Data Sheet: Data Loss Prevention

Symantec™ Data Loss Prevention Enforce Platform

Define, deploy, and enforce data loss policies from a central console that manages all Symantec
Data Loss Prevention products

Describing, fingerprinting, and learning are critical to

achieving high detection accuracy and preventing data loss.
Without accuracy, your Data Loss Prevention system will
generate numerous false positives and negatives. False
positives waste limited time and resources on investigating
and resolving incidents that do not actually violate security
policy. False negatives obscure gaps in security by allowing
data loss and putting your organization at risk of a breach.

Key ffeatures
eatures

Over
Overview
view
Symantec™ Data Loss Prevention Enforce Platform is the
central web-based management console and incident
repository that is used across all Symantec Data Loss
Prevention products. It is where you define, deploy and
enforce data loss policies, respond to incidents, analyze and
report policy violations, and perform system administration.
Enforce Platform is deployed on a single server and is
supported by an Oracle® database, which stores historical
incident and system information.
Comprehensive data detection technolog
technologyy
Enforce Platform accurately detects all types of confidential
data, wherever it is stored or used. It uses three classes of
detection technologies to provide complete and accurate
coverage across your endpoint, network, and storage
• Described Content Matching protects structured and
unstructured data; it is best used when it is impossible or
impractical to collect all the content to be indexed.
• Exact Data Matching protects structured data, typically
stored in a database, and is designed to scale to very large
data sets (e.g. hundreds of millions of records).
• Indexed Document Matching protects unstructured data
stored in documents and detects exact and derivative
content matches.
• Vector Machine Learning is a new and exclusive Data Loss
Prevention technology that protects unstructured text by
training the system using example positive and negative
documents.
How it works
• A major credit agency uses Exact Data Matching to

systems: fingerprint every United States citizen’s personally

identifiable information (PII) – first name, last name and
Describing protects structured and unstructured data by
social security number – stored in their customer database.
looking for content matches on keywords, expressions or
patterns, and signatures. • A large high tech company uses Vector Machine Learning
to protect millions of lines of source code stored across
Fingerprinting protects structured and unstructured data by
highly distributed repositories.
looking for exact or partial content matches on indexed data
sources and documents.

Learning protects unstructured textual data by building a

statistical model using example documents and calculating
content similarity.

Page 1 of 4
Data Sheet: Data Loss Prevention
Symantec™ Data Loss Prevention Enforce Platform
Proven polic
policyy authoring and tuning framework
Enforce Platform enables you to write policies once and
enforce them everywhere. With our out-of-the box policy
templates, data identifiers, and solution packs, you can
quickly and easily reduce data loss risk starting on day one.
Key ffeatures
eatures
• Policy templates for national and international data
privacy laws and regulations, including The Health
Insurance Portability and Accountability Act (HIPAA),
payment card industry (PCI), and European Union Data
Protection Directive.
• Data identifiers combine pattern matching with data
validators to accurately detect national identifiers and other
PII.
• Solution Packs contain pre-configured policies, response
rules, user roles, and reports tailored for specific industries,
including financial services, healthcare, and federal.
How it works
A multinational company with offices in the United States
and Europe uses the European Union Data Protection
Directive policy template to monitor bank card numbers in
outbound email.
Comprehensive reporting and remediation workflow
Ninety percent of data loss prevention (DLP) is about what
you do after you find sensitive data. Enforce Platform is
where you can view reports, automatically notify users of
violations, and enable automatic workflow responses.
Comprehensive incident reporting and remediation enables
you to take the right action at the right time and
communicate data loss risk to your business units.
Key ffeatures
eatures
• Automated remediation workflow allows you to take action
immediately without administrator or user intervention:
notify user, request justification, encrypt email or file,
quarantine file, or block action.
Page 2 of 4
• One-click smart responses combine multiple responses to
reduce incident remediation time: change status, send
notification, add note, or apply file protection.
• Out-of-the-box and custom reports provide all of the
functionality needed to support compliance and audits, gain
visibility, identify data loss risk trends, and empower
business units to secure sensitive data.
How it works
The chief information security officer (CISO) at a major bank
uses incident reporting to regularly communicate risk and
engage business data owners in data loss prevention.
Broad inte
integration
gration capabilities with open platf
platform
orm
Symantec Data Loss Prevention offers the greatest
flexibility to extend your DLP capabilities. The Symantec™
Data Loss Prevention FlexResponse™ Platform is an
exclusive application programming interface (API) that
integrates with third-party services and automatically
applies protection to exposed files.
Key ffeatures
eatures
• Email and file-based encryption integration with PGP™
NetShare from Symantec™, PGP™ Universal Gateway Email
from Symantec™, and Symantec™ Endpoint Encryption
Removable Storage Edition.
• Enterprise Rights Management integration with Microsoft®
Windows Rights Management Services (RMS), Oracle®
Information Rights Management (IRM), Liquid Machines™,
and GigaTrust™.
• Security Information and Event Management (SIEM)
integration provides easy export of incident information to
SIEM systems, including Symantec™ Security Information
Manager.
How it works
When a user tries to copy a file containing cardholder data
to a USB, Data Loss Prevention triggers Endpoint
Encryption to encrypt the file via FlexResponse.
Data Sheet: Data Loss Prevention
Symantec™ Data Loss Prevention Enforce Platform

