Symantec Data Loss Prevention Review and Alternatives

Data loss prevention (DLP), just as the name implies, is a strategy for detecting and preventing sensitive corporate data from leaving your network. The tool used to enforce a company’s data loss prevention policy is called DLP software

DLP software mitigates the risk of data leakage or data loss by monitoring, detecting, and blocking sensitive data while at rest (data that is not moving such as database, file share, etc.), in use (data that the user is currently interacting with–endpoint actions), and in motion (data traveling across a network through various communication channels–network traffic). It ensures that sensitive information is identified and risk-appropriate controls are deployed, with minimal impact on business processes.

Choosing the Right Solution: Enterprise DLP vs. Integrated DLP

Organizations looking to implement a DLP solution for their budget and functional requirements have to consider several strategies. Enterprise and integrated DLP solutions have emerged as two strategies organizations need to implement sustainable DLP strategies.

Enterprise DLP solutions are standalone products that offer comprehensive tools and policies for both data at rest and in motion, content and contextual scanning capabilities, device control, and centralized policy management and reporting, including policies to support regulatory compliance. Given the comprehensive nature of enterprise DLP products and their extensive data protection tools, many companies believe they are the only option worth considering. And, in the case of big organizations, that is undoubtedly true. But for SMBs that do not need the full capabilities of enterprise DLP tools, this can be problematic. As a result, most organizations, especially SMBs that purchase enterprise DLP, often use only a small part of their capabilities. This is where integrated DLP comes into play.

Integrated DLP solutions are primarily extensions of existing security tools that offer a cut-down version of enterprise DLP solutions while eliminating the complexities needed for large-scale networks. As a result, they cost considerably less than an enterprise DLP solution and take little time to implement. However, the risk of integrated DLP is their limited customization options and capabilities.

Organizations looking to deploy a DLP solution should first assess their needs, including areas where their data is at risk, the scope of the controls, and scalability requirements. Then, the focus should be on those actual needs when deciding which DLP option to go for.

Symantec DLP Solution

The Symantec DLP solution by Broadcom stands out as one of the leading enterprise DLP solutions out there. It comprises a single unified management platform, lightweight endpoint agent, and powerful content-aware detection products that all together provide comprehensive discovery, monitoring, and protection capabilities that give you visibility and control over your confidential data. The various product components comprise Network Discover/Cloud Storage Discover, Network Protect, Network Monitor, Network Prevent, Endpoint Discover, Endpoint Prevent, and Enforce Server.

The Enforce Server is the central management platform that enables you to define, deploy, and enforce data loss prevention and security policies. All other components—the Discover, Protect, Monitor, and Prevent modules can be deployed as stand-alone products or in combination. However, the Enforce Server is always used for central management irrespective of the stand-alone products you deploy.

The Symantec DLP solution is highly scalable and supports deployments on Windows, Mac, and Linux servers across physical, on-premises, cloud, and virtual environments, including managed services delivered by Symantec Partners. In addition, it supports cloud deployments with Symantec DLP for Cloud Storage and Cloud Prevent for Microsoft Office 365. Finally, it includes DLP monitoring for mobile devices and emails through Symantec DLP for Mobile with Mobile Email Monitor and Mobile Prevent. The various Symantec DLP components are grouped under the following solution categories:

Symantec DLP for Storage Helps organizations discover and protect data at rest across storage repositories––data stored on file servers, endpoints, cloud storage, network file shares, databases, SharePoint, and other data repositories. It does this using the following components:

  • Symantec DLP Network Discover: This helps to find confidential data by scanning network file shares, web content servers, databases, cloud, and other enterprise data repositories.
  • Symantec DLP Network Protect This automatically cleans up and secures all exposed files. In addition, network Discover detects and provides remediation options, including quarantining, moving files, or applying policy identity-based encryption and digital rights to specific files.

