Dlp 12.5 Rfp Responses Final

Symantec Data Loss Prevention Prevention RFP Te Template and Responses Res ponses Symantec Data Loss Prevention RFP RFP Template Template and Responses.................... Responses............... ......... ....1 1 1

Overview......................................... Overview............. ....................................................... ........................................................ ............................. 3

1.1 Company Overview............................... Overview................................................... ........................................ ........................................ .......................................... ...................... 3 1.2 Products Products and Versions............................ ersions................................................ ....................................... ....................................... ......................................... ....................... 5 1.3 Customer Deployments.......................... Deployments............................................. ....................................... ........................................ ........................................ ...................... .. 8

2

DLP Policy Enforcement.......... Enforcement..................................................... ..................................................... .................... ............ .. 

2.1 Policy Defnition.......................... Defnition.............................................. ........................................ ........................................ ................................. ........................... ................... ..... 9 2.2 Detection  !eneral.................................. !eneral..................................................... ....................................... ........................................ ...................................... .................. 11 2.3 Detection  Data "in#erprintin#.................... in#erprintin#........................................ ........................................ ........................................ ................................. ............. 13 2.$ Detection  Document "in#erprintin#..................... in#erprintin#......................................... ........................................ ...................................... ....................... ..... 15 2.5 Detection  %ac&ine 'earnin#........................ 'earnin#........................................... .............................................................. .................................................... ......... 1( 2.( Detection  Descri)ed Content............................... Content................................................... ........................................ ........................................... ....................... 1* 2.* +utomated ,esponses ,esponses - n/orcement......................... n/orcement............................................ ....................................... ...................................... .................. 19 2.8 0ncident ,esponse ,esponse orow.................................... orow....................................................... ............................................. ........................................ ................ .. 24 2.9 ,oleased ,oleased +ccess and Privacy Privacy Control........... Control............................... ........................................ .................................................. .............................. 22 2.14 ,eportin# ,eportin# - +nalytics.............................. +nalytics.................................................. ....................................... ....................................... ..................................... ................. 23

3

!etwor" DLP# Email and $e%........ $e%................................... ......................................................... ................................ 2&

3.1 6etwor %onitorin#....................... %onitorin#.......................................... ....................................... ........................................ ........................................ ............................. ......... 2( 3.2 mail Prevention.................. Prevention...................................... ....................................... ....................................... .......................................................... ...................................... 29 3.3 e) Prevention................ Prevention................................... ....................................... ........................................ ........................................ ........................................ ...................... .. 31

'

Stora(e DLP# File Servers and S)ares* Data%ases* Repositori Repositories...... es............... ..........32 .32

$.1 Data Discovery......................... Discovery............................................. ....................................... ....................................... ........................................ .................................. .............. 32 $.2 Data Protection................ Protection.................................... ........................................ ....................................... ......................................................... .......................................... .... 3$ $.3 "ile +ccess and 7sa#e %onitorin#.......................... %onitorin#.............................................. ........................................ .................................. ....................... ......... 35

Symantec Data Loss Prevention 12.5 – Request for Proposal Template and Responses

$.$ can %ana#ement........... %ana#ement............................... ........................................ ....................................... ...................................................... .......................................... ....... 3( $.5 cale and ecurity.............................. ecurity.................................................. ........................................ .................................................... .......................................... .......... 38

+

Endpoint DLP# Laptops* Des"tops* ,irt-al Des"top nfrastr-ct-re....... nfrastr-ct-re........... ......3 ..3

5.1 On and and O 6etwor %onitorin#............................. %onitorin#................................................. ........................................ ............................................ ........................39 39 5.2 ndpoint vent Covera#e................................. Covera#e..................................................... ....................................... ....................................... .............................. .......... 39 5.3 ndpoint Discovery............................ Discovery................................................ ........................................ ........................................ ................................. ....................... .......... $2 5.$ ndpoint Detection +ccuracy............. +ccuracy................................. ....................................... ....................................... ......................................... ......................... .... $3 5.5 ndpoint +#ent Deployment and %ana#ement........... %ana#ement............................... ........................................ ......................................$$ ..................$$ 5.( ndpoint 0ncident ,eportin#.......... ,eportin#.............................. ........................................ ........................................ ....................................... ............................. .......... $( 5.* ndpoint cala)ility.......................... cala)ility.............................................. ........................................ ................................................ .......................................... ................. ... $( 5.8 ndpoint +#ent ecurity................................ ecurity.................................................... .............................................................. ................................................... ......... $*

&

/o%ile DLP# iOS and 0ndroid Devices.................. Devices........................................... ................................... ...........' .'

(.1 %o)ile Device Covera#e................................ Covera#e.................................................... ........................................ ........................................ ................................ ............ $* (.2 %o)ile Device Protection.................... Protection....................................... ....................................... ........................................ ............................................ ........................ $8 (.3 rin# :our Own Device.................................... Device........................................................ ....................................... .................................................. ............................... $8



lo-d DLP# lo-d 0pplicati 0pplications ons and Email.............. Email............................................ ................................... .....' '

*.1 Cloud Vision..................... Vision......................................... ........................................ ........................................ ....................................................... ......................................... ...... $8 *.2 Cloud +pplications.................... +pplications....................................... ....................................... ............................................................... ..................................................... .......... $9 *.3 Cloud mail............................... mail................................................... ........................................ ........................................ .................................................... ................................ $9



/ana(ement and Sec-rity.............. Sec-rity.......................................... ............................................... ............................ ......... +4

8.1 0nter/ace.............................. 0nter/ace.................................................. ........................................ ....................................... ....................................... ....................................... ................... 54 8.2 7ser +ut&entication +ut&entication and 0dentity ,esolution............. ,esolution................................. ....................................... ................................... ..................... ..... 54 8.3 Distri)uted +rc&itecture........... +rc&itecture............................... ....................................... ....................................... ...................................................... .................................. 52 8.$ ystem %ana#ement.......................... %ana#ement.............................................. ........................................ ............................................................ .......................................... .. 53 8.5 ystem ecurity.......................... ecurity.............................................. ....................................... ....................................... ................................................... ............................... 5$

PA! 2


$.$ can %ana#ement........... %ana#ement............................... ........................................ ....................................... ...................................................... .......................................... ....... 3( $.5 cale and ecurity.............................. ecurity.................................................. ........................................ .................................................... .......................................... .......... 38

+

Endpoint DLP# Laptops* Des"tops* ,irt-al Des"top nfrastr-ct-re....... nfrastr-ct-re........... ......3 ..3

5.1 On and and O 6etwor %onitorin#............................. %onitorin#................................................. ........................................ ............................................ ........................39 39 5.2 ndpoint vent Covera#e................................. Covera#e..................................................... ....................................... ....................................... .............................. .......... 39 5.3 ndpoint Discovery............................ Discovery................................................ ........................................ ........................................ ................................. ....................... .......... $2 5.$ ndpoint Detection +ccuracy............. +ccuracy................................. ....................................... ....................................... ......................................... ......................... .... $3 5.5 ndpoint +#ent Deployment and %ana#ement........... %ana#ement............................... ........................................ ......................................$$ ..................$$ 5.( ndpoint 0ncident ,eportin#.......... ,eportin#.............................. ........................................ ........................................ ....................................... ............................. .......... $( 5.* ndpoint cala)ility.......................... cala)ility.............................................. ........................................ ................................................ .......................................... ................. ... $( 5.8 ndpoint +#ent ecurity................................ ecurity.................................................... .............................................................. ................................................... ......... $*

&

/o%ile DLP# iOS and 0ndroid Devices.................. Devices........................................... ................................... ...........' .'

(.1 %o)ile Device Covera#e................................ Covera#e.................................................... ........................................ ........................................ ................................ ............ $* (.2 %o)ile Device Protection.................... Protection....................................... ....................................... ........................................ ............................................ ........................ $8 (.3 rin# :our Own Device.................................... Device........................................................ ....................................... .................................................. ............................... $8



lo-d DLP# lo-d 0pplicati 0pplications ons and Email.............. Email............................................ ................................... .....' '

*.1 Cloud Vision..................... Vision......................................... ........................................ ........................................ ....................................................... ......................................... ...... $8 *.2 Cloud +pplications.................... +pplications....................................... ....................................... ............................................................... ..................................................... .......... $9 *.3 Cloud mail............................... mail................................................... ........................................ ........................................ .................................................... ................................ $9



/ana(ement and Sec-rity.............. Sec-rity.......................................... ............................................... ............................ ......... +4

8.1 0nter/ace.............................. 0nter/ace.................................................. ........................................ ....................................... ....................................... ....................................... ................... 54 8.2 7ser +ut&entication +ut&entication and 0dentity ,esolution............. ,esolution................................. ....................................... ................................... ..................... ..... 54 8.3 Distri)uted +rc&itecture........... +rc&itecture............................... ....................................... ....................................... ...................................................... .................................. 52 8.$ ystem %ana#ement.......................... %ana#ement.............................................. ........................................ ............................................................ .......................................... .. 53 8.5 ystem ecurity.......................... ecurity.............................................. ....................................... ....................................... ................................................... ............................... 5$

PA! 2


8.( 0nte#ration and +P0s.................................. +P0s...................................................... ........................................ ........................................ .................................... ................ 5(



S-pport.................................................................................................+

9.1 0mplementation...... 0mplementation.......................... ........................................ ....................................... ....................................... ........................................ ................................ ............ 58 9.2 ;rainin#......................... rainin#............................................. ........................................ ....................................... .............................................................. ............................................. .. (4 9.3 upport............................ upport............................................... ....................................... ........................................ ............................................................ .......................................... .. (1 9.$ 7p#rades.......................... 7p#rades.............................................. ........................................ ....................................... ....................................... .......................................... ...................... (3

PA! "


1 Overview 2 Company Overview Provide a brief history of your company.

Symantec is a #lo$al leader in information security and information mana#ement solutions. %ur innovative products and services protect people and information in any di#ital environment – from t&e smallest mo$ile device' to t&e enterprise data center' to cloud($ased systems. %ur soft)are and services protect a#ainst advanced t&reats independent of t&e device and environment in )&ic& information is used or stored. Since its inception in 1*+2' Symantec &as #ro)n into a ,ortune 5-- company t&rou#& a com$ination of internal development' strate#ic acquisition and partnerin# )it& industry leaders. %ur a)ard()innin# solutions ena$le our customers to trust t&at t&eir information and identities are secure independent of device or application. Symantec entered t&e data loss prevention DLP/ mar0et )it& t&e acquisition of privately o)ned ontu' t&e mar0et leader in DLP' in Decem$er 2--. Since t&en' Symantec DLP &as &elped or#ani3ations protect t&eir information a#ainst loss and t&eft' comply )it& data privacy re#ulations' and safe#uard t&eir reputation. %ur customers include many of t&e )orld4s lar#est $usinesses and #overnments includin# over &alf of t&e .S. ,ortune 1--. hat is your corporate vision and mission statement! hat is your strate"y for "rowth! Securin" and #ana"in" an $nformation%Driven orld 6ustomers of all si3es are faced )it& one essential c&allen#e7 t&e need to secure and mana#e an enormous amount of information. 8e all live and )or0 in an information(driven )orld. 9nformation is t&e life$lood of modern $usiness and' increasin#ly' of modern life. !ac& year' t&e amount of information )e create increases e:ponentially and securin# and mana#in# our information(driven )orld $ecomes even more important and c&allen#in#. 6ustomers are increasin#ly concerned a$out &o) to secure and mana#e t&eir increasin# amounts of information – from di#ital p&otos to $usiness critical data. Securin# and mana#in# all t&is information is a tou#& ;o$. Symantec is a #lo$al leader in providin# security' stora#e and systems mana#ement solutions to &elp our customers – from consumers and small $usinesses to t&e lar#est #lo$al or#ani3ations – secure and mana#e t&eir information a#ainst more ris0s at more points' more completely and efficiently t&an any ot&er company. %ur company
8it& Symantec' customers can protect more of t&eir information and its tec&nolo#y infrastructure' in #reater dept&' )&erever information is stored or used. ,rom securin# a consumera#ic ?uadrant for Data Loss Prevention. %ur solution is t&e &i#&est rated $ecause of its compre&ensive functionality' #lo$al scala$ility' and proven customer successes. @ey differentiators include7 ease of mana#ement DLP !nforce Platform/' file access and usa#e monitorin# DLP Data 9nsi#&t/' endpoint event and platform covera#e DLP !ndpoint A#ent/. hat is the location of your head'uarters and (ey sites!

Symantec Corporation World Headquarters 350 Ellis Street Mountain View, CA 903 !nited States "#one$ %& '50(5)*(+000

PA! 


Symantec world #eadquarters is located in Mountain View, Caliornia- .n addition, Symantec #as security researc# and response centers, de/elopment acilities, and tec#nical support and customer ser/ices centers worldwidePlease provide a list of your company)s e*ecutive mana"ement team. •

>ic&ael Bro)n' 9nterim 6&ief !:ecutive %fficer

•

Step&en illett' !:ecutive ice President' 6&ief %peratin# %fficer

•

T&omas Seifert' !:ecutive ice President' 6&ief ,inancial %fficer

•

>att !llard' Senior ice President' !urope' >iddle !ast' and Africa

•

Bernard @)o0' Senior ice President' Asia' Pacific and Capan

•

Aled >iles' Senior ice President' Latin America

•

Brett S&ir0' Senior ice President' ort& America

•

Scott Taylor' !:ecutive ice President' eneral 6ounsel and Secretary

+ow many employees does your company have!