Online ex
exchange
change ffor
or polic
policyy collaboration and content Language and localization support

Stay ahead of updates to data privacy regulations and newly Data Loss Prevention offers broad language and localization
released technologies through the Symantec Data Loss support for international deployments, including policy
Prevention Exchange, a new online community for current authoring, detection, end-user notifications, and localized
users of Data Loss Prevention. operating systems:

Key ffeatures
eatures • Detection support for more than 25 languages, including

• Access to new policy content independent of release Hebrew, Arabic, languages in Western and Central Europe,

cycles and product versions. and Asia.

• Collaborate on policy best practices and content with Data • User interface support for Chinese, Spanish, English,

Loss Prevention users and partners. Brazilian Portuguese, Russian, Japanese, French, and
Korean.
Technical Specifications
Additional S
Symantec
ymantec Data LLo
oss Prevention Products
Sys
ystem
tem Architecture
Symantec delivers a proven solution to discover, monitor,
protect, and manage confidential data wherever it is stored
or used.

Symantec Data LLo

oss Prevention ffor
or Endpoint

• Symantec™ Data Loss Prevention Endpoint Discover scans

for sensitive data stored on laptops and desktops in order to
inventory, secure, or relocate the data.

• Symantec™ Data Loss Prevention Endpoint Prevent

monitors and blocks confidential data from being
transferred, sent, copied, or printed by desktop or laptop
Sys
ystem
tem Requirements
users.

Symantec Data LLo

oss Prevention ffor
or Net
Network
work

• Symantec™ Data Loss Prevention Network Monitor

inspects all network communications for sensitive data.

• Symantec™ Data Loss Prevention Network Prevent Email

redirects, quarantines, or stops outbound messages
containing sensitive data.

• Symantec™ Data Loss Prevention Network Prevent Web

stops or removes sensitive data from outbound web
communications.

Page 3 of 4
Data Sheet: Data Loss Prevention
Symantec™ Data Loss Prevention Enforce Platform

Symantec Data LLo

oss Prevention ffor
or Storage Symantec World Headquarters
• Symantec™ Data Loss Prevention Network Discover 350 Ellis St.
identifies sensitive data exposed on file servers, Mountain View, CA 94043 USA
collaboration platforms, websites, desktops, laptops, and +1 (650) 527 8000
other data repositories. 1 (800) 721 3934
www.symantec.com
• Symantec™ Data Loss Prevention Data Insight Enterprise is
for governance of unstructured data.

• Symantec™ Data Loss Prevention Network Protect

remediates exposure of sensitive data.

How to learn more about Data Loss Prevention

Visit our website
http://www.symantec.com/business/data-loss-prevention

Speak with a Data Loss Prevention Product Specialist in

the U.S.
Call (415) 829-5013

Speak with a Data Loss Prevention Product Specialist

outside the U.S.
For specific country offices and contact numbers, please
visit our website.

About Symantec
Symantec is a global leader in providing security, storage,
and systems management solutions to help consumers and
organizations secure and manage their information-driven
world. Our software and services protect against more risks
at more points, more completely and efficiently, enabling
confidence wherever information is used or stored.
Headquartered in Mountain View, Calif., Symantec has
operations in 40 countries. More information is available at
www.symantec.com.

Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.
Other names may be trademarks of their respective owners.

Symantec helps organizations secure and manage their information-driven world with IT Compliance, discovery and retention management, data loss prevention, and messaging security solutions.
21189690 05/11

Page 4 of 4