Symantec Data Loss Prevention Reviews

I am using the current version.

We are planning to implement OCT, which we consider a valuable feature. 

We also like the maintenance pack for bug inspection. We encountered many bugs, especially with the Endpoint MP1, the MP2 being the other one. 

I would like to see an improved interface, with better documentation and integration with other products.

The initial setup could also be better, so that the solution would easily interact with other monitoring tools without the need for taking further steps. 

I have been using Symantec Data Loss Prevention for four or five years. 

The solution is stable. 

The solution is definitely scalable. 

For non-critical issues, technical support lends email assistance. Otherwise, we will work with the log. For critical issues they talk with us by phone.  

The initial setup is easy.  

I cannot comment on the price, as this is in the purview of the finance team. 

I rate Symantec Data Loss Prevention as an eight out of ten. 

The primary use case is for handling confidential data, such as customer data, employee data, and IT confidential information. We used this solution in some contracting work. We classify the data by assigning each division user their own classification, e.g., confidential, restricted, internal, or public. According to the data we get from the customer, we find fairly unique keywords and common words from the data and we put it on the Symantec DLP engine as a use case or policy. If, for example, the content or classified files cannot leave the organization, I can turn the use case into a policy as keywords mentioning specific data and unique keywords in the documents. This restricts documents from leaving the organization. That's how I create a policy based on the use case.

Another unique feature which I have found is a solution that we needed for one of our customers. They provided laptops at one of their facilities. Their users had administrator access, but the company cannot control those laptops. They are things, moving outside and inside for technical work. They noticed that their users have personal email accounts through Gmail and they installed Google Drive on their laptops. The problem is when Google Drive synchronizes, most of these company documents have a few admins that sync back up to these personal laptops. 

After deploying Symantec, we created a policy for data loads. We found some confidential files had been backed up to the cloud from their personal laptops. The company documents back up through employees' personal Google Drive. They found it and informed the company, who restricted the application purpose for those employees.

The customer was happy about the solution.

They have a feature on the management side called the document indexer. If you have a unique document with many near-identical versions, which have one or several values that change, while the rest of the content stays the same. You can collect 50 of those documents and put them into this feature of the Symantec DLP system. It will compress them and create a profile specifically for that document. 

For example, if you are getting a daily performance report for your company, each report will be completely the same, except some of the numerical values may change. I can collect 50 documents from the last 50 days and put them into the system to compress the documents and create a profile. I can then put this in a policy that will monitor only those documents. If an employee tries to send those documents outside without authorization, the system will block the documents. I have found the data indexer in Symantec, but I didn't find it in McAfee.

Each company is used to working their own way because they invested in developers and they worked with their project team already. We have worked on some projects and got feedback from the customer. Most of the time I develop this data loss deployment, when I assign data loss threshold values, some data thresholds will need to be higher. For example, IT users need a higher threshold because technical documents include confidential work.

In a 60 page technical document the confidential work might appear 50 times. If that document comes out of the machine or if he tries to send it to another IT user, it will technically be considered data loss because of the threshold value end for the confidential work. In that same way, I have to fine tune those metrics depending on the customer or customer group and the employee group. IT needs certain metrics. A financial user or financial goods need different metrics.

That fine-tuning has to be done for the customer as well as the vendor. If I take Symantec DLP, we have to have some final fine tuning but we may need some time developing this depending on the customer. This is an area where something can be done to improve the product. 

Also, due to the cloud emerging technology in the world at the moment, most of the content and data that we use from the cloud if from some organizations in Europe and the US. For those users, I think Symantec DLP has already provided a testing agent. Those are advantages and improvements that could be made to Symantec DLP.

Their user interface and other features are fine as is.

It's stable. Currently, we are running on two and a half to almost three months. Up to now, I haven't experienced any system issue at the customer place. I used to go and do some fine tuning in the policies only.

It's scalable. There are three users for this solution at the customer. They are information security engineers. Two are senior and one is just an engineer.

Those users are responsible for the solution and the entire agent count is 800 users. For 800 users endpoints have been installed.

It's fine for now, but I think they are planning to expand the solution to another 500 users by next year.

We have experience and most of the time you get very good technical support. In our experience, we only needed support four times for some fine tuning because there is some fine tuning that I cannot do. In those cases, I created a ticket from the support portal and within three or four days they replied. They could typically rectify the issue within one or two weeks. Afterward, they send a report survey for evaluation. 

In short, the technical support is great.

The setup is straightforward. The only complexity comes from the Oracle Database side. Other than that, it is straightforward. It took a half hour to install it. Once you install the manual server, and the detection server on another server you just have to install the alias. I didn't have much problem installing the system.

I installed it myself. Implementation took one day.

I initially checked with the customer how to do their implementation and then I gave them the system requirements. Only then did I go on to staff, once they had given me access to the servers. I only did preliminary planning with technical staff first, then sat down with the customer and planned it more thoroughly.