Symantec #as more t#an )&,500 employees worldwidehat is the current mar(et share of your data loss prevention product!

Symantec o)ns "5E of t&e )orld)ide DLP mar0et. T&is is #reater t&an t&e ne:t " DLP vendors com$ined. +ow many customers do you have! hat is the brea(down by industry!

Symantec &as over 2'--- DLP customers across all industries7 • • • • • • • • • •

Automoti/e ( & 1inancial Ser/ices ( )* 2includes .nsurance 4o/ernment ( * Healt#care ( 9 Manuacturin ( + 6il and 4as ( ) 7etail ( ' 8ec#noloy ( * Ser/ices ( * 6t#er ( )'

+ow many employees within your company are dedicated to Data Loss Prevention!

Symantec &as *55 employees )&o are dedicated to DLP Researc& = Development' Tec&nical Support' >ar0etin# and Sales. ho are your company)s strate"ic partners!

T&e Symantec DLP Partner et)or0 is desi#ned to provide $est(in(class soft)are and services t&at &elp customers reduce t&e frequency and severity of data loss incidents. &lobal Strate"ic $nte"rators 7 Accenture' Deloitte' FP' 9B> and P86 DLP Speciali,ed Partners- Accuvant' Bay Dynamics' B!8 lo$al' 6D8' 6omputer >edia Tec&nolo#ies 6>T/' 6reative Brea0t&rou#&s 6B9/' !n Pointe Tec&nolo#ies' ,is&et Security' ,orsyt&e Tec&nolo#y' infoLoc0 Tec&nolo#ies' 9TS Partners' Prevalent' Terremar0 DLP +osted  #ana"ed Services Partners- B!8 lo$al' Terremar0 DLP Technolo"y Partners t&at &ave certified inte#ration )it& Symantec DLP7 • •

• •

PA! 5


o o o o o o

!mail ate)ays7 6isco 9ronPort !nterprise Ri#&ts >ana#ement7 Ado$e Live6ycle' i#atrust' Liquid >ac&ines' >icrosoft R>S 9dentity Access >ana#ement7 6ourion S9!>7 FP ArcSi#&t Stora#e7 etApp 8e$ Pro:ies7 Blue 6oat' 9ntel >cAfee/' >icrosoft' 8e$sense

3 Products and Versions hat is the latest version of your solution! •

Symantec Data Loss Prevention 12.5 )ill $e released on Cune 1G' 2-1.

•

Symantec Data Loss Prevention 12 )as released on Cune "' 2-1".

Please provide an overview of your solution.

Symantec Data Loss Prevention soft)are discovers' monitors' protects and mana#es your confidential data )&erever it
#ana"ement and Reportin"

inety percent of DLP is a$out )&at you do after you find confidential data. 8it& t&e Symantec DLP /nforce Platform ' you can easily mana#e policies and remediation )or0flo)s' revie) incident snaps&ots' and measure ris0 reduction from a unified' )e$( $ased mana#ement platform.

•

•

8#e Enforce Platform is a powerul we(ased manaement console w#ere you manae data loss policies and wor:lows, re/iew and remediate incidents, analy;e and report ris: reduction, and perorm system administration.t includes an ad/anced reportin module, Symantec DLP IT Analytics, t#at you can use to easily create reports and das#oards t#at communicate t#e 76. o your <=" proram to e >ecuti/es, usiness sta:e#olders and auditors-

Laptops and Des(tops

!mployees are do)nloadin# and sendin# confidential data )&ile in t&e office' on t&e road or at &ome. Symantec DLP for /ndpoint monitors and protects data used on laptops and des0tops' )&en users are on and off t&e corporate net)or0.

• •

•

Endpoint Discover scans and in/entories internal #ard dri/es on laptops and des:tops or conidential dataEndpoint Prevent monitors user acti/ity on and o t#e corporate networ:? pre/ents conidential data rom ein copied or s#ared inappropriately o/er email, remo/ale storae 2e--, !S@, C<in, and cloud storae 2e--, 8#e Endpoint Agent monitors a wide rane o u ser e/ents on p#ysical endpoints runnin Windows B", Windows Vista, Windows *, and now W indows +-&? disco/ers data stored on Mac 6S B? monitors /irtual

PA! G


des:tops and applications #osted y Citri> BenApp '-5, VMware View and Microsot Hyper(V? and monitors data transerred t#rou# t#e Microsot 7emote
#obile Devices

!mployees are $rin#in# t&eir o)n devices to )or0 and accessin# confidential data from t&em' )it& or )it&out permission from 9T Security. Symantec DLP for #obile &elps you mana#e Brin# Hour %)n Device BH%D/ policies )&ile securin# confidential data on i%S and Android devices.

•

•

Mobile Email Monitor detects conidential email downloaded y users to i"ads, i"#ones, and now Android de/ices o/er t#e Microsot E>c#ane Acti/eSync protocolMobile Prevent monitors and protects outound networ: communications sent rom t#e nati/e mail client, rowser and ot#er apps 2e--, , 1aceoo: on i"ads and i"#ones-

/mail and eb

!mail and )e$ are t)o of t&e most common c&annels for data loss. Symantec DLP for 0etwor( monitors e#ress points' endpoints and mo$ile devices to prevent confidential data from $ein# e:posed over net)or0 protocols.

•

•

Networ Monitor detects conidential data sent o/er #i#(ris: networ: protocols wit#out samplin or droppin pac:ets$ SM8", H88", 18", .M, 8", custom port(speciic protocols, and now .nternet "rotocol Version ' 2."/' networ:sNetwor Prevent for Email detects conidential data in email? notiies users o  policy /iolations? and loc:s or routes email to encryption ateways or secure deli/ery- .t supports interation wit# any SM8"(compliant Mail 8ranser Aent 2M8A and cloud ser/ices suc# as Microsot E>c#ane 6nline and Symantec Email Security-cloudNetwor Prevent for !eb detects conidential data sent o/er H88" and H88"S? notiies users o policy /iolations? and loc:s or conditionally remo/es data rom we posts- .t supports interation wit# any .CA"( compliant We pro>ies and cloud ser/ices suc# as 4oole App and Symantec We Security-coud-

File Shares Databases and Document Repositories

sers are storin# lar#e amounts of confidential files on t&e corporate net)or0 )it& open access' )&ic& leaves t&em vulnera$le to loss and t&eft. Symantec DLP for Stora"e scans your data centers to discover and protect confidential data stored on file s&ares' data$ases' and repositories.

•

•

•

•

Data Insig"t is a unique ile monitorin tec#noloy t#at analy;es ile access and usae patterns on networ:( attac#ed storae 2AS ilers, Windows ser/ers, and S#are"oint- .t identiies true data owners? calculates older ris: or prioriti;ed remediation? correlates data owners wit# storae incidents? and alerts you to anomalous acti/ity and outlier usersNetwor Discover perorms #i#(speed scannin o ile ser/ers and s#ares, dataases, and document repositories includin Microsot S#are"oint and S#are"oint 6nline, posed iles and oldersSelf#Service $emediation Portal enales usiness data owners to re/iew and remediate networ: ile

PA! 


policy /iolations directly rom an intuiti/e online portal, and streamlines t#e ris: remediation process-

$nte"rations

Hou can easily e:tend t&e functionality of Symantec DLP to ot&er security and stora#e solutions from Symantec7

Symantec %ac&p E'ec System $ecovery D ec System 7eco/ery to enale scannin o ac:up imaes or conidential dataSymantec (ontrol (ompliance S&ite D tract, decrypt and analy;e te>t in 1ileS#are(encrypted documents? it interates wit# Symantec *niversal +ateway Email to enorce policy(ased encryption o email and pro/ide closed( loop conirmation o secure deli/ery in t#e
3ersion

4un. 5617

DLP 15.8

0ew Products and Features • • •

4un. 5619

DLP 15

• • •

•

2u". 5615

DLP 11.:

• • •

Sel(ser/ice remediation portal Sinle ser/er installation support En#ancements to
Moile Email Monitor product 2part o <=" or Moile Encryption .nsi#t or Symantec 1ile S#are Encryption En#ancements to
DLP 9T Analytics product !mail !ncryption 6onnect for Symantec ate)ay !mail !ncryption !mail ?uarantine 6onnect for Symantec >essa#in# ate)ay DLP for >o$ile en&ancements

PA! +


4an. 5615

4an. 5611

•

>o$ile Prevent product part of DLP for >o$ile/

•

ector >ac&ine Learnin# detection tec&nolo#y Fy$rid et)or0 Prevent for !mail = 8e$ !n&ancements to Data 9nsi#&t and !ndpoint A#ent

DLP 11.8

DLP 11

• •

•

#ar. 5616

DLP 16.8

•

•

Dec. 566;

DLP 16

•

•

#ar. 566;

DLP ;

•

•

Oct. 566<

3ontu =

•

•

#ar. 566<

3ontu <

• •

•

#ar. 566:

3ontu :

• •

•

Sep. 5668

3ontu 8

•

•

#ar. 5668

3ontu 7

•

Data 9nsi#&t product !n&ancements to !ndpoint A#ent and et)or0 Prevent for 8e$

,le:Response AP9 for en&anced remediation of stora#e incidents Reportin# AP9 for e:portin# and usin# incident data in t&ird(party applications

!ndpoint A#ent en&ancements nified endpoint a#ent mana#ement

!ndpoint Discover and !ndpoint Prevent products Seamless interaction )it& 8e$ 2.- applications and improved 9P($ased sender identity resolution

!ndpoint monitorin# for remova$le stora#e SB/ Discovery for data$ases and Lotus otes Asian lan#ua#e detection' 9ncident 6orrelations and Das&$oards K "(D summaries et)or0 Protect product et)or0 Prevent en&ancements Directory roup >atc&in# detection tec&nolo#y and 9ndustry Solution Pac0s

et)or0 Discover and et)or0 Prevent for 8e$ products Added 9nde:ed Document >atc&in# detection tec&nolo#y and !mployee Privacy Safe#uards

et)or0 >onitor and et)or0 Prevent for !mail products Automated notifications and Role(Based Access 6ontrol

PA! *


4 Customer Deployments +ow many of your customers are Fortune 166 companies! Please list e*amples.

51 of t&e ,ortune 1-- includin#7 American !:press' 6isco' 6onocoP&illips' 6ostco' eneral >otors' 6ardinal Fealt&' ,reddie >ac' State ,arm' nitedFealt&' 8ells ,ar#o $n which countries has your product been deployed! For each country listed please include the lan"ua"e>s? of deployment.

Symantec DLP &as $een deployed in  countries supported lan#ua#e is in parent&eses/7

•

Af#&anistan Ara$ic/

•

,rance ,renc&/

•

Al#eria Ara$ic/

•

ermany erman/

•

Ar#entina Spanis&/

•

&ana !n#lis&/

•

Australia !n#lis&/

•

i$raltar !n#lis&/

•

Bel#ium ,renc&/

•

reece ree0/

•

Ba&rain Ara$ic/

•

uatemala Spanis&/

•

Bots)ana !n#lis&/

•

Fon# @on# 6&inese/

•

Bra3il Bra3ilian Portu#uese/

•

Fun#ary Fun#arian/

•

Bul#aria !n#lis&/

•

9ndia !n#lis&/

•

6ameroon !n#lis&' ,renc&/

•

9reland !n#lis&/

•

6anada !n#lis&/

•

9srael Fe$re)/

•

6&ile Spanis&/

•

9taly 9talian/

•

6&ina 6&inese – traditional and simplified/

•

Capan Capanese/

•

6olom$ia Spanis&/

•

Cordan Ara$ic/

•

6yprus ree0' Tur0is&/

•

@a3a0&stan Russian/

•

63ec& Repu$lic 63ec&/

•

@enya !n#lis&/

•

Denmar0 Danis&/

•

@orea @orean/

•

!#ypt Ara$ic/

•

@u)ait Ara$ic/

•

,inland ,innis&/

•

Latvia !n#lis&' Russian/

PA! 1-


•

Lu:em$our# ,renc&' erman/

•

Saudi Ara$ia Ara$ic/

•

>acau 6&inese and Portu#uese/

•

Sierra Leone !n#lis&/

•

>alaysia !n#lis&/

•

Sin#apore !n#lis&/

•

>aldives !n#lis&/

•

Slova0ia !n#lis&' 63ec&/

•

>alta !n#lis&/

•

Sout& Africa !n#lis&/

•

>auritius ,renc&' !n#lis&/

•

Spain Spanis&/

•

>e:ico Spanis&/

•

Sri Lan0a !n#lis&/

•

>onaco ,renc&/

•

S)eden S)edis&/

•

>orocco ,renc&/

•

S)it3erland erman' ,renc&' !n#lis&/

•

et&erlands Dutc&/

•

Tai)an 6&inese/

•

e) ealand !n#lis&/

•

Trinidad and To$a#o !n#lis&/

•

i#eria !n#lis&/

•

Tur0ey Tur0is&/

•

or)ay or)e#ian/

•

#anda !n#lis&/

•

Para#uay Spanis&/

•

0raine Russian/

•

Poland Polis&/

•

nited Ara$ !mirates Ara$ic/

•

Portu#al Portu#uese/

•

nited @in#dom !n#lis&/

•

Puerto Rico Spanis&/

•

nited States !n#lis&/

•

?atar Ara$ic/

•

ru#uay Spanis&/

•

Romania Romanian/

•

ietnam !n#lis&/

•

Russian ,ederation Russian/

hat percenta"e of your deployments are company% @ enterprise%wide >vs. departmental?!

