Symantec Data Loss Prevention Reviews

It helps us meet requirements. There is no product that gives you 100 percent coverage, but it's quite an improvement. It gives us added value.

When it comes to operational costs, a lot of false positives have been eliminated. It's an ongoing activity.

It has good options for policy findings. You can do granular policy enhancements with multiple options. And the SMB blocking is a very good feature.

Other good features include 

• application control
• integration with other proxy servers
• data discovery.

And the dashboard is very user-friendly. The solution is very easy to use, if you know the baselines, concepts, and how to implement things, it's very easy.

In terms of detection, that's up to us to decide exactly what we want. Whatever we have found has been worth it.

Symantec Data Loss Prevention also supports Macs and Linux. It's up to you how you filter your traffic. A normal user's machine should not have Linux. Usually, that would be a server-level operating system, but there are different controls for different operating systems.

I have been using Symantec Data Loss Prevention for over 10 years.

We use the violations that we see to understand the new techniques used to bypass data leakage. When there is any such "enhancement," we provide it to Symantec, and they work on it to give us a fix for it.

Where things could be improved is that product engineering takes time to respond when we make a request. They get on a call for troubleshooting, but fixing the issue takes time. Symantec was bought by Broadcom.

Positive

Compared to competitors, it gives added value, but not every product gives you everything. Compared to other solutions, Symantec DLP is very good when it comes to the quality of detection.

If you're thinking of using a cheaper solution, often, it's only when a breach happens that management puts money into cyber security. These are very critical functions and these controls are necessary to know what your employees are doing and what kind of data is going out, is in ingress, or in motion. Security can't be compromised. There is no cheap product. Evaluate what your company requires.

If that kind of security is required, I would recommend Symantec DLP. It depends on your needs.

We use DLP to monitor network traffic and prevent sensitive data from being exfiltrated outside of the company. Symantec also helps us discover data at rest in an environment that may be sensitive. The solution covers more than 10,000 users across various business units and layers, including endpoints, networks, and storage.

DLP is a control instrument for ensuring that an organization complies with regulatory requirements. For example, banks have requirements for storing credit card data, GLBA regulations, etc. DLP can help a bank avoid fines and protect it from civil liabilities.

Companies are audited annually, and DLP improves their risk posture. It ensures business operations won't get shut down because we don't know what we don't know. There are also internal threats, such as people leaving with privileged information on a USB. For instance, an earnings report could be stolen by a disgruntled worker and leaked to competitors. Symantec provides good definitions in the rule set. It can be customized to scan inside documents and pattern-match any unstructured data to comply with what the company needs.

The data-at-rest features are the most valuable because they let us identify data infected with ransomware and prevent employees from being exploited through phishing attacks. If an employee is compromised, the attacker can access servers and deposit ransomware. This enables the attacker to exfiltrate data remotely using employees' credentials. It might be valuable data that could cause a business reputational and financial damage if stolen and publicized. It could also be credit card data or personal health information stored on critical servers.

The false positive rate is excellent. It's about 90 percent accurate and gets better as we fine-tune the rule sets. When we have new incidents, we can work to lower the overall risk based on user behavior on the endpoint, the kinds of data we out on SharePoint, and the type of web or FDP traffic generated internally. I assess the effectiveness of a policy based on the number of false positives generated. We need to tune the rule set if it's greater than 20 percent. 

The solution's data recovery is fast. It depends on the size of your storage, but I have no complaints about the speed of data recovery because there are several detection servers with the necessary horsepower to handle the amount of data that needs to be discovered. It could be remotely scanning a SharePoint server or a file server. The local agents can process data in the expected timeframe.

The upgrade process is convoluted. The server and database software must run in line with third-party providers like the Oracle database. If an Oracle database reaches the end of its life, then servers must be decommissioned, and you need to bring new servers online.

When the maintenance packages are deployed to the management server, they don't get pushed to the detection servers. Each detection server must be manually installed rather than automatically made from a single server. If it's a large enterprise, you need to manually install it or use a GPO or some other technology, which I never use. 

The vendors should also give a heads-up long before updates are released so internal teams can meet their change management lead times. Some vendors don't provide enough notice. They often announce a new version or a vulnerability that needs patching a week before it comes out. It should be a month before. 

The upgrade packages should have better documentation on the upgrade procedure instead of prerequisites spread throughout multiple documents. The wording should be more precise.

I have used the solution for ten years.

Symantec DLP is highly stable. I've operated on Linux and Windows. Linux is stable and doesn't require much patching, but Windows requires more patching, and the service sometimes needs to be restarted. 

Symantec DLP has unlimited scalability if you buy enough licenses. Symantec has servers in the USA, Canada, Asia, and Europe that manage policies differently. For example, Europe has its own compliance rules for GDPR. Incident response can be managed well and segmented away from the rest of the world. You can implement Europe-specific policies. 