Only three people take care of this solution from the management side. Externally, there is also a special SI engineer and a travel engineer.

In terms of pricing, Symantec DLP works with Oracle Database. Oracle Database licensing is much more expensive than other databases. That might be a drawback for customers.

The pricing is on a yearly subscription basis. For the current customer year, we already paid up front as part of the first three years.

We had a partnership with Symantec so we didn't use any other solution because we signed an agreement with them and we started deployment with the customer. We evaluated the system with the customer and once the customer confirmed that we should secure Symantec DLP we deployed the solution.

My advice is that the DLP solution is the emerging platform in the world at the moment. First, we had to get some idea on how data works at the customers: data in motion, data in rest, data traveling, etc. Typically data travels through emails from the endpoint by USB, email and CD writing it to a CD or copying it to a network share or from a network share. Those are what you need to know before starting the day of implementation. How this data travels inside and outside the environment.

I would rate this solution as nine out of ten, because they are a leader, competing with some other vendors, providing updates, releasing new versions, and providing technical improvements on their side. I would say it's fine.

DLP's most valuable feature is compliance.

DLP doesn't work well with Mac OS systems and tends to give false positives. There are also problems in terms of CPU utilization because all the policies are based on a traditional DLP system, which makes it quite heavy and creates issues with user experience. In the next release, DLP should include OCR features, and I'd like the agent to be lightweight, which means the policy should be in the cloud.

I've been using Symantec DLP for two to three years.

I don't find DLP stable.

DLP has no issues with scalability.

Since being acquired by Broadcom, the support has really degraded for small and medium enterprises. They don't help with anything and just send emails when we ask them to come on call.

Negative

The initial setup was easy.

DLP could be a bit cheaper.

I would rate DLP as five out of ten.

• Detects the percentages of text and interrogate words within documents and emails.
• Finds leaks of documents and restricted controlled information.
  

We use it to discover unacceptable employee behavior, such as threats and bullying. It helps us identify insider threats.

I would like to see a reduction in false positives.

I have used this solution for three years.

There haven’t been stability issues with the product. There have been stability issues with the user community when trying to embargo documents.

There were no scalability issues other than some impact on sending large documents when tracking content for restricted data.

The technical support has been excellent. We had DLP engineers on site.

The installation was pretty straightforward. We had to adjust for policy allowances. Once the user community gained some experience, we were able to expand the scope.

I have no real comment as we had an enterprise license. Make sure you cover all users and plan growth metrics.

We evaluated alternative solutions, but I can't recall which ones. We had an enterprise license and the product integrated with the SIEM well. There was little reason to go outside of the existing contracts.

Take the following steps:

1. Go to monitoring for 90 days.
2. Start to reduce the allowed events. Start at 100 and reduce by 20 per month.
3. Communicate any failures. (Allow for application changes, as legacy apps may be guilty of data transfer that is embedded in the architecture/file transfer.)

Previously, what was happening was that anyone could send any data outside. We now know who is sending what data and where. We can then question them: "Why have you sent that data?"

In DLP one of the most valuable features is that you can check attachments. 

In addition, it gives me the data such that, if someone is using a browser and email, I'm able to figure out who is sending the data.

Symantec customer support is very bad.

We are finding delayed response if the macOS is updated. They need to make sure their solution is compatible.

Also, if any data at all is going outside of our network and it matches our screening it has to be captured and we should see it detailed properly: Who is sending it, where they're sending it.

The stability has met our expectations.

I'm not good with the scalability. It's not capturing everything. If someone's trying to send from Gmail to some other browser or if someone is using Safari in a Windows machine, under those conditions it's not captured. 

This is the first product of its kind for us. Nobody seemed to know much about this product but we figured out how to use it, and the vendor gave us training, so we have been able to handle it.

The initial setup is a little complex. But once you go through it you get used to it. After using this product it becomes easy to handle, easy to understand. Our deployment took about two months for 2,000 users. 

Our strategy was simple. I needed to implement it for every user so that we could monitor any data.

We used the vendor's support and it was nice working with them. They helped a lot when it came to the deployment.

I wasn't involved in the pricing negotiations but from what I know the pricing is good, it's not too expensive. If you negotiate you can get a good price.

We evaluated multiple solutions, such as McAfee.

We have around 1,500 users in HR, admin, the finance department, and IT. For maintenance of the solution we have two people. It's covering all users at the moment so there are no plans to increase usage.

I rate the solution at eight out of ten. It is fulfilling our requirements.

I use it in my own environment for data loss prevention.

I installed it for testing purposes. I've logged some of my data through different policies. However, I've only done this at the endpoint channel, not on, for example, email channels.

There's only one policy needed to implement for all channels. That's a good point for Symantec. To have one policy for all channels has been great. You don't have a user workload. You can manage everything through a single policy.