Symantec DLP for Endpoint As the name implies, protects data in use on endpoints. It provides complete discovery, monitoring, and protection capabilities for data in use across various channels: email, cloud apps, network protocols, external storage, and virtual desktops and servers. In addition, the lightweight endpoint agent enables two key components:

  • DLP Endpoint Discover Scans local hard drives and gives you deep visibility into sensitive files that users are storing on their systems.
  • DLP Endpoint Prevent Monitors users’ activities and gives you control over applications, devices, and platforms, including the ability to quarantine, encrypt or enforce digital right management.

Symantec DLP for Network Protects data in motion over the network. It monitors and prevents sensitive data traveling across a network through various communication channels from being leaked. It does this using the following modules:

  • DLP Network Monitor Captures and analyzes outbound traffic on your corporate network and detects sensitive content and metadata over network communication protocols.
  • DLP Network Prevent for Email Monitors and analyzes all corporate email traffic and protects them from being leaked or stolen by employees, contractors, and partners.
  • DLP Network Prevent for Web Monitors and analyzes all corporate web traffic and protects them from being leaked to the Web.

Once installed, the Symantec DLP identifies all locations that hold sensitive data and gives you the option to enforce appropriate security controls. Some of the key features and capabilities of the solution are as follows:

  • Discovers and locates confidential information in network and cloud storage repositories, on file and web servers, databases, and endpoint devices.
  • Protects brand reputation, intellectual property, and other critical data with targeted controls and policies based on user risk and data sensitivity
  • Simplifies incident triage, streamlines remediation, and detects risky behaviors and insider threats
  • Monitors network traffic, endpoints, and storage devices in real-time for transmission, use, and safekeeping of confidential data and takes immediate action toward preventing accidental exposure or sharing.
  • Delivers deep visibility of user activity across endpoints, storage repositories, networks, cloud apps, email, and the web, including Shadow IT.
  • Reduces complexity with a single unified platform for on-premises and hybrid cloud environments
  • Continuously monitors and protects sensitive data from a potential breach and automatically enforces appropriate security controls.
  • Provides templates and workflows for compliance with security and privacy standards such as HIPAA, GDPR, PCI DSS, and others.
  • Combines DLP with user activity tracking, giving it an additional security boost.

The Symantec DLP is a highly scalable solution best suited for enterprise-oriented customers, and it integrates well with other Symantec security products and tools. However, it has no trial version and flat-rate pricing fees advertised, so there is no way to try it out before buying a subscription license. Instead, you need to contact Broadcom or its reseller partners directly for trials and pricing details.

Figure 1.0 | Symantec DLP Cloud Detection Service integration with a REST client | Credit: Broadcom

10 Best Symantec DLP Alternatives

Symantec DLP is not a one-size-fits-all solution for every organization. The fact that it fits perfectly from a feature and functionality standpoint for one organization does not mean it will be suitable for another. If you figure out that it is not best suited for your environment and you’re considering a suitable alternative, you’ll find lots of them out there. To help you decide between the countless options out there, we’ve put together a list of the ten best Symantec DLP alternatives. Hopefully, this will guide you in the process of selecting the right one for your environment.

1. Forcepoint DLP

Forcepoint DLP

Forcepoint DLP is a robust and matured enterprise DLP solution that addresses human-centric risk with visibility and control everywhere your people work, and your data resides. Forcepoint was rated a Gartner Peer Insights Customers’ Choice for 2020. Forcepoint DLP includes an analytics engine that identifies and ranks high-risk incidents. The DLP solution covers network and on-premise infrastructure, endpoints, and cloud applications. A 30-day free trial or an interactive demo is available on request.

2. Endpoint Protector

Endpoint Protector
Figure 2.0 |  Screenshot showing Endpoint Protector content-aware protection policies

Endpoint Protector by CoSoSys is a highly rated enterprise DLP solution that employs e-discovery, device control, and enforced encryption to provide content-aware protection for intellectual property, personally identifiable information (PII), insider threat, and support for regulatory compliance. It was rated a Gartner Peer Insights Customers’ Choice for 2020.