1--E hat is the lar"est number of users covered by a sin"le customer deployment >in production only?! List customers by name. • • •

6iti#roup7 "5-'--- users CP>or#an 6&ase7 "1-'--- users Samsun#7 1-'--- users

PA! 11


8 DLP Policy /nforcement 6 Policy Definition Does your solution have the ability to use a sin"le policy to scan data wherever it is stored or used both on the networ( and on the endpoint! ill the solution automatically appl y the relevant response to the detected threat! Please e*plain.

Hes. Symantec DLP !nforce Platform can $e confi#ured to use t&e same set of detection policies for all Symantec DLP products across endpoints' mo$ile devices' net)or0' and stora#e systems. T&e !nforce Platform consistently measures ris0 of data loss across protocols and locations on t&e net)or0. Automated response rules for $loc0in#' notifyin#' quarantinin#' and so on/' )&ic& are incorporated into policies' )ill e:ecute automatically )&en incidents are detected. Does the solution provide a S$0&L/ web%based interface for 2LL aspects of policy editin" and policy mana"ement across all products >endpoints mobile devices networ( and stora"e?! Please e*plain any aspects of policy editin" or mana"ement that are not covered by a web%based user interface.

Hes. 1--E of Symantec DLP
Hes. Symantec DLP4s policy $uilder allo)s t&e creation of any num$er of custom policies $ased on t&e individual requirements of t&e customer. 9t provides complete control over policy desi#n' includin# t&e creation of multiple rule types and t&e com$ination of t&ese )it& Boolean lo#ic7 6ontent !:act Data >atc&in# M!D>N' 9nde:ed Document >atc&in# M9D>N' or Descri$ed 6ontent >atc&in# MD6>N rules/ Sender' recipient' and endpoint user conditions Document type' name' or si3e matc& 6ommunications protocol matc& !ndpoint location on( or offline/ ,or screens&ots' see ,i#ure 2 and ,i#ure " in Attac&ment D – Product Screens&ots. •

• • • •

Does your solution allow for confi"urable scorin" of incident severity based on 2LL of the followin"! a?

0umber of data records e*posed

b? Specific senders or recipients c?

0etwor( protocol

d? Specific records that were e*posed e?

Specific documents that were e*posed

Hes. Symantec DLP4s policy $uilder allo)s users to precisely confi#ure incident severity on a rule($y(rule $asis so t&at any aspect of t&e messa#e may drive an incident4s severity. Additionally' severity may $e cali$rated $ased on t&e num$er of matc&es data records e:posed' pattern or 0ey)ord matc&es' and so on/. Aan your solution support inclusion and e*clusion detection rules b ased on corporate directory data to enforce policy based on any attribute of senders or receivers such as business unit department Bob level employment status security clearance "eo"raphy or employee vs. contractor!

Hes. Symantec DLP4s Directory roup >atc&in# D>/ allo)s for creation of detection policies' $ot& inclusion and e:clusion rules' $ased on directory #roup attri$utes suc& as $usiness unit' department' ;o$ level' employment status' security clearance' #eo#rap&y' or employee vs. contractor.

PA! 12


Does your solution offer the ability to inte"rate directly with 2ctive Directory to create user% or "roup%based detection rules!

Hes. Symantec DLP lets you inte#rate )it& Active Directory to confi#ure user #roups t&at can $e used in detection rules across Symantec DLP products. 9n t&e conte:t of et)or0 Prevent' for e:ample' an AD #roup detection rule mi#&t let you apply a policy only to t&ose email senders )&o are included in t&e #roup. Alternatively' you could employ an AD #roup rule as an e:ception t&at e:empts specified email senders from a specific policy. 9n t&e conte:t of !ndpoint Prevent' an AD #roup rule lets you apply a policy only to specific users' even )&en t&ose users )or0 in a s&ared(computer environment. ,or e:ample' you can use t&is feature to apply a more restrictive policy to a call center employee t&an to &is or &er mana#er )&en lo##ed into t&e same computer/. Anot&er common e:ample is to apply a more restrictive policy to an 9T &elpdes0 representative t&an to an e:ecutive' so t&at )&en t&e &elpdes0 representative trou$les&oots t&e e:ecutive
Hes. Symantec provides over G- pre($uilt policy templates $ased on re#ulations and corporate $est practices. Additionally' t&e Symantec DLP Policy Builder policy en#ine ena$les users to easily tune policies to meet c&an#in# policy requirements. ,or a complete list of pre($uilt policy templates t&at are availa$le )it& Symantec DLP' see Attac&ment ! – Policy Templates. ,or a screens&ot of &o) policy templates are deployed' see ,i#ure 1 in Attac&ment D – Product Screens&ots. Does your solution have the ability to e*port and import policy templates! For e*ample can you create a new policy from scratch e*port the policy as a template and then import the policy template into another installation!

Hes. Symantec DLP &as t&e a$ility to e:port a ne) policy as a template from one installation and t&en import t&at policy into anot&er installation. T&is can $e useful )&en you )ant to move policies from a development environment into a production environment' clone similar policies' or copy policies to a redundant DLP !nforce Server. T&e import feature also ma0es it possi$le for you to add policy templates includin# any out(of(t&e($o: templates/ t&at address ne) re#ulations as soon as t&e templates are availa$le. 9n addition' Symantec DLP supports t&e a$ility to do)nload all policies in an easily reada$le format to provide auditors )it& a clear record.

7 Detection - General Does your solution provide identical detection capabilities across all threats vectors covered >i.e. discovery monitorin" and prevention across endpoint mobile networ( and stora"e systems?! Please e*plain any differences across products >e.". endpoint fin"erprintin"?.

Hes. Symantec DLP provides full support for all availa$le detection tec&nolo#ies for all products and data loss prevention t&reats. T&is includes covera#e for data fin#erprintin#' document fin#erprintin#' and descri$ed content for $ot& net)or0 and endpoint products' and across data monitorin# and prevention as )ell as data discovery and protection. Aan your solution e*tract and inspect the te*t content of files and attachments! Please provide a complete list of supported file types for which your solution can e*tract and inspect te*t content.

Hes. %ut of t&e $o:' Symantec DLP can reco#ni3e over ""- and analy3e t&e content of over 1-- file types. 9n addition' Symantec DLP can $e confi#ured to reco#ni3e any custom file type' and t&e Symantec DLP 6ontent !:traction AP9 accommodates t&e creation of plu#(ins for e:tractin# content from most any file format' includin# encrypted formats. ,or an e:&austive list of supported file types' see Attac&ment B – Supported ,ile Types. Does your solution detection confidential data in different lan"ua"es includin" ri"ht%to%left lan"ua"es >e.". 2rabic Ahinese?! Please list all supported lan"ua"es and e*plain any limitations or behavioral differences between lan"ua"es. For unsupported lan"ua"es please describe e*pected behavior of the detection process.

Hes. All of Symantec DLP4s detection capa$ilities are fully compati$le and accurate )it& t&e lan#ua#es listed $elo)' includin# ri#&t(to(left lan#ua#es. T&is includes all descri$in#' fin#erprintin# and mac&ine learnin# detection tec&nolo#ies7 !:act Data >atc&in#' 9nde:ed Document >atc&' Descri$ed 6ontent >atc&in#' and ector >ac&ine Learnin#. 9n addition )e
PA! 1"


6&inese traditional/ 63ec& Danis& Dutc& !n#lis& ,innis& ,renc& erman ree0 Fe$re) Fun#arian 9talian Capanese @orean or)e#ian Polis& Portu#uese Romanian Russian Spanis& S)edis& Tur0is& ,or lan#ua#es not specified a$ove' t&e detection processes )ill still )or0 $ut &ave not $een fully tested and certified. Symantec DLP4s detection c&ain is $ased in nicode and is arc&itected to support any lan#ua#e. Additional lan#ua#es are certified and supported in response to customer demand. • • • • • • • • • • • • • • • • • • • • • •

Aan your solution recursively inspect the contents of C$P and T2R archives and detect a"ainst fin"erprinted content! +ow many levels of embedded archives does it handle!

Hes. T&ere are no limits to t&e levels of em$edded 9P or TAR arc&ives t&at Symantec DLP can &andle. 6onfi#ura$le timeouts protect a#ainst malicious use of arc&ives suc& as 3ip $om$s. Aan your solution deal with very lar"e files or attachments >56# and lar"er? durin" the detection process of fin"erprinted content! hat is the ma*imum file si,e the solution can reliably process for confidential content detection!

Hes. 9n a standard confi#uration' Symantec DLP deals )it& attac&ments up to "->B )it&out pac0et loss. T&is limit can $e increased in certain circumstances )it& minimal tunin#. Do you have information about the false positive percenta"es produced by your solution! Please describe.

Hes. T&e most valid accuracy measurements come from real(time production deployments at customer sites. Symantec DLP supports multiple detection tec&nolo#ies7 !:act Data >atc&in# !D>/' 9nde:ed Document >atc&in# 9D>/ and Descri$ed 6ontent >atc&in# D6>/. T&e false positive rates vary $y t&e detection tec&nolo#y used. ,or structured data fin#erprintin#' )&ic& levera#es !D> detection tec&nolo#y' Symantec DLP s&ips )it& default values suc& t&at' for any policy )it& at least 2 columns of data' t&e false positive rate due to &as& collisions is less t&an 1 in 1-O1G 1-'--- trillion/. Almost all of Symantec DLP customers require t&e &i#& level of accuracy provided $y !D> $efore implementin# real(time $loc0in# of email and )e$ messa#es. A ,ortune 1-- insurance company implemented t&e Symantec DLP F9PAA policy template )it& an !D> rule to detect Protected Fealt& 9nformation PF9/ for over 5--'--- customers. At t&is company' Symantec DLP covers over 2--'--- employees and field a#ents. 8&en as0ed a$out t&eir results' t&e customer said' 8e &ave not seen a false positive in 2 mont&s usin# !D>. Partial document matc&in#' )&ic& levera#es 9D> detection tec&nolo#y' &as an overall false positive rate due to &as& collisions of at most 1 in 1.G+ Q 1-O12 1.G+ trillion/ for document se#ments of over 5 lines of te:t for lon#er documents' t&is rate )ill $e less. D6> detection tec&nolo#y includes rulesKre#ular e:pressions' 0ey)ords' conceptualKle:icon' and Data 9dentifiers. 9n practice' most D6> tec&nolo#ies are used in com$ination )it& eac& ot&er or )it& more accurate detection suc& as !D> or 9D>/. ,or e:ample' a policy detectin# a re#ular e:pression for a Social Security num$er in com$ination )it& 0ey)ords li0e ISSJ and ISocial SecurityJ results in very lo) false positive rates #enerally less t&an 1E/. Symantec DLP also provides $uilt(in validation in Data 9dentifiers to reduce t&e occurrences of false positives. ,or e:ample' a Lu&n c&ec0 for credit card num$ers reduces t&e num$er of false positives $y a factor of 1- over pattern reco#nition alone. A ,ortune 1-- financial services company' after some

PA! 1


policy tunin# for t&eir environment' implemented a re#ular e:pression policy for detectin# Social Security num$er violations. T&ey &ave seen only " false positives over a t&ree mont& period )&ile coverin# 12-'--- employees. Anot&er customer uses re#ular e:pressions in con;unction )it& 0ey)ord policies to protect &undreds of millions of customer records t&ey are receivin# fe)er t&an 5 false positives a )ee0.

 Detection - Data !in"erprintin" Does your solution provide a method for fin"erprintin" data such as customer records!

Hes. Symantec DLP4s !:act Data >atc&in# !D>/ tec&nolo#y allo)s customers to create secure inde:es of structured or ta$ular data suc& as customer or employee records. Aan your solution protect at least 16 million rows of specific content from a database of sensitive information >such as a customer or employee data? without relyin" on (eywords or patterns! $f so what is the ma*imum si,e of database >e*pressed in rows or cells? you have deployed without e*periencin" a drop in detection speed or accuracy!

Hes. Symantec DLP4s !:act Data >atc&in# !D>/ tec&nolo#y lets customers create secure inde:es of ta$ular data. 6ustomers can t&en )rite policies to matc& inde:ed records a#ainst analy3ed content. %n a sin#le server' Symantec &as tested !D> on a data$ase of 5-- million ro)s of data' eac& )it&  columns' for a total of 2 $illion individual data elements. T&ese num$ers scale linearly )it& additional servers. Symantec production customers are protectin# over "-- million ro)s of customer data. Aan your method of detection of fin"erprinted data allow you to specify which columns of data constitute a match on a per%policy basis!

Hes. Symantec DLP4s !:act Data >atc&in# !D>/ tec&nolo#y allo)s customers to define policies t&at matc& only on specified columns of data )it&in a #iven dataset. T&is allo)s matc&in# on partial ro)s of customer data' rat&er t&an requirin# t&e entire customer record to $e present to constitute a matc&. ,or e:ample' a customer could )rite a policy t&at loo0s for any " of ,irst ame' Last ame' SS' Account um$er' and P&one um$er occurrin# to#et&er in a messa#e and correspondin# to a record from t&e customer data$ase. Symantec DLP customers )&o &ave deployed !D> e:perience near perfect accuracy' a level sufficient for messa#e $loc0in#./ Does your method of detection of fin"erprinted data distin"uish between data fields that belon" to the same record or row of a database >versus different rows?!