I rate Symantec technical support a seven out of ten. 

Neutral

I previously used an appliance called Websense to analyze traffic for data loss. I used other Broadcom tools before Broadcom bought Symantec called Broadcom Proxy and CloudSOC Gateway. I didn't switch from Websense to Broadcom. It was just something I tried, so it wasn't a full deployment. Symantec DLP is head and shoulders above the competing on-prem DLP solutions.

There are a few tricky parts when setting up Symantec DLP, but it's straightforward overall. We used an integrator for the deployment and didn't experience any hiccups after they were finished. About ten people from my company were involved. 

We have two or three people doing maintenance on the solution, like weekly health checks to ensure services are running and traffic flows through the console dashboard. We need to check the incidents generated from the detection servers and verify that everyone can log in. The main part of maintenance is periodic system updates and vulnerability patches.

We see an ROI. During testing, I found it captures and blocks immediately. DLP is able to perform the necessary alerts. We can work with the business and get them on board to see what kind of data they use. We can assign the right roles and manage each business to assess its performance in terms of data loss. Symantec enables us to generate reports to show if their security posture or data loss is changing over time. It's a valuable tool that does what it claims. 

The price of Symantec DLP is fair. I don't recall the cost of the license, but it wasn't outrageous enough that it was an obstacle to approval. I'm not concerned with how much per seat or server, but I know they charge a lot. 

If you're thinking about going for a cheaper solution, I suggest a close comparative analysis of the strengths and weaknesses of each solution by researching online and reading the vendor's documentation. You have to define your security requirements and look at factors like false positive ratios and whether it meets your compliance needs. Some companies only need to meet the minimum regulatory requirements, so a cheap solution that ticks all the right boxes might work. However, if security is the primary goal, you should compare the strengths and weaknesses of that cheap vendor against two or three other DLP vendors.

I didn't evaluate other solutions before choosing Symantec DLP this time, but I evaluated other DLPs for different projects. However, those were cloud-based DLPs, so it's not an apples-to-apples comparison. 

I rate Symantec Data Loss Prevention an eight out of ten.

I like how I have the possibility to check different channels with the same policy set.

The machine learning solution is very good. Many of our partners are not using mostly the machine learning function yet, however, the index document matching, the IDM, and the actual data matching function are the most useful. Those are very, very good functions of the DLP.

The OCR functionality could be better. We have OCR functionality. However, it is not as effective. It could be more effective. They need to work on the function that can catch PDF 5 and PDF 5 based on pictures, images, JPEGs, and so on, with text-to-all content. The main goal of this is to check those pictures against corporate policies.

I'd like it if, in DLP, the agent could have more detection capabilities.

Currently, many features can work only with Endpoint Prevention, Network Prevention, and Email Prevention. Those capabilities do not work on the Endpoint Prevent and Endpoint Detection. 

They need to expand the channels they check. It could be wider. So it should be able to check, for example, WhatsApp and mobile solutions, mobile communications, Facebook, et cetera. We're worried about data leakage on these channels. 

I've been using the solution for six to eight years.

In terms of stability, we have issues, yet not too many. The basic functionality works fine. In my opinion, it is one of the best of the market.

The solution is scalable. 

We can use it in a single tier if there are not too many users and agents. That said, it can be easily extended to use as many server components as we would like. If there are too many people, 4,000 or 5,000 agents and users, we can use 10 or 15 servers. There is no problem with the scalability of DLP. 

On two or three servers, we have around 1,000 agents. Not more than that.

I have problems with Symantec technical support. It is too slow. There are also problems with competency. With the time factor, the reaction time and response time are very long. There was a situation where I had 168 hours between the initial outreach and response. It was not the best for my customer and for me.

Neutral

I did not previously use a different solution. 

The setup is a bit complex due to the Oracle database. I now have many problems installing and managing the Oracle database. At the moment, I just have a huge problem upgrading Oracle 12 to Oracle 19. It is not too easy. That said, if Oracle and the basic DLP are installed, then it can go smoothly. Afterward, there are no problems with it.

I am not a sales. However, I see Symantec's prices are the highest in the market.

The technical solution is quite good, however, when the customer sees the prices, they tend to say "Okay. It is very good, yet we do need to choose a cheaper one."

I'm a reseller and integrator.

I am just upgrading the previous version, 15.5, to the newest one, 15.8.

I'd rate the solution eight out of ten. 

I use Symantec Data Loss Prevention since it is a product that is currently involved in an API-level integration with Google Chrome while ensuring that users get to avail some advanced features in the current version of the solution, making it an overall good tool.

The most valuable feature of the solution is its OCR process for image recognition. Symantec Data Loss Prevention can extract all the data from the image. In scenarios where a user may be trying to get some screenshots of certain confidential documents, Symantec Data Loss Prevention will extract whatever data is included in that image, after which it may block the user who was involved in the act.