The solution is not user-friendly. I've had to do a lot of research to try and figure things out on my own.

Due to its database, I first had to install an Oracle database. This should change. The product should allow for the use of an SQL database, and, if possible, it should have an embedded database. The solution should be easier to integrate on different solutions.

The data classification is very difficult in Symantec. It's hard to integrate the detect activation tools, whereas, in Forcepoint DLP, it's better. It's very user-friendly and the quality is defined and it is very clear. Symantec should try to emulate those aspects of Forcepoint.

It's difficult to implement in a protected environment, due to its architectural layout.

The initial implementation is quite complex.

The technical support has really dropped in quality since Broadcom acquired the product.

I've used the solution for a month so far and for endpoint channel only. It hasn't been too long. 

The solution is stable. I've seen the people are using it in very large organizations with no problems. It doesn't crash or freeze. It's not buggy. There aren't glitches. However, it's difficult to maintain and run the product.

The solution is quite scalable. From articles I found online, it looks like you can manage around 5,000 to 10,000 endpoints easily through Symantec. You can expand it by quite a bit if you need to.

I've only been using the solution myself over the course of a month. I implemented the solution to two or three other users. I do not plan to increase usage as my intention is to move to another product.

The technical support, after Broadcom acquired Symantec, has been not very good. It used to be maintained by Symantec itself. Since then, there has been a drop off in responsiveness and helpfulness. After being acquired by Broadcom, the support, even at the endpoint level, took two to four days.

We aren't satisfied with the level of support. It should be faster.

This is the first DLP I've used, however, I am switching over to Forcepoint DLP. I'm not staying with Symantec.

the initial setup is not straightforward or simple. It's quite complex.

The whole deployment process took about two days or so.

In Symantec, you have to first install the Oracle database, then you can go on to install the enforce server and then detection servers. It will take time.

I have done the entire installation by myself with the help of some installation guides. I did not contact a consultant or integrator for assistance.

We have a license for our clients. However, in my case, I've only used the trial license in my environment.

I've looked into Forcepoint and it seems to be much better as it's user-friendly and there are some other features that I like. I've just looked into it for comparison purposes. I've never actually used it.

I would recommend this product to other organizations, however, I would warn them it's difficult to maintain due to its architecture.

The solution is pretty stable. They are not bad; they are pretty complete. But I'm not a big fan of Symantec.

The most valuable feature is file-level DLP. It gives the possibility of creating rules; it's possible to know when a file is with the laptop or computer and servers. It can be any type of file.

The console is not the best one. There is room for improvement in the management console. 

I have been working with this solution for one year now. 

The stability is good enough. I would rate it an eight out of ten. 

It is a scalable solution. We have this in all geographies nowadays. So, it's very scalable.

I would rate the scalability an eight out of ten.

Overall, I would rate the solution a seven out of ten. Because it's not only a question of technicality, it's a question of privacy, it knows everything, so I don't like it much.

We primarily use the solution in order to detect the exfiltration.

The exfiltration capabilities are great. You can put all of these rules in the product to detect the patterns and text. You can build the rules to detect credit cards and personal information, for example. 

Technical support, by and large, is very helpful.

In general, it's a solid, dependable product.

The database is a problem for us, as it's running on Oracle and not everybody likes that. There's a licensing issue with the database. There's a sizing issue with licensing. They did improve it a bit. It supports a virtual server now. However, the pricing and the fact that you install it on the machine and you have to count all the CPU, makes it a problem. It's workable. We dedicated a physical machine to it. It's a bit of a legacy solution. 

The licensing is a bit of an issue for us. They need to work on the way the licensing is set up.

A feature we would like to see is entropy detection in text. We need something that detects when you send an email and you try to hide something by using simple encryption techniques. It's typically called entropy. If we had entropy detection in the regular text that would be ideal

I've been working with the solution for about a year. It hasn't been that long.

It's a pretty solid, reliable product. We haven't had any issues with it overall.

We've found the technical support to be quite helpful and responsive. We're very happy with the level of support we receive.

The licensing is an issue. You need to get a dedicated machine. Otherwise, you have to pay for all the CPU in your data center or all the clusters in VMware. It used to be two issues. One was the support of virtualization and one was licensing. In the latest release, they solved the virtualization. They said "Okay, you can run the database and everything could be on the virtual machine", which is great. The other issue of licensing is still a pending issue. We still have to run on the dedicated hardware, however, it needs to be a small cluster or a small machine, to not pay for the entire cluster.

We are Symantec partners.

We are using the latest version of the solution. I'm not sure of the exact version number, however.

Overall it's an excellent product. It helps you reach your goal and solve some issues. We did it in six months. It's really an excellent product. There is a bit of a legacy component about the database and the way it works. We can see that the evolution of the technology was a bit slow for the backend, however, the product itself is solid.

I'd rate the solution at a nine out of ten overall. We've been largely quite satisfied with its capabilities.