Hes. Symantec DLP4s !:act Data >atc&in# !D>/ tec&nolo#y &as t&e intelli#ence to matc& specifically only on com$inations of data columns from a #iven ro) )it&in a data$ase. ,or e:ample' if a policy is created to detect com$inations of Last ame and 6redit 6ard um$er usin# !D> and real customer data$ase information' t&e policy )ill detect a matc& only if $ot& a customer4s last name e.#.' Smit&/ and &is or &er actual credit card num$er are detected. ,or t&is policy' t&e name Smit& and someone else4s credit card num$er from t&e data$ase )ill not constitute a matc&. Aan your method of detection of fin"erprinted data match on onl y First 0ame and Last 0ame from a customer database without needin" a pattern%based number >e.". Social Security number credit card number and so on? present!

Hes. Symantec DLP4s !:act Data >atc&in# !D>/ tec&nolo#y can matc& on any data columns present' in any com$ination' includin# ,irst ame and Last ame. Aan your method of detection of fin"erprinted data match on comple* content such as names and addresses! >e.". E4ohn Smith or E57 4ones Street?

Hes. Symantec DLP/ tec&nolo#y supports multi()ord to0ens in any data columns. Aan your solution distin"uish between different types of P$$ or P+$ numbers! For e*ample can the solution distin"uish a customer)s nine%di"it social security number from a nine%di"it phone number without the presence of a (eyword >e.". ESS0?!

Hes. Symantec DLP4s !:act Data >atc&in# !D>/ tec&nolo#y &as t&e $uilt(in intelli#ence to loo0 for common num$er formats of a #iven type of data found in a data$ase of fin#erprinted information. ,or e:ample' if a data column is an SS' it )ill understand t&at num$er in any common SS format suc& as DDD(DD(DDDD' DDD DD DDDD' or DDDDDDDDD/ and )ill detect any of t&ese common formats and matc& to t&is particular num$er. Fo)ever' an SS )ill %T matc& to t&e format DD/DDD(DDDD' )&ic&' alt&ou#& it is a * di#it num$er' )ould create many false positives $y matc&in# international telep&one num$ers.

PA! 15


Symantec DLP also provides Data 9dentifiers for accurate detection of pattern($ased data suc& as credit card num$ers' Social Security num$ers' or driveratc&in# !D>/ tec&nolo#y can normali3e all variants of data presentation. ,or e:ample' if t&e data e:tract contains I12"5G+*J' it )ill matc& a#ainst I12"(5(G+*J' I12"5G+*J' and I12".5.G+*J. Aan your solution define pro*imity as a condition of a match to improve detection accuracy! Hes. Symantec DLPatc&in# !D>/ tec&nolo#y supports pro:imity of t&e specified fields )it&in t&e analy3ed content/ as a matc& condition. Aan values from a row appear in any order! Hes. alues from ro)s may appear in any order. Aan your solution inde* 866 million rows data source and detect a"ainst it with the same speed as for a source with 166 rows! Hes. Symantec DLP detection speed offers similar performance independent of data source si3e.

# Detection - Document !in"erprintin" Does your solution provide a method for fin"erprintin" documents such as A2D drawin"s or mer"er and ac'uisition documents!

Hes. Symantec DLP4s 9nde:ed Document >atc&in# 9D>/ tec&nolo#y allo)s customers to create secure fin#erprints of sensitive documents' includin# 6AD dra)in#s and mer#er and acquisition documents. Aan your solution protect at least 166666 specific documents containin" sensitive content >such as intellectual property source code and@or financial documents? without relyin" on (eywords or patterns! $f so what is the ma*imum number of documents you have deployed without e*periencin" a drop in detection speed or accuracy!

Hes. Symantec DLP4s 9nde:ed Document >atc&in# 9D>/ tec&nolo#y allo)s customers to create secure fin#erprints of sensitive documents. 6ustomers may t&en )rite policies to matc& records a#ainst t&ese fin#erprints. %n a sin#le server a commodity rac0(mounted server on 1 c&assis' )it& 26Ps' and +B RA>/' Symantec &as tested 9D> on over 2 million documents. T&ese num$ers scale linearly )it& additional servers. Does your method of detectin" fin"erprinted documents support detection of the same te*t or portions of te*t in different file formats! For e*ample if a fin"erprinted document is in #icrosoft ord format will your solution detect that same te*t if it has been cut and pasted into an email directly!

Hes. Symantec DLP4s 9nde:ed Document >atc&in# 9D>/ tec&nolo#y detects on $ot& t&e te:t contained in fin#erprinted documents and e:act $inary matc&es to specific files. T&us' 9D> detects t&e fin#erprinted content or content e:tracts in any file format for )&ic& te:t is e:tracted' includin# content fin#erprinted in a >S 8ord document and copied into t&e $ody of an email. ,or a list of t&e specific file types' see Attac&ment B – Supported ,ile Types. Does your solution support detection of e*act content matchin" of specific documents such as source code specific para"raphs desi"n documents mar(etin" documents or financials!

Hes. Symantec DLP4s 9nde:ed Document >atc&in# 9D>/ tec&nolo#y detects e:act matc&es to protected documents. 9D> )ill matc& $ot& a#ainst t&e e:act $inary detected as )ell as an e:act matc& of content contained )it&in t&e file or messa#e.

PA! 1G


Does your solution support detection of derivative or cut%and%paste versions of content matchin" specific documents such as source code specific para"raphs desi"n documents mar(etin" documents or financials!

Hes. Symantec DLP4s 9nde:ed Document >atc&in# 9D>/ tec&nolo#y detects derivatives or fra#ments of protected documents. Hes. Does your method of detectin" fin"erprinted documents support detection performed at endpoint level! Hes. Symantec DLP for !ndpoint levera#es Symantec DLP4s 9nde:ed Document >atc&in# 9D>/ tec&nolo#y. !ndpoint A#ent for 8indo)s performs 9D> detection locally and in real time' evaluatin# documents for e:act matc&es. %r#ani3ations %r#ani3ations can apply several responses' suc& as $loc0' notify' and user cancel response rules on t&e endpoint levera#in# 9D> policies.

+ow much protected document content can the solution support before e*periencin" a drop in detection speed or accuracy!

%n a sin#le server' Symantec DLP can accurately accurately matc& a#ainst a data$ase of appro:imately 2 million documents )it& no de#radation in speed or accuracy accuracy.. Aan you define a minimum percenta"e of a fin"erprinted document that must be detected before a match is recorded >for e*ample a match is re"istered only if 86G or more of a document is found?! $f so is this confi"urable per policy!

Hes. Symantec DLP4s 9nde:ed Document >atc&in# 9D>/ tec&nolo#y can detect on any percenta#e t&res&old of a matc&ed Hes. document. By default' increments of 1-E can $e selected' $ut t&is can $e ad;usted do)n to as lo) as 1E increments $y c&an#in# system settin#s. T&e percenta#e of a fin#erprinted document t&at constitutes a matc& can $e defined on a per(policy $asis. Aan your solution Hwhite%listH boilerplate content safely removin" this te*tual content from detection!

Hes. Symantec DLP4s 9nde:ed Document >atc&in# 9D>/ detection tec&nolo#y can I)&ite(listJ $oilerplate and ot&er lo)(value Hes. te:tual content so t&at detection &appens on t&e confidential sections of eac& document.

$% Detection - &ac'ine &ac'ine (earnin" (earnin" Does your solution include a machine%learnin" detection method wh ich re'uires only a small set of sample documents to enable accurate detection of other similar documents!

Hes. Symantec DLP provides a mac&ine(learnin# detection met&od' called ector >ac&ine Learnin#' t&at can analy3e a small set of sample documents' create a li#&t)ei#&t statistical profile of document features' and t&en use t&at profile to protect similar documents of t&at cate#ory in production. ,or e:ample' if you create a ector ector >ac&ine Learnin# rule $ased on a sample set of your or#ani3ationand is therefore e*tremely difficult to fin"erprint?!

Hes. Symantec DLPac&ine Learnin# feature is especially &elpful for protectin# t&e types of te:tual unstructured data t&at proliferate across your or#ani3ation. People in your or#ani3ation may re#ularly $e creatin# specific types of data suc& as proprietary source source code' medical insurance claim claim forms' )ee0ly )ee0ly sales reports' reports' and so on/ on laptops' des0tops' file file servers' and ot&er repositories. Suc& scattered and additive data is often difficult to detect accurately usin# 0ey)ords' as )ell as e:tremely c&allen#in# to identify and retrieve for fin#erprintin#. ector ector >ac&ine Learnin# lets Symantec DLP analy3e analy3e a small set of sample documents' create a li#&t)ei#&t statistical statistical profile of document features' and use t&at profile to protect similar content across your or#ani3ation. Aan your solution provide E,ero%day protection for new or never%before%seen never%before%seen documents of a particular type!

Hes. Symantec DLP ector >ac&ine Learnin# can $e confi#ured to identify unstructured te:tual documents of a particular type' and can t&en accurately detect ne) and never($efore(seen documents of t&at type as t&ey are created. ,or e:ample' if you create a ector e ctor >ac&ine Learnin# rule for detectin# medical insurance claims' Symantec DLP can protect ne) claim documents even as your or#ani3ation
Hes. Symantec DLP ector >ac&ine Learnin# accurately detects documents t&at are similar to t&e sample document set. To create t&e most accurate profile of document features' ector ector >ac&ine Learnin# uses a set of positive sample documents representin#

PA! 1


t&e type of document to detect/ as )ell as a so(called ne#ative set representin# documents t&at are some)&at similar to t&e intended tar#et' $ut still fundamentally different/. T&e resultin# li#&t)ei#&t statistical statistical profile is &i#&ly accurate and can $e fine( tuned quic0ly $ased on initial testin#. A )ell(tuned ector ector >ac&ine Learnin# profile delivers accuracy equal to t&at of fin#erprintin# met&ods.

$$ Detection - Descri)ed Content Does your solution support described content content detection usin" fully customi,able rules with (eywords and (ey phrases! $f so does your solution provide the option to detect (eywords either as stand%alone words only or wi thin other words!

Hes. He s. Symantec DLP4s Descri$ed 6ontent >atc&in# D6>/ detection tec&nolo#y includes fully customi3a$le 0ey)ords and 0ey p&rases. Symantec Symantec DLP also provides t&e option to detect detect 0ey)ords eit&er eit&er as stand(alone stand(alone )ords only' only' or any)&ere any)&ere )it&in t&e te:t. te:t. Does your solution support detection on multiple (eywords occurrin" within a specified pro*imity!

Hes. Policy aut&ors can define pairs of 0ey)ord lists and specify t&e pro:imity $et)een a 0ey)ord from list 1 and a 0ey)ord Hes. from list 2' for e:ample/ required for a matc&. Does your solution support (eyword lists >for detection? detection? of at least 16666 entries! $f so what is the ma*imum len"th of a (eyword list used for detection that you have tested without performance de"radation!

Hes. Symantec DLP4s 0ey)ord detection &as $een tested to over 1--'--- 0ey)ords in a sin#le list )it&out performance Hes. de#radation. Does your solution support detection based on fully customi,able re"ular e*pressions!

Hes. Symantec DLP provides full support for customi3ed re#ular e:pressions. Does your solution support detection for pattern matchin" combined with validations specific to the content bein" detected! For e*ample can it detect common credit card number patterns as well as doin" the chec(sum validation to ensure a valid credit card number >the >the HLuhnH chec(?! $f so please list all out%of%the%bo* data types that are are detected.

Hes. Symantec DLP also s&ips )it& over "- $uilt(in Data 9dentifiers' includin# t&ose for credit card num$ers' Social Security Hes. num$ers' and credit card ma#netic stripe data' as )ell as for personal identification num$ers for several !uropean and Asian countries. T&ese $uilt(in e:pressions perform additional accuracy c&ec0s suc& as Lu&n c&ec0s for credit card num$ers/. Data 9dentifiers also come )it& $uilt(in intelli#ence a$out valid num$er ran#es for different data types' suc& as only detectin# Social Security num$ers t&at &ave $een assi#ned $y t&e Social Security Administration. Administration. ,or t&e list of availa$le out(of(t&e($o: Data 9dentifiers see Attac&ment 6 – Data 9dentifiers. Does your solution allow policy authors to customi,e out%of%the%bo* pattern pattern identifiers >patterns with validators for detectin" various identity numbers?! Aan policy authors create new pattern identifiers as needed!

Hes. Symantec DLP lets you customi3e out(of(t&e($o: pattern identifiers called Data 9dentifiers/' includin# t&e a$ility to Hes. customi3e patterns as )ell as validators. Policy aut&ors can also create $rand ne) Data 9dentifiers as needed. ,or e:ample' a ne) $an0 )it& a proprietary proprietary pattern pattern for account num$ers num$ers could create create a Data 9dentifier 9dentifier for detectin# detectin# account num$ers num$ers of t&at type. type. Aan your solution detect the presence of encrypted transmissions or files! hat different types can it distin"uish!