Endpoint Protector supports integration with SIEM products while providing real-time alerting & reporting capabilities. It can be deployed in the cloud (AWS, Azure, GPC), as a virtual appliance, or a SaaS application. A free demo is available on request.

3. Digital Guardian DLP

Digital Guardian DLP

Digital Guardian DLP is a matured, well-known cloud-delivered enterprise DLP solution—available either as SaaS or managed service deployment. This unique approach allows for quick deployment and on-demand scalability while providing complete data visibility and protection. In addition, the solution incorporates endpoint detection and response (EDR) capabilities and data loss prevention to protect against the same agent’s internal and external threats. You can access a free demo before making a buying decision.

4. McAfee Total Protection for DLP

McAfee Total Protection for DLP

McAfee Total Protection for DLP is a matured and highly scalable enterprise DLP solution targeted at mid to large-scale businesses. McAfee DLP supports centralized incident management and reporting with a solid emphasis on forensic analysis. If you are looking to try out McAfee DLP, a free demo is available on request.

5. Fidelis DLP

Fidelis DLP

Fidelis DLP is a recognized enterprise DLP solution that helps mitigate the risk of data loss, misuse, or unauthorized access and ensures regulatory compliance. Its patented Deep Session Inspection technology provides real-time content and context awareness to detect threats and prevent data loss across all ports and protocols. If you are looking to try it out, a 15-day free trial or product demo is available at the click of a button.

6. GTB Technologies DLP

GTB Technologies DLP

GTB Technologies DLP solution offers organizations to network and cloud enterprise DLP to prevent data loss, manage threats, and enforce compliance. GTB’s proprietary “Content-Aware Reverse Firewall” technology classifies and analyzes all outbound and inbound data transmissions from your network in real-time, and implements the appropriate action such as log, block, encrypt, quarantine, among others. The solution can be deployed on-premise, in the cloud, and as a SaaS application that’s self-managed, managed, or hybrid service. A complete solution demo is available on schedule.

7. SolarWinds DLP with ARM

SolarWinds DLP with ARM

SolarWinds DLP is a lightweight, easy-to-use integrated DLP solution part of its Access Rights Manager and Security Event Manager. The DLP software analyzes user credentials, how they’re configured and used by end-users to access data. This information is then leveraged to help you see when user activity puts sensitive data at risk. Both software is available for Windows Server, and you can get it on a 30-day free trial.

8. Trend Micro DLP

Trend Micro DLP

Trend Micro DLP is an integrated lightweight DLP solution that can be deployed through its existing products such as Endpoint Security, Mail Server Security, Security for Microsoft SharePoint, Web Gateway Security, among others. It can mitigate the risk of data loss for data at rest, data in transit, and data in use for a fraction of the cost and time of traditional enterprise DLP solutions.

9. Proofpoint DLP

Proofpoint DLP

Proofpoint has a solution that caters to both enterprise and integrated DLP needs. The Proofpoint enterprise DLP solution is a comprehensive DLP solution for email, cloud, and endpoint. At the same time, Proofpoint Email DLP is an integrated DLP solution that mitigates the risk of a data breach via email explicitly.

10. Clearswift Adaptive DLP

Clearswift DLP

Clearswift Adaptive DLP is an integrated DLP solution that can be deployed through its existing products such as Secure Email and Web Gateway and Endpoint products to mitigate the risk of data loss for structured and unstructured data.

Conclusion

Big organizations and networks with large and growing volumes of data that need to be protected may require the full capabilities of enterprise DLP solutions. DLP products such as Symantec DLP, Endpoint Protector, McAfee DLP, and others contain many of the desired features large organizations look for in DLP controls.

For SMBs and other organizations that want a DLP that addresses specific use cases, look for ones that address the controls you need to employ and leverage existing security products that possess integrated DLP features. For example, a lightweight DLP product such as SolarWinds and Trend Micro DLP would be a good fit. This will save your organization from costly and time-consuming setup and integration associated with enterprise DLP tools.