Symantec Data Loss Prevention's AI technology has certain shortcomings where improvements can be made. Some source code developer companies may have multiple source code data available, and our company may upload such multiple source code data, which may go up to 50 GB of data in Symantec Data Loss Prevention, and expect the AI part to look into what should be the confidential part in such a file so that we can create a policy in our company to manage what should be blocked or allowed.

I have been using Symantec Data Loss Prevention for two years.

It is a stable solution. With Symantec Data Loss Prevention, I have never experienced any downtime.

It is a scalable solution.

The solution's technical support was good. The technical support team of Symantec used to take up cases or issues on priority.

For Symantec Data Loss Prevention, my company needs to deploy a database from Oracle and add a detection server depending on the organization's needs. A company can proceed with either a two-tier deployment or a three-tier deployment. A database from Symantec needs to be included during the deployment process compulsorily.

The solution can be deployed in a day or two. Preparing the database takes one day, and adding Symantec's detection server takes around 30 to 60 minutes.

The solution is deployed on an on-premises model.

Right now, my company seems to be interested in Censornet's DLP product features.

I recommend the product to those who plan to use it since it offers all the good features, along with a good GUI and user experience.

I rate the overall product an eight out of ten.

Our customers mostly use it for data discovery, content monitoring, and policy enforcement.

The most valuable aspect of Symantec DLP is its powerful policy system. It helps us control data, like making sure nothing leaves our setup. The policy management console is user-friendly, and it offers a range of options to suit our specific requirements.

There is room for improvement in the remote control capabilities of the DLP solution. Currently, if the client-side agent is not installed, there are limited features available, and remote management through the manager portal is lacking. This is particularly important for users on VPN who would benefit from full remote control and management features.

I have been using Symantec Data Loss Prevention for a year.

If we had the remote control feature, it would significantly improve the overall stability level of the solution. I would rate the stability as an eight out of ten.

I would rate the scalability of Symantec Data Loss Prevention as a seven out of ten. It could use some improvement. We have eight users of the solution at our company. This product is not designed for small or medium businesses; it is intended for enterprise-level use, particularly in sectors like banking, finance, and insurance. We currently serve about ten enterprise customers who utilize the DLP features of the product. We have a few hundred clients using the solution.

I would rate the technical support as a nine out of ten. It is fantastic.

Positive

Our deployment process begins by understanding the customer's requirements and ensuring they have the necessary server infrastructure in place. We then install our DLP product on the customer's site and set up data agents. The customer is responsible for installing the agent on their users' devices. We proceed by creating and applying data protection policies tailored to their specific data requirements. Many of our customers have a lot of sensitive data, so they worry about its safety even after we've applied the rules. I would rate the easiness of the initial setup as a seven out of ten. It is quite user-friendly. The deployment time for this product varies based on customer needs and availability. If everything goes smoothly, it typically takes around one and a half months to deploy all the necessary components, including agents and other requirements. 

I am a technical person, so I don't have specific pricing details. However, I consider it to be in the average to moderately expensive range because it is tailored for enterprise use, not SMBs. Pricing can vary depending on specific needs and configurations.

My advice to people who are considering implementing Symantec DLP is to request a demo to see how it works and experience its features. Subscribing to these features, applying policies, and learning about the advantages will help them make an informed decision about whether it meets their specific needs. Overall, I would rate it as an eight out of ten.

We use this solution for exact and index data matching, vector machine learning and endpoint prevention. We can use USB, make the solution notify a block policy and make response rules. It allows us to add the directory indication, make the agent configuration from the DLP, and then enforce them.

We can also complete different types of single-tier, two-tier and three-tier installations. For single-tier installation, it can enforce or recommend detections servers on the same servers. For two-tier, it can enforce on the same server and the detection server. And for three-tier, Oracle enforced, and the detection server is on separate servers.

The most valuable features are file integration and optical character recognition. It is a new technology integrated in DLP. File recognition technology mainly uses DLP, and we can use encryption technology to integrate the endpoint detection servers. The solution also helps to integrate the cloud access service broker in the DLP console, and we can complete information-centric tagging. For example, we can tag the files as private or public and protect them on the DLP console. In addition, we can classify data according to the environments and handle the files per the policy created from the console.

Different departments should manage administration, reporting, normalization and incident management. For example, for incident management, escalation can be completed in a specific department, and we can notify a manager and send an email when an incident has been triggered. In addition, confidential files that shouldn't be sent as a CV are managed. A DLP is a confidential solution that cannot be used to send unauthorized organizations' data to others.

The previous versions had a flaw when we installed the agents. We can install the agents manually or by the SCCM and easily manage the database and incident services. We can make several rules if we have a network or endpoint. We can also manage dashboards and administrators, super users and view roles. The larger administrator that manages the activities and daily reports has access to the best access tools. We can utilize user roles for the view access tools and to make policies.