Hes. He s. Symantec DLP can currently distin#uis& t&e follo)in# types of encryption7 •

Pass)ord Protected ,iles 3ip' doc' :ls' ppt/

•

P ,iles

•

SK>9>!

•

SSF

•

SSL

PA! 1+


•

Symantec !ncryption

•

Fus&>ail Transmissions

Does your solution support the ability to detect content in encrypted file formats!

Hes. Symantec DLP includes a 6ontent !:traction AP9 t&at accommodates t&e creation of plu#(ins to e:tract te:t from most any file type' includin# encrypted file formats. Aan your described content detection be customi,ed to include match data w ithin certain custom%defined ran"es without havin" to write a re"ular e*pression! For e*ample can it detect credit card numbers only wi th a specific an( $dentification numbers!

Hes. !ac& of Symantec DLP4s Data 9dentifiers can $e fully customi3ed to restrict matc&es to t&ose )it& certain leadin# or endin# Hes. c&aracters' or e:clude matc&es )it& certain $e#innin# or endin# c&aracters. Data 9dentifiers can also $e customi3ed to require certain 0ey)ords to return a matc&. 9n addition' eac& Data 9dentifier can $e selected to &ave a certain $readt& of covera#e usually )ide' medium' or narro)/ dependin# on requirementsfor minimal false positives or minimal false ne#atives. Does your solution support detection based on a particular document type even if the sender has chan"ed the file e*tension! Please provide a complete list of file types the solution can reco"ni,e.

Hes. Detection is $ased on t&e file contents' not t&e file e:tension. ,or a complete list of file types' see Attac&ment B – Supported ,ile Types. Aan your solution be confi"ured to reco"ni,e and detect any custom file type!

Hes. Symantec DLP can $e confi#ured to reco#ni3e and detect any custom file type' suc& as speciali3ed 6AD files' Ama3on Hes. @indle files' !DR> and pass)ord(protected files' and >)are files.

$2 *utomated +esponses , nforcement Aan alerts be sent via email! Please describe the formattin" messa"e detail and the supported lan"ua"es that can be included. Please include a sample notification screenshot.

Hes. !mail notification messa#es are fully customi3a$le and may contain particular information a$out t&e specific incident' suc& Hes. as t&e violated policy' policy' messa#e su$;ect' or any ot&er messa#e attri$utes. !mail notifications notifications can include te:t from any lan#ua#e. Symantec DLP also allo)s alerts to $e automatically sent to syslo# servers' for e:ample to correlate events in an S!>KS9!> system. ,or screens&ots' see ,i#ures  and 5 in Attac&ment Attac&ment D – Product Screens&ots. Does your solution support the ability to automatically notify senders or their mana"ers when a policy has been violated! Please describe the notification capabilities.

Hes. Symantec DLP supports optional auto(notification to senders andKor t&eir mana#ers )&en a policy &as $een violated. Auto( Hes. Auto( notification can $e confi#ured at t&e policy level. otification recipients are resolved via Symantec DLP4s identity AP9. AP9. T&is includes senders' t&eir mana#ers' or $usiness unit level security officers. Symantec DLP can $e confi#ured to send different types of alerts to different people on a per(policy $asis.

PA! 1*


Does your solution support the ability to provide onscreen notifications to users for endpoint%based violations! Aan the end user then provide feedbac( on a Bustification that is stored with the incident in the solution! Does your solution support onscreen notifications in lan"ua"es other than /n"lish! Does your solution allow customi,in" onscreen notifications!

Hes. Symantec DLP !ndpoint Prevent provides t&e capa$ility to display fully customi3a$le onscreen notifications in response to a detected DLP incident. T&is is availa$le in $ot& monitorin#(only mode or in $loc0in# mode. As an additional option' end users can select from a preconfi#ured list of options to provide a ;ustification for )&y t&ey tried to transfer confidential information. Policy aut&ors can use any lan#ua#e for t&e customi3a$le te:t t&ey include in onscreen notifications as )ell em$ed &yperlin0s usin# FT>L synta: for anc&orin#. Aan automated response actions be defined by different parameters such as the policy violated the severity of the incident the number of matches found the communications protocol used the connected status of the endpoint and the product bein" used! Please e*plain.

Hes. Any automatically #enerated response action suc& as messa#e $loc0in#' file quarantine' email notifications' or )or0flo) routin#/ can $e defined to selectively tri##er' so t&at certain responses )ill $e ta0en %LH for incidents under certain conditions. T&e administrator can confi#ure different response rules to e:ecute automatically $ased on severity' matc& count' policy' communications protocol' product used' and endpoint computer connection status. Does your solution provide automatic wor(flow functionality for trac(in" the remediation of an incident >for e*ample status codes attributes assi"nment 'ueues severity and so on?! Please e*plain.

Hes. Symantec DLP &as fully customi3a$le )or0flo) t&at allo)s you to $uild any 0ind of remediation and detection process needed. T&e user interface allo)s you to define various case mana#ement statuses t&at indicate an incident
$3 .ncident +esponse /or0flow 2re confidential data loss events viewable via the web in a format usable by non%$T business level users! Please provide a screenshot.

Hes. Symantec DLP4s 9ncident Snaps&ot' accessi$le t&rou#& Symantec DLP !nforce Platform' contains all information relevant to a $usiness user for dia#nosin# and respondin# to an incident. T&e user interface is )e$($ased and e:tremely easy to use' even for non(9T users. ,or screens&ots' see ,i#ures  t&rou#& 1- in Attac&ment D – Product Screens&ots. Does the incident include a clear indication of how the transmission or file violated policy >not Bust which policy was violated? includin" clear identification of the content that resulted in matches! Please provide a screenshot.

Hes. T&e 9ncident Snaps&ot provides &i#&li#&ted violation information from any attac&ment or messa#e content. T&is ma0es it easy to see )&ere t&e violation e:ists )it&in t&e messa#e transmission' as )ell as t&e specific data t&at )as put at ris0 suc& as specific Social Security num$ers/. Additionally' t&e 9ncident Snaps&ot contains a clear indication of calculated severity as )ell as t&e total matc& count for e:ample' t&e num$er of customer records e:posed/. ,or screens&ots' see ,i#ures  t&rou#& 1- in Attac&ment D – Product Screens&ots. $s it possible to view identity information on the sender >such as full name mana"er name business unit?! +ow is this accomplished especially in the case of non%email networ( events stora"e events and endpoint events!

Hes. Symantec DLP4s Sender 9dentity AP9 allo)s t&e insertion of any custom plu#(in to resolve sender identity. 9n most cases' t&is is simply a loo0up to a corporate directory' $ut may also include inte#ratin# )it& pro:y or fire)all lo#s to associate 9P addresses )it& actual sender identities. T&is also provides identity in t&e case of stora#e incidents t&rou#& e:traction of t&e file o)ner' as )ell as endpoint incidents t&rou#& t&e 8indo)s username. $s it possible to open the ori"inal attachments of an event directly from the I$!

Hes. Symantec DLP provides access to all $inary data associated )it& an incident' includin#7

PA! 2-


• • •

Violatin attac#ments All attac#ments Complete inary o entire messae

Stora#e of and access to t&ese components is confi#ura$le. Aan each user in the wor(flow be assi"ned to remediate a certain set of incidents! Please describe the process includin" how incidents are passed between users.

Hes. 8or0flo) can $e esta$lis&ed t&rou#& t&e use of incident )or0 queues for eac& role. !ac& queue contains incidents for )&ic& a #iven user is responsi$le for processin#. A very simple )or0flo) )ould )or0 as follo)s7 A first responder )or0 queue may include all incidents of status e). A mana#er may &ave a )or0 queue )it& incidents of status !scalated. An investi#ator may see incidents of status 9nvesti#ation Required. To pass an incident $et)een roles' t&e status is c&an#ed and t&e incident passes $et)een queues. >ore comple: )or0flo)s also include se#mentation $y $usiness unit' suc& t&at )or0 queues include only incidents of t&e specified status from senders in t&e specified $usiness unit. Aan your solution define and trac( a HcaseH or set of incidents found to be related after an investi"ation! $f so how is a case defined and mana"ed!

Hes. 9n Symantec DLP' case mana#ement is performed t&rou#& creation of a custom attri$ute for e:ample' 6ase um$er/. T&is case num$er )ould $e assi#ned to any incident t&at )as found to $e related' and additional incidents can $e added or removed from t&e case $y settin# t&e value of t&is attri$ute. All t&e incidents currently in t&at case can $e $rou#&t up )it& a report for all incidents )it& t&at case num$er. Does your solution offer the ability to automatically assi"n incidents to specific data owners and then send re"ular tailored incident lists to those owners!

Hes. Symantec DLP lets you assi#n a data o)ner to any incidents/' eit&er automatically t&rou#& AD loo0up or manually. Hou can t&en confi#ure re#ular' automatic sendin# of tailored incident lists to relevant data o)ners to ena$le convenient' federated remediation. Aan a "roup of incidents be e*ported easily from the solution in a format easily readable by a person without system access >for e*ample to satisfy a discovery re'uest?!

Hes. Symantec DLP4s 6ase Arc&ive !:port feature allo)s t&e e:port of a #roup of incidents and all related 9ncident Snaps&ot content/ in FT>L format. T&e format is nearly identical to t&e vie) of incidents a system user &as' and does not require an additional system lo#in. Any 9ncident List report can $e e:ported usin# t&is feature. $s it possible to manually launch response wor(flow functionality for incident remediation >for e*ample status codes attributes assi"nment 'ueues notifications and so on?! Aan the I$ be customi,ed to allow multiple responses to be combined into a sin"le action by a user! Please e*plain.

Hes. 8it& t&e Smart Response feature' Symantec DLP lets users perform multiple manual actions on an incident or #roup of incidents )it& a sin#le mouse clic0. Any sin#le manual response can $e com$ined as a component of a Smart Response. Aut&ori3ed users can launc& or com$ine t&e follo)in# remediation )or0flo) actions7 Send !mail otification Set Status' incident reason' or any custom attri$ute value Send an event to a Syslo# Server S!>/' andKor Add 6omment ,or a screens&ot' see ,i#ure 1- in Attac&ment D – Product Screens&ots. • • • •

$s it possible to add custom attributes to i ncidents to accommodate custom remediation business processes!

Hes. 6ustom attri$utes )it&in Symantec DLP allo) for addin# any desired metadata to incidents. Does your solution support industry best practices for incident response! Please e*plain how this is buil t into the product.

Hes. Symantec DLP Solution Pac0s deliver out(of(t&e($o: industry $est practices for incident response and remediation. ,unctionality includes7 9ndustry(focused detection policies li0e F9PAA' LBA' State Data Privacy Re#ulations' and so on All commonly used automatic response rules suc& as notifications' escalate to forensics' set incident reason codes' send • •

PA! 21


syslo# event' and so on Pre(confi#ured )or0flo) and roles' includin# role($ased ris0 reports Defined custom attri$utes and statuses Symantec DLP Solution Pac0s are availa$le for t&e follo)in# verticals7 !ner#y = tilities !K@ 6ompanies ,ederal ,inancial Services Fealt&care Fi#& Tec& 9nsurance >anufacturin# >edia = !ntertainment P&armaceutical Retail Telecom • •

• • • • • • • • • • • •

$4 +ole-1ased *ccess and Privacy Control Aan your solution control incident access based on role and policy violated! Please e*plain.

Hes. Roles can $e created to se#re#ate incident access $ased on t&e policy violated. ,or e:ample' FR officials mi#&t see only violations of accepta$le use policies )&ile info security officers )ould see only incidents of customer data loss. Aan a role be created to "rant access to incidents based on the business unit country or "eo"raphical re"ion of the employee who "enerated the incident!

Hes. Roles can $e confi#ured to provide access to incidents $ased on any custom attri$ute of a sender or incident' includin# t&ose t&at are completely specific to t&e customer and pulled into t&e system t&rou#& t&e LDAP loo0up AP9. T&is includes #rantin# access $ased on a sender4s identity and directory information' suc& as $usiness unit or #eo#rap&ical re#ion. ,or e:ample' a revie)er outside t&e ! may $e restricted from seein# incidents from ! employees to comply )it& ! privacy la)s/. Aan a role be created to "rant access to incidents based on the severity or remediation status of the incident!

Hes. Roles can $e confi#ured to provide access to incidents $ased on incident severity or status. ,or e:ample' first responders mi#&t only see e) incidents $efore details of any investi#ations &ad $een added to t&e incident/' $ut mana#ers could see incidents of any status. Aan a role be defined to not have viewin" ri"hts to identity%based information to protect employee privacy!

Hes. !ac& role )it&in Symantec DLP can $e defined )it& certain vie)in# and editin# ri#&ts to individual fields of data )it&in an incident. T&is feature allo)s redaction of certain data' suc& as sender identity information email address' username' file o)ner' and so on/' t&at may need to $e 0ept from certain users to protect employee privacy. T&is e:tends to custom attri$utes t&at may include identity($ased information added t&rou#& LDAP loo0up. Aan a role be defined such that users in that role are prevented from viewin" violatin" content in an incident >for the purpose of protectin" sensitive intellectual property?!

