product
    • Symantec Ghost won
  • Best Software Packaging Product
    • SCCM won
    • Package Studio came in 3rd
  • Best Remote Troubleshooting Solution:
    • SCCM won
    • Altiris Client Management Suite came in 2nd
  • Best Patch Management Product:
    • Nothing Altiris listed which I found interesting
  • Best Applicaiton Conflict Testing Tool
    • Installshield AdminStudio won
    • Package Studio came in 3rd
  • Best Antispyware Tool:
    • Symantec Antivirus won
  • Best Anti-Spyware Tool
    • No Symantec products even though SEP has an Anti-Spyware portion

More information can be found on Redmondmag.com

Burton Group names Symantec, RSA, and Websense as best DLP vendors

Recently came across an article, from my Google News feed in regards to a recent study about DLP products.

A great point from the article is that DLP is no longer just concerned about monitoring the network and what happens there, there is an even bigger need to monitor data on the endpoint and also on file shares.  Data at Rest (DAR) is only a click away from being Data In Motion (DIM) and needs to be protected just as well.

Another interesting point is the convergence via acquisition that is occurring as the big companies are snapping up the smaller DLP players and integrating them into the existing product suite.