We have been using this solution for ten years and are using version 15.8. It is deployed on-premises, and the cloud is used for network payment for email.

This solution is very stable.

It is very scalable, and there are no issues with maintenance.

We can easily manage technical support unless we need clarification on a version of data or a task for principal clarification. I rate the technical support a nine out of ten.

Positive

The initial setup was straightforward. First, we had to install the Oracle database, which requires 19C if you use version 15.8. Then, we had to deploy and make the info server. After that, we had to complete the Oracle and listener configurations and connect the database. We then had to install the Windows Server and add the detection servers from the endpoint server.

During the installation, we imported different templates in .VSP format. The solution allows you to make policies and procedures with built-in templates, and there are templates for multiple sectors, such as energy, banking, financial, and telecommunication. It can be downloaded from the portal during the installation of the Oracle added to the enforce server. We can make different policies like data matching, index data matching, vector machine learning, and desktop content matching. For example, we can use proximity matching to detect data for 70% matches, 50% matches, or 20% matches. We can also upload different documents for index data matching. Exact data matching is for structured data, and index data matching is for unstructured data. Vector machine learning is for positive and negative threats, and the threshold is set for that purpose. I rate the deployment a ten out of ten.

There is a perpetual license for three, five and two years. There is also a one-year renewable license for different parts. In addition, there are licenses for different consoles, namely Endpoint Discover, Endpoint Prevent, and Network Prevent. So it is an easy tool per the budget firewall and not difficult at all.

I rate this solution a ten out of ten. Regarding advice, it is the best solution and has the best reputation. It is easy to manage and an excellent solution for data classification. It is the best solution I have ever used. We prefer Symantec to other solutions because their products are not difficult to integrate with a single console that is easy to manage.

The use case for Symantec Data Loss Prevention depends on the requirements, for example, customer requirements and needs. Overall, the solution is used for identifying data and handling exact data matching criteria.

What I like about Symantec Data Loss Prevention is the technical support it provides. It's good.

Currently, I can't see any areas for improvement in Symantec Data Loss Prevention because the solution seems to be better than all the other vendors out there. It seems all the other vendors are trying to mimic what Symantec Data Loss Prevention is doing in terms of components, practice, and modules.

Sometimes setting up the solution can get a little tricky because it would depend on your internal infrastructure. For example, you have to connect the Symantec Data Loss Prevention platform and you need to integrate it, so that could make the process somewhat difficult.

I've been dealing with Symantec Data Loss Prevention for ten years. I'm using the most up-to-date version of the solution.

Symantec Data Loss Prevention is a stable solution.

Symantec Data Loss Prevention is a scalable solution.

I like the technical support for Symantec Data Loss Prevention. It's pretty good. Support is one of the advantages of the solution. Support is a little costly, but you get what you pay for.

The initial setup for Symantec Data Loss Prevention is straightforward, particularly if you use the guide, but it gets a little complex based on the networking connectivity you have within your environment. Sometimes setting up the solution can get a little tricky because it would depend on your internal infrastructure. For example, you have to connect the Symantec Data Loss Prevention platform and you need to integrate it, so that could make the process somewhat difficult.

The advice I would give to others looking into implementing Symantec Data Loss Prevention is to make sure they have a lot of resources on their servers, particularly in terms of disc size, CPU, etc. The bigger the box is, the better.

There's no perfect solution, so I'm giving Symantec Data Loss Prevention a rating of nine.

The primary use case for this solution is ensuring compliance. Organizations that handle sensitive data find it crucial to implement a data loss prevention solution to prevent unauthorized data breaches.

One of the most valuable aspects of this solution is its integration capabilities with Office 365. This integration enables comprehensive monitoring and control over data leaving the organization.

A significant area for improvement in the product is reducing the number of agents required and improving integration as a unified client ecosystem.

Integrating artificial intelligence to automate policy creation based on user behavior and data sensitivity would be highly beneficial

I have been using Symantec DLP since 2013.

I rate the product stability an eight. 

I rate the product scalability an eight or nine out of ten. 

Symantec has a good support network. However, since the acquisition by Broadcom, support has become more challenging, although some regions still provide excellent support.

The installation process for this solution, based on my experience, is straightforward and user-friendly, ensuring minimal disruption during deployment.

It can be deployed on-premises and in hybrid models, providing flexibility to organizations based on their specific security and operational needs.

The product is high-priced. However, it is worth it for the comprehensive data protection it provides.

We have considered products from other vendors like Microsoft, Forcepoint, McAfee, and Trend Micro. However, Symantec covers all aspects and use cases effectively.

Incident response capabilities are integral to this solution's functionality. It features robust workflow controls that facilitate timely and effective responses to security incidents.

I rate it a nine out of ten.