Hes. !ac& role )it&in Symantec DLP can $e defined )it& certain ri#&ts to individual fields of data )it&in an incident. T&is feature allo)s redaction of certain data' suc& as matc&es' incident &istory' $ody' attac&ments' and t&e ori#inal messa#e. Aan your solution create separate roles for system administration of servers user administration policy creation and editin" incident remediation and viewin" of incidents by type >networ( stora"e and@or endpoint incidents?! Please describe.

Hes. Symantec DLP allo)s assi#nment of specific administration ri#&ts to eac& role )it&in t&e system. T&is includes t&e a$ility to define ri#&ts for administerin# servers' creatin# and modifyin# users and roles' vie)in# and editin# policies' and remediatin# incidents. All t&is functionality is availa$le in a sin#le 9 mana#ement interface across all products.

PA! 22


$ +eportin" , *nalytics Aan your solution provide custom report filterin" across different variables and attributes! Please e*plain.

Hes. Symantec DLP reportin# allo)s addition of custom filters to narro) results $ased on over "- system varia$les and any customer(defined attri$ute. >ultiple filter conditions can $e applied to a report' and com$ined )it& ot&er reportin# functionality suc& as summari3ation. ,ilterin# can $e $ased on varia$les includin#7 time' status' file e:traction date' file last modified date' file name' file si3e' et)or0 Discover scan' et)or0 Discover tar#et' destination or source 9P' domain' incident &istory and details' incident 9D' location' policy' response action' protocol' recipient' sender' server' su$;ect' and many ot&ers. Aan your solution provide custom report summari,ation and "roupin" across different variables and attributes! Please e*plain includin" how many levels of summari,ation are possible.

Hes. Symantec DLP reportin# allo)s addition of custom summari3ation varia$les to narro) results $ased on over 2- system varia$les and any customer(defined attri$ute. Summari3ation can $e applied to an incident list report and can $e com$ined )it& ot&er reportin# functionality suc& as filterin#. Summari3ation can $e $ased on varia$les includin#7 content root' destination 9P' device type' domain' file name' Lotus otes data$ase' mac&ine name' mont&' policy' policy #roup' Protect status' protocol' quarter' scan' sender' server' source 9P' status' tar#et' tar#et server' tar#et type' user name' )ee0' year' or any custom attri$ute. Symantec DLP allo)s up to t&ree levels of summari3ation for reports. T&e first t)o are custom defined' and t&e last level is $y incident severity. ,or e:ample' incidents can $e vie)ed in a report #rouped $y policy' t&en $y $usiness unit' t&en $y severity. Aan your solution provide reports that summari,e incidents and incident trends by department or by or"ani,ation!

Hes. Symantec DLP standard reportin# includes reports t&at summari3e incidents $y policy as )ell as $y or#ani3ation' $y department' or $y user. Aan your solution "enerate trend reports includin" summari,ation for different time se"ments and trend "raphs! Please e*plain.

Hes. All Symantec DLP standard incident list reports include a trend #rap& at t&e top s&o)in# t&e trend of num$er of incidents over time. 9n addition' summari3ation reports can $e #rouped $y different time slices' includin# $y )ee0' mont&' quarter' or year. T&is time #roupin# can t&en $e com$ined )it& t&e ot&er standard summari3ation options to provide a second level of summari3ation' as )ell as a t&ird level of summari3ation $y incident severity. Does your reportin" solution provide incident snapshots that include all information about an incident in one place! Does the incident snapshot include lin(s to similar incidents that are correlated to the current incident by one or more attributes >such as same sender or same recipient?! $s the layout of the incident snapshot customi,able on a per%user basis!

Hes. Symantec DLP incident snaps&ots display all information a$out an incident in one place' facilitatin# timely and effective remediation. 9ncident snaps&ots include #eneral incident information suc& as incident status' severity' and protocol/' specific details suc& as policy matc&es' date' sender' recipient' and action ta0en/' ori#inal messa#e' specific matc&es' incident &istory' and custom attri$utes administrator(defined attri$utes t&at store supportin# information/. Snaps&ots also include correlations' or lin0s to ot&er similar incidents t&at s&are at least one attri$ute )it& t&e current incident suc& as same sender' same recipient' or same confidential file/. 6orrelations &elp incident responders quic0ly identify ris0 patterns and trends $ased on all incidents t&e system is capturin#. ote t&at t&e incident snaps&ot layout can $e customi3ed on a per(user $asis' so t&at eac& user can see t&e layout of &is or &er preference. Aan incident report data be e*ported to formats such as a spreadsheet J#L or +T#L! Please list specific e*port capabilities.

Hes. All Symantec DLP report results can $e e:ported in various formats for furt&er &andlin# and analysis outside t&e system. T&ese formats include7 >L >icrosoft !:cel via 6S e:port/ Sin#le(pa#e FT>L document 9ncident )e$ arc&ive incident list plus incident detail' in FT>L/ • • • •

PA! 2"


Does your solution have a Reportin" 2P$ that lets third%party reportin" compliance and remediation applications securely retrieve incident data!

Hes. Symantec DLP s&ips )it& a 8e$ Services AP9 t&at allo)s inte#ration )it& t&ird(party reportin#' compliance' and remediation systems. T&ird(party systems can pull incident lists' individual incident details as recorded in incident snaps&ots/' and complete incident $inaries from t&e Symantec DLP system. 8e$ service connections are secured over SSL and t&e t&ird(party system must aut&enticate )it& Symantec DLP as a user defined in t&e DLP system )it& special Reportin# AP9 privile#es. Aan reports be saved for reuse!

Hes. All reports can $e saved' eit&er as personal reports accessi$le and edita$le $y t&e creatin# user only/ or as role reports accessi$le to all users in t&e role/. Aan reports be shared based on role! +ow are these reports administered and maintained!

Hes. Symantec DLP reports may $e saved and s&ared amon# ot&er users in t&e same role. Symantec DLP Solution Pac0s tailored for many verticals/ also provide pre($uilt role reports. sers )it& edit privile#es may also modify s&ared reports' allo)in# system administrators to pus& report maintenance out to $usiness users. Aan users or sets of users Esubscribe to sets of incident reports that match specific criteria and receive a scheduled email delivery daily wee(ly or monthly!

Hes. Reports may $e saved and sc&eduled to $e delivered $y email daily' )ee0ly' or mont&ly on any specified date' time' or frequency/ to any users or sets of users. Aan reports be "raphically displayed and printed!

Hes. All reports may $e #rap&ically displayed and printed. Aan reports be emailed directly from the I$ without manual re%formattin"! Aan these email reports be edited if customi,ation is re'uired for company%specific formattin"! Please p rovide screenshots for how these emailed reports appear in email clients >both #S Outloo( and Lotus 0otes?.

Hes. All reports may $e emailed directly from t&e 9' and t&ey are pre(formatted to $e fully reada$le )it&in t&e email client $ot& >S %utloo0 and Lotus otes/. T&ese emailed reports are provided in FT>L' so t&ey can $e edited directly if required for customi3ation. ,or a screens&ot' see ,i#ure 11 in Attac&ment D – Product Screens&ots. $s there a Edashboard view desi"ned for use by e*ecutives that can combine information from networ( endpoint mobile and stora"e incident reports in a sin "le view! Please provide a screenshot.

Hes. Symantec DLP reportin# functionality includes t&e a$ility to vie)' save' and create custom das&$oards for e:ecutive(level reportin#. Das&$oards can com$ine up to si: portlets eac& summari3in# an out(of(t&e($o: system report or custom saved report/' presentin# data on net)or0' endpoint' mo$ile' and stora#e incidents in a sin#le das&$oard. !ac& report )it&in t&e das&$oard is &yperlin0ed so users can drill do)n to t&e summari3ed reports directly from t&e das&$oard. Das&$oards' li0e all ot&er reports in t&e system' can $e defined as eit&er personal reports or role($ased reports accessi$le to ot&ers in t&e same role. ,or screens&ots' see ,i#ure 12 in Attac&ment D – Product Screens&ots. Aan reports be run for all historical events! $f so w ith what limitations! hat is lon"est period of time for which a current customer has been storin" incidents that are still available in their production system for full reportin"!

Hes. Reports can $e run on &istorical events as far $ac0 as t&e data is stored in Symantec DLP !nforce Platform. T&e lar#est customer data$ase in production )it& full reportin# access contains over 2 years of incidents. 2re report 'uery times reasonably short! hat is the e*pected wait time to "enerate a report containin" 866 incidents captured at different networ( e*it points!

Hes. Symantec DLP4s reportin# is centrali3ed on Symantec DLP !nforce Platform for all products' meanin# all reports are #enerated in ;ust a fe) seconds. A typical report consistin# of 5-- incidents captured at different net)or0 e:it points )ill ta0e less t&an 5 seconds.

PA! 2


2re reports interlin(ed meanin" >for e*ample? that users can clic( from a summary report directly to a li st report and from there directly to an incident detail view!

Hes. All reportin# )it&in Symantec DLP is fully &yperlin0ed' lettin# users drill do)n on any report to see incident detail and t&e ori#inal messa#e )it&out runnin# a separate report. Does your solution come with a pre%pac(a"ed set of reports! Please provide a complete list.

Hes. Symantec DLP comes )it& over 5- pre(confi#ured reports to &elp customers mana#e t&eir $usiness. T&ese allo) t&em to meet compliance requirements' assess $usiness ris0' provide oversi#&t and mana#e remediation operations' and see trends across $usiness units )it&in t&e or#ani3ation. Reports &ave t&ree primary uses7 •

6ompliance Reports. Symantec DLP provides pre($uilt templates to address Sar$anes(%:ley' LBA' state privacy re#ulations' P69 security standards' F9PAA' and so on.

•

Ris0 Reports. T&ese reports s&o) ris0 level and demonstrate ris0 reduction for e:ample' to auditors/ across data types' senders' protocols' and remediation status.

•

9ncident Remediation Reports. T&ese include incident lists' summaries across different parameters' and incidents a#in# for eac& step of t&e remediation process.

•

T&ere are t&ree different types of reports7 •

Das&$oards for e:ecutives

•

9ncident lists for remediation

•

9ncident summaries for trendin# and analysis

,or a list of pre($uilt reports' see Attac&ment , – Pre(Built Reports.

1: 0etwor( DLP- /mail and eb $7 etwor0 &onitorin" Aan monitorin" be done without addin" latency or failure points to the networ(! Please e*plain.

Hes. Symantec DLP et)or0 >onitor operates in a purely passive mode' operatin# on a copy of net)or0 traffic received eit&er from a SPA port or a tap. Does your solution classify traffic into protocols without relyin" on specific port numbers >for e*ample port =6 for +TTP?! Please e*plain.

Hes. Symantec DLP et)or0 >onitor uses si#natures to classify common protocols7 S>TP' FTTP' ,TP' 9>' TP' custom port( specific protocols' and 9nternet Protocol ersion G 9PvG/. T&is allo)s et)or0 >onitor to accurately classify protocols' suc& as FTTP' )&et&er t&ey run on standard )ell(defined ports for e:ample' port +-/' &i#& ports for e:ample' port +-+-/' or ot&er common ports for e:ample' port "+*/ t&at &ave $een desi#nated for monitorin#. Does your solution provide notification of unprocessed traffic due to networ( bursts >for e*ample dropped pac(ets or samplin"?! Please e*plain.

Hes. Symantec DLP et)or0 >onitor is en#ineered to process lar#e quantities of data and &andle periodic $ursts in traffic )it&out adverse performance impacts. Pac0ets are cac&ed to &andle lar#e $ursts of traffic suc& t&at t&e system can catc& up )&en

PA! 25


t&e traffic load #oes do)n. %nly in e:treme situations )&en t&ere are rapid spi0es and t&e system is una$le to )rite to dis0 )ill t&e system discard pac0ets. 8&en t&is &appens' t&e system #enerates clear metrics to t&e net)or0 administrator. Symantec DLP accounts for all traffic received and provides indications of $ot& traffic processed and discarded pac0ets suc& t&at customers can assess performance and tune t&e monitorin# system if necessary. Does your solution monitor "i"abit speed lines without pac(et loss! Please describe the hardware re'uirements for monitorin" a "i"abit line.

Hes. Symantec DLP et)or0 >onitor &as proven to scale at multiple lar#e customers to #i#a$it net)or0s )it& commodity rac0( mounted server on 1 c&assis )it& 26Ps and +B RA>. Does your solution analy,e traffic and report incidents in real%time even at hi"h scale! hat is the avera"e time in milliseconds between an incident bein" captured from the networ( and bein" available for reportin" and alerts!

Hes. nder normal circumstances' t&e avera#e time $et)een incident detection and reportin# is less t&an 2--- milliseconds for Symantec DLP et)or0 >onitor. Does your solution monitor email traffic includin" attachments! Please e*plain. Please enclose a screenshot of how an email event appears in your solution.

Hes. Symantec DLP et)or0 >onitor can analy3e all out$ound email traffic' includin# attac&ments. ,or a screens&ot' see ,i#ure  in Attac&ment D – Product Screens&ots. Does your solution monitor web traffic includin" web mail web postin"s and other protocols usin" +TTP >includin" uploaded files?! Please enclose a screenshot of how an +TTP event appears in your solution.

Hes. Symantec DLP et)or0 >onitor analy3es )e$ traffic' includin# )e$ mail' )e$ postin#s' and ot&er FTTP($ased services' includin# tunneled protocols. ,or a screens&ot' see ,i#ure 1 in Attac&ment D – Product Screens&ots. Does your solution monitor both active and passive FTP traffic includin" fully correlatin" transferred file data with control information!

Hes. Symantec DLP et)or0 >onitor analy3es ,TP traffic' includin# $ot& active and passive mode' and includin# t&e data t&at &as $een transmitted' not ;ust t&e control session. 9ncidents in t&e system are fully formed includin# all data and control information presented to#et&er. Does your solution monitor instant messa"in" >$#? traffic! hich $# networ(s can be monitored!

Hes. Symantec DLP et)or0 >onitor can detect t&e transmission of sensitive information via A9>' Ha&oo 9>' >S >essen#er' and 9R6. %t&er types of 9> traffic can $e monitored via niversal T6P. Does your solution monitor instant messa"in" traffic when it tunnels throu"h +TTP port =6!

Hes. >ost instant messa#in# protocols tunnel t&rou#& FTTP )&en t&eir native ports are $loc0ed $y t&e fire)all. Symantec DLP et)or0 >onitor is a$le to detect t&is potential e:posure from tunneled 9> traffic and properly classify t&e traffic as 9> versus FTTP/. 2re both sides of instant messa"in" conversations correlated into incident presentation!

Hes. 9nstant >essa#in# incidents in Symantec DLP et)or0 >onitor are fully formed includin# $ot& sides of an instant messa#in# conversation. Does your solution monitor 00TP >0etwor( 0ew s Transfer Protocol? traffic includin" uploaded fil es!

Hes. Does your solution allow for monitorin" networ( traffic on arbitrary ports or port ran"es to deal with unclassified or ro"ue threats! Please e*plain.

Hes. 8it& t&e niversal T6P feature' Symantec DLP et)or0 >onitor can $e confi#ured for content monitorin# on any port or port ran#es. 9ncident detection can $e correlated )it& custom(named protocols created $y t&e administrator. Does your monitorin" solution support "i"abit speed networ(s! +ow much traffic @ how many monitored users can each monitor support! Please provide any performance benchmar(s achieved from actual deployments.

Hes. A sin#le Symantec DLP et)or0 >onitor server )it& t&e recommended confi#uration processes t&rou#&put rates up to

PA! 2G


1$ps )it&out pre(filterin# or pac0et loss. 9n most production environments' t&e actual offered load is $elo) 5-->$ps and a sin#le Symantec DLP et)or0 >onitor server can easily &andle t&e offered load for t&ese i#a$it net)or0s. 9n terms of actual mi: of traffic seen at most production environments' Symantec customers use pre(filterin# tec&niques to reduce t&e offered load do)n to 1-->$ps to 2-->$ps per Symantec DLP server. ,or e:ample' Ban0 of America is monitorin# t&e activities of 15-'--- users )it& a sin#le instance of Symantec DLP !nforce Platform and 1G Symantec DLP et)or0 >onitor servers. T&is customer is capturin# incidents in real time and is e:periencin# report response time of less t&an 2 seconds on avera#e. Aan your solution monitor traffic up to 1&bs without droppin" pac(ets!

Hes. A sin#le Symantec DLP et)or0 >onitor server )it& t&e recommended confi#uration )ill process t&rou#&put rates up to 1$ps )it&out pre(filterin# and )it&out pac0et loss. Does your monitorin" solution support multiple operatin" system deployment options!

Hes' Symantec DLP et)or0 >onitor may $e deployed on 8indo)s Server 2--+ K 2-12 Standard = !nterprise !dition or Red Fat !nterprise Linu: 5 K G. ,or more information' see Attac&ment A – System Requirements. Does your monitorin" solution support virtuali,ed deployment options!

Hes' Symantec DLP et)or0 Prevent for !mail and et)or0 Prevent for 8e$ are supported on >)are !S .:' !Si .: and 5.:. T&is capa$ility allo)s t&e virtuali3ation of et)or0 Prevent services )it& ot&er D> components suc& as t&e >TA it also allo)s for multiple et)or0 Prevent installations on a sin#le &ard)are platform. ,or more information' see Attac&ment A – System Requirements. Does your monitorin" solution support &i"abit%speed lossless data capture without the need for speciali,ed hardware up"raded 0$As or additional load%balancin" technolo"ies!

Hes' as one of t&e deployment options' Symantec DLP et)or0 >onitor soft)are may $e deployed on a Red Fat !nterprise Linu: server )it&out t&e need for a speciali3ed pac0et capture 96 or additional load($alancin# tec&nolo#ies. Support for i#a$it(speed net)or0 monitorin# )it& Linu:($ased soft)are offers scala$ility for t&e lar#est enterprise environments )it& reduced cost over solutions t&at typically require t&e addition of a t&ird(party net)or0 monitorin# card. Aan an administrator determine the amount of traffic bein" monitored at both an a""re"ate and protocol%specific level! Please e*plain the detail available.

Hes. Symantec DLP et)or0 >onitor &as detailed traffic statistics for overall data t&rou#&put' num$er of messa#es' and num$er of incidents. T&ese statistics are availa$le on a per(protocol $asis and are summari3ed do)n to an &ourly level. Aan your monitorin" solution 'ueue messa"es for review if it cannot review them in real time!

Hes. Symantec DLP et)or0 >onitor is a$le to queue messa#es in a disconnected mode if t&e Symantec DLP !nforce Platform data$ase or communication c&annel is not availa$le. As soon as t&e connection is re(esta$lis&ed' t&e Symantec DLP et)or0 >onitor server resends queued messa#es )it&out t&e need for manual intervention. Over a rollin" ei"ht%hour period what is the mean time added to messa"e delivery by your monitorin" solution! +ow is this number affected by hardware!

T&rou#& &ard)are and confi#uration' Symantec can confi#ure a cluster to meet almost any latency requirements. enerally spea0in# in Symantec
$ mail Prevention Does your solution bloc( emails that are in violation of company policy on confidential data! Please e*plain.

Hes. Symantec DLP et)or0 Prevent for !mail can $loc0 out$ound email traffic. Does your solution 'uarantine confidential emails that violate company policy! Please e*plain.

Hes. Symantec DLP et)or0 Prevent for !mail can route out$ound email traffic to a desi#nated quarantine. 9t also ena$les security teams to revie)' release and route messa#es quarantined $y Symantec >essa#in# ate)ay for encryption' delivery or a custom action directly )it&in t&e Symantec DLP !nforce Platform.

PA! 2


$s your email prevention solution capable of handlin" potentially conflictin" prevention policies! For e*ample is your solution capable of properly handlin" an email with confidential content that indicates the messa"e should be 'uarantined and separate confidential content that indicates the messa"e should be bloc(ed!

Hes. Symantec DLP et)or0 Prevent for !mail supports multi(policy &andlin# suc& t&at a messa#e t&at violates multiple policies can $e classified as suc& and t&en &ave specific &andlin# rules applied to it. ,or e:ample' messa#es t&at are multi(policy violations may $e quarantined to specific folders assi#ned to t&e multi(policy violation condition. The accuracy of the solution is very important when automated prevention is enabled so that it does not i nterfere with le"itimate business processes. Do you have any production customers usin" automated email prevention! Please e*plain.

Hes. Symantec DLP et)or0 Prevent for !mail delivers t&e &i#&est accuracy $y usin# advanced detection tec&nolo#ies7 !:act Data >atc&in#' 9nde:ed Document >atc&in#' Descri$ed 6ontent >atc&in#' and ector >ac&ine Learnin#. 9n addition' it ena$les conditional $loc0in# $ased on policy' incident severity' and directory #roup information to ensure t&at only t&e critical incidents are $loc0ed. Hes. 8e &ave many customers )&o &ave deployed automated email prevention in production includin# 6iti#roup and CP>or#an 6&ase. Local customer references are availa$le upon request./ Aan your email prevention solution ta(e prevention actions without introducin" another HhopH in the outbound messa"e chain!

Hes. Symantec DLP et)or0 Prevent inte#rates )it& e:istin# >TAs' allo)in# companies to use t&eir infrastructure )it&out addin# an e:tra &op in t&e out$ound S>TP messa#in# flo). Aan your email prevention solution be inte"rated with our current messa"in" infrastructure! Please describe the options available.

Hes. Symantec DLP et)or0 Prevent for !mail inte#rates )it& any S>TP(compliant >TA )&ic& ena$les customers to use t&eir e:istin# infrastructure )it&out addin# a &op in t&e out$ound messa#in# flo). et)or0 Prevent for !mail can $e deployed in eit&er a reflectin# sin#le >TA/ or for)ardin# multiple >TA/ arc&itecture. Symantec &as deployed implementations )it& t&e follo)in# >TAs7 6isco 9ronPort' >cAfee !mail ate)ay' Proofpoint' Sendmail' Symantec >essa#in# ate)ay et)or0 Prevent for !mail also supports inte#ration )it& t&e follo)in# cloud security services7 oo#le Apps' >icrosoft ,orefront' Symantec !mail Security.cloud. Does your email prevention solution ensure messa"e delivery even in the event of a failure of your system! Please e*plain.

Hes. sin# DS preferences' t&e >TA can $e confi#ured to load($alance across multiple Symantec DLP et)or0 Prevent servers or to $ypass Symantec DLP et)or0 Prevent on failure mode so t&at messa#e delivery is not affected. Aan senders and security administrators be notified of a bloc(ed or 'uarantined email! Please e*plain.

Hes. !mail notification can $e sent to a sender' senderessa#in# ate)ay for encryption' delivery or a custom action directly )it&in DLP. Does your email prevention solution scale to cover multiple mill ions of messa"es per day! +ow many messa"es can your solution monitor in a 57%hour period with a reasonable hardware confi"uration and what is that hardware re'uirement!

Hes. A typical prevention cluster consists of t)o Symantec DLP et)or0 Prevent servers and one >TA standard 2 6P server &ard)are/. A sin#le et)or0 Prevent server )it& t&e recommended confi#uration processes "- email messa#esKsecond )it& avera#e messa#e si3e of 15- @B. 9n production deployments' a cluster of et)or0 Prevent servers can process more t&an *'--messa#es per minute or appro:imately " million messa#es in a 2(&our period. Additional clusters scale t&is num$er linearly. Does your email prevention solution support virtuali,ed deployment options!

Hes' Symantec DLP et)or0 Prevent for !mail is supported on >)are >)are !S .:' !Si .: and 5.:. T&is capa$ility allo)s t&e virtuali3ation of et)or0 Prevent services )it& ot&er D> components suc& as t&e >TA it also allo)s for multiple et)or0 Prevent installations on a sin#le &ard)are platform. Does your email prevention solution support deployments in TLS%encrypted email environments! Hes. Symantec DLP et)or0 Prevent for !mail supports $ot& opportunistic and mandatory TLS connections for email detection and analysis. T&is means et)or0 Prevent can protect your confidential emails even )&en TLS is used $et)een >TAs in your o)n messa#in# arc&itecture or )&en it is used for out$ound email for)arded to a cloud service provider e.#.' oo#le Apps' >icrosoft ,orefront' Symantec !mail Security.cloud/. Does your email prevention solution support load%balancin" of downstream #T2s as well as inte"ration with $SP #T2s!

PA! 2+


Hes. Symantec DLP et)or0 Prevent for !mail supports > for)ardin#' allo)in# it to load($alance )it& do)nstream >TAs and to inte#rate )it& 9SP >TAs. T&is functionality translates into increased &i#&(performance options load($alancin# and failover/ as )ell as t&e a$ility to inte#rate )it& cloud security services. Aan your email prevention solution accommodate a messa"in" architecture in which email is forwarded to an outside entity such as a cloud service provider! Hes. Symantec DLP et)or0 Prevent for !mail supports > for)ardin# as )ell as TLS connections for email detection and analysis. T&ese t)o features are important for accommodatin# email traffic t&at is for)arded outside your or#ani3ation to a cloud service provider e.#.' oo#le Apps' Symantec !mail Security.cloud/. Does your email prevention solution support deployment in a h ybrid environment that includes an off%premises hosted detection component in the cloud! Hes. Symantec DLP et)or0 Prevent for !mail supports secure installation and operation of its detection components/ in t&e cloud' )it&out requirin# P or any ot&er additional security en&ancements. 6ommunication )it& t&e on(premises !nforce Platform is supported $y use of a dedicated SSL certificate for t&e &osted !mail Prevent Servers/ in t&e cloud. T&is deployment option supports initiatives for outsourcin# t&e corporate messa#in# infrastructure to a &osted environment for e:ample' Fosted !:c&an#e/.

$# /e) Prevention Does your solution bloc( web communications and provide notifications! Please e*plain. $f third%party web pro*y inte"ration is a component of your bloc(in" solution which pro*ies are supported!

Hes. Symantec DLP et)or0 Prevent for 8e$ $loc0s FTTPKFTTPS communications suc& as mail' ,ace$oo0 and ot&er )e$ posts. ,or FTTPKFTTPS $loc0in#' et)or0 Prevent inte#rates )it& 96AP(ena$led )e$ pro:ies and &as certified FTTPKFTTPS prevention )it& t&e follo)in# pro:ies7 Blue 6oat Pro:yS 6isco 9ronPort S(Series >cAfee 8e$ ate)ay >icrosoft ,orefront T&reat >ana#ement ate)ay Squid 8e$ Pro:y Symantec 8e$ ate)ay 8e$sense Appliance 5---' 1---• • • • • • •

Aan your solution remove or replace sensitive data in web communications! Please e*plain.

Hes. 9n addition to $loc0in#' Symantec DLP et)or0 Prevent for 8e$ can conditionally remove content t&at violates policy. 8&en policy is violated' et)or0 Prevent removes t&e messa#e $ody or specific file attac&ments from a )e$mail messa#e or ot&er FTTP P%ST action. Aan your solution bloc( networ( transmissions over FTP! Please e*plain.

Hes. Symantec DLP et)or0 Prevent for 8e$ &as t&e a$ility to $loc0 net)or 0 transmissions over ,TP. ,or ,TP $loc0in#' et)or0 Prevent inte#rates )it& 96AP(ena$led )e$ pro:ies and &as certified ,TP prevention )it& t&e follo)in# pro:ies7 Blue 6oat Pro:yS 6isco 9ronPort S(Series >cAfee 8e$ ate)ay >icrosoft ,orefront T&reat >ana#ement ate)ay • • • •

Aan your solution control the latency it introduces to normal networ( communications! Please e*plain.

Hes. T&rou#& its pro:y inte#ration' Symantec DLP can carefully control t&e amount and type of net)or0 traffic it analy3es. 9n typical deployments' Symantec recommends deployin# Symantec DLP et)or0 Prevent on )e$ traffic constitutin# t&e &i#&est ris0 of confidential data loss' suc& as P%ST actions containin# attac&ments. 9n t&is )ay' Symantec DLP only sees a su$set of t&e traffic' )&ic& ensures t&e avera#e latency introduced is very lo) and t&e latency introduced on most traffic is actually 3ero. Does your solution support monitorin" and bloc(in" of encrypted@secure web communications >+TTPS?! Please e*plain.

Hes. Symantec DLP et)or0 Prevent can inspect content over FTTPS/ suc& as7

PA! 2*


•

Secure )e$mail' $ulletin $oards' or 9>

•

%vers&arin# t&rou#& $usiness applications

•

Anonymi3in# services t&at circumvent controls

•

>al)are transmittin# data via encrypted )e$

T&is is accomplis&ed t&rou#& 96AP inte#ration )it& Blue 6oat Pro:y S' 6isco 9ronPort S(Series' >cAfee 8e$ ate)ay and >icrosoft ,orefront T&reat >ana#ement ate)ay. Does your solution monitor social networ(in" sites and other eb 5.6 >242J%based? sites that dynamically update content! Please e*plain.

Hes. Symantec DLP et)or0 Prevent provides $ot& $loc0in# and content removal to prevent data loss to 8e$ 2.- sites. ser e:perience is more transparent )it& content removal since t&ere is less $ro)ser interaction required t&an )it& a $loc0in# response. Does your web prevention solution support virtuali,ed deployment options!

Hes' Symantec DLP et)or0 Prevent for 8e$ is supported on >)are !S .:' !Si .: and 5.:. T&is capa$ility allo)s for multiple et)or0 Prevent installations on a sin#le &ard)are platform. ,or more information' see Attac&ment A – System Requirements. Does your web prevention solution support deployment in a hybrid environment that includes an off%premises hosted detection component in the cloud! Hes. Symantec DLP et)or0 Prevent for 8e$ supports secure installation and operation of its detection components/ in t&e cloud' )it&out requirin# P or any ot&er additional security en&ancements. 6ommunication )it& t&e on(premises !nforce Platform is supported $y use of a dedicated SSL certificate for t&e &osted et)or0 Prevent for 8e$ Servers/ in t&e cloud.

56 Stora"e DLP- File Servers and Shares Databases Repositories 2$ Data Discovery Aan your solution 'uic(ly identify which machines contain confidential data without the need to perform a comprehensive scan of all data on a machine!

Hes. Symantec DLP et)or0 Discover provides an 9nventory Scan capa$ility t&at can quic0ly identify specific data repositories t&at contain confidential data. T&is scan mode ena$les an or#ani3ation to #ain visi$ility into data ris0 and compliance in a fraction of t&e time it )ould ta0e to perform a compre&ensive scan. Aan your solution scan indows and Linu* networ( file shares and file systems! Please list them and e*plain how they are scanned.

Hes. Symantec DLP et)or0 Discover scans t&e follo)in# file s&ares and file systems7 •

Any net)or0($ased file system )&ic& is mounta$le over t&e net)or0 on 8indo)s or Linu:7 69,S' ,S' D,S' S>B' ovell

•

Any 8indo)s accessi$le dis0($ased file system7 T,S' ,AT"2' >ac F,S/

•

Any Linu: accessi$le dis0($ased file system A9 and Solaris/7 e:t2' C,S' ,S

et)or0 Discover uses an a#ent(less approac& to perform scans of stored data $y readin# files and ot&er stored data over t&e net)or0' typically a LA. 9t uses a fle:i$le mountin# system t&at allo)s easy inte#ration )it& ot&er tar#et types. ,or a list of supported discovery scan tar#ets see Attac&ment  – Supported Scan Tar#ets.

PA! "-


Aan your solution scan 02S filers >e.". /#A 0et2pp?! Please e*plain.

Hes. Symantec DLP et)or0 Discover can scan AS filers via t&e 69,S protocol or t&e ,S protocol. Aan your solution scan Ini* file servers without the use of file%sharin" technolo"ies such as 0FS and A$FS!

Hes. Symantec DLP et)or0 Discover includes distri$uted scanners t&at scan 9 servers )it&out t&e use of file(s&arin# tec&nolo#ies. Aan your solution scan databases natively >e.". SKLServer?!

Hes. Symantec DLP et)or0 Discover scans any %DB6 or CDB6 compati$le data$ases includin# %racle' S?LServer' and DB2. 9t automatically discovers t&e data$ase sc&ema and scans a confi#ura$le num$er of ro)s from eac& ta$le in t&e data$ase' includin# BL%B and 6L%B columns. Any violations found are reported to t&e Symantec DLP !nforce Platform. Data$ase discovery can also $e confi#ured to scan specific parts of t&e data$ase if required. Aan your solution scan document mana"ement systems natively >e.". Sh arePoint?!

Hes. Symantec DLP et)or0 Discover monitors t&e follo)in# document mana#ement systems7 >icrosoft S&arePoint' >icrosoft S&arePoint %nline BP%S(Dedicated/' !>6 Documentum' %penTe:t LiveLin0' )e$ sites and )e$($ased repositories e.#.' )i0is/' Lotus otes' >icrosoft !:c&an#e' custom and ot&er repositories not listed &ere via )e$ services scannin# AP9. T&ese inte#rations use native AP9s to access t&e repositories' as opposed to more #eneric approac&es li0e 8e$DA and 69,S. T&e $enefits of usin# native AP9s include &i#&er performance and access to t&e repository(specific document meta(data )&ic& is t&en made availa$le to DLP incident reportin# and )or0flo). Aan your solution scan web servers and applications throu"h native +TTP crawlin"!

Hes. Symantec DLP et)or0 Discover supports out(of(t&e($o: scannin# of )e$ servers and applications t&rou#& native FTTP cra)lin#. Aan your solution scan #icrosoft .pst >Personal Stora"e Table? files! $f yes e*plain the level of support for findin" confidential data within the .pst file.

Hes. Symantec DLP et)or0 Discover supports scannin# of >icrosoft .pst files. T&ese files can often $e lar#e' from 1-- >B up to multiple Bs. Symantec DLP et)or0 Discover is capa$le of $rea0in# do)n t&ese comple: files and discoverin# confidential information t&at is contained in an individual messa#e or in an attac&ment. T&e a$ility to identify )&ic& .pst files contain confidential information as )ell as t&e amount of confidential information in eac& .pst allo)s an or#ani3ation to identify &i#&(ris0 files. Aan your solution scan bac(up data or bac(up sets!

Hes. Symantec DLP et)or0 Discover supports scannin# $ac0up sets created )it& Symantec Bac0up and Symantec Bac0up !:ec System Recovery. Aan your solution scan other (inds of tar"ets includin" custom repositories and support full reportin" on policy violations found in those repositories!

Hes. Symantec DLP et)or0 Discover provides an open AP9 )&ic& can $e used to connect to any data repository. ,or a list of supported scan tar#ets see Attac&ment  – Supported Scan Tar#ets. Aan your solution analy,e encrypted files for confidential data! Hes. Symantec DLP et)or0 Discover identifies t&e Symantec ,ile S&are !ncryption format and invo0es t&e Symantec !ncryption >ana#ement Server 0ey mana#ement service to decrypt securely on(t&e(fly. T&e decrypted content is analy3ed a#ainst enterprise policies. T&is feature allo)s or#ani3ations to deploy end(to(end information protection strate#ies.

22 Data Protection Aan your solution automatically copy files that violate policy!

Hes. Symantec DLP et)or0 Protect can automatically copy violatin# files $ased on policy as t&ey are detected. T&e files are copied to a secure location )&ere t&ey can $e accessed to support investi#ations.

PA! "1


Aan your solution automatically 'uarantine files that violate poli cy!

Hes. Symantec DLP et)or0 Protect can automatically quarantine violatin# files $ased on policy as t&ey are detected. T&e files are moved to a secure location )&ere t&ey can $e accessed to support investi#ations. Does your solution apply 'uarantine@release actions in Sharepoint repositories!

Hes. Levera#in# our ,le:Response Platform' Symantec DLP et)or0 Discover allo)s manual or automatic quarantine of S&arepoint documents. After proper remediation &as ta0en place' it is possi$le to restore documents to t&eir ori#inal location. Does your solution provide a way to inform file owners about 'uarantined files includin" details of why the file was 'uarantined which policy it violated and so on!

Hes. Symantec DLP et)or0 Protect can automatically leave mar0er files in place of files found to violate policy. T&ese mar0er files are fully customi3a$le and may contain information suc& as t&e violated policy name and ot&er attri$utes of t&e incident. !mail and Syslo# messa#es can also $e used for notification of data(at(rest incidents. Does your solution provide options for manually 'uarantinin" inappropriately e*posed files or conversely for restorin" 'uarantined files to their ori"inal location! Hes. Symantec DLP et)or0 Protect ena$les custom Smart Response rules t&at can $e invo0ed manually $y incident responders to quarantine discovered confidential files or' conversely' to restore quarantined files to t&eir ori#inal location. Does your solution provide an option for encryptin" confidential files! Hes. Symantec DLP et)or0 Protect ena$les a custom Smart Response rule t&at can $e invo0ed manually $y incident responders to encrypt discovered confidential files usin# Symantec ,ileS&are !ncryption. Does your solution provide options for applyin" di"ital ri"hts to confidential fil es! Hes. Symantec DLP et)or0 Protect ena$les custom Smart Response rules t&at can $e invo0ed manually $y incident responders to apply di#ital ri#&ts to discovered confidential files. T&ese response rules )or0 )it& several solutions' includin# >icrosoft R>S' %racle 9R>' Liquid >ac&ines' i#atrust' and Ado$e Live6ycle. Does your solution provide the fle*ibility to develop a wide variety of additional incident responses ran"in" from applyin" di"ital ri"hts to launchin" speciali,ed wor(flows! Symantec DLP s&ips )it& a ,le:Response Cava AP9 t&at lets you develop custom responses for et)or0' Stora#e' and !ndpoint incidents. ,le:Responses for Stora#e incidents can $e tri##ered manually $y incident responders Smart Responses/ or automatically upon incident capture auto responses/. Symantec DLP et)or0 Protect provides custom Stora#e ,le:Responses for manual quarantine' quarantine roll$ac0 restoration of t&e ori#inal file/' application of di#ital ri#&ts' and encryption in place. sin# ,le:Response' you can develop ot&er custom responses as required $y your or#ani3ation.

23 !ile *ccess and sa"e &onitorin" Does your solution display the ori"inal file location >and 'uarantine location if applicable? and policy match details for files found to violate policy!

Hes. T&e incident snaps&ot screen s&o)s all necessary details for quic0 assessment and remediation of stora#e incidents' includin# file name' last modified date' matc& information' file o)ner' file access control lists A6Ls/' file location and quarantine location' as )ell as any attri$utes loo0ed up in an e:ternal system suc& as a corporate LDAP directory. ,or a screens&ot' see ,i#ure * in Attac&ment D – Product Screens&ots. Does your solution have a way of identifyin" file owners when that information does not e*ist in the file system bein" scanned!

Hes. Symantec DLP et)or0 Discover provides a data o)ner loo0up module t&at allo)s an or#ani3ation to easily map files to o)ners. 9t also supports custom rule creation to automatically identify file o)ners $ased on server' pat&' A6Ls' or actual data accesses in ot&er )ords' readK)rite frequency/. et)or0 Discover2ALs? of files found to violate policy! Aan your system inte"rate with corporate directories to allow stora"e policy violations to be associated with a particular individual and business unit! Please e*plain.

Hes. T&e incident snaps&ot screen s&o)s all necessary details for quic0 assessment and remediation of stora#e incidents' includin# file name' last modified date' matc& information' file o)ner' file access control lists A6Ls/' file location and quarantine location' as )ell as any attri$utes loo0ed up in an e:ternal system suc& as a corporate LDAP directory. ,or a screens&ot' see ,i#ure * in Attac&ment D – Product Screens&ots.

PA! "2


Does your solution provide information about top users of a confidential file found in a stora"e incident!

Hes. Symantec DLP et)or0 Discover inte#rates )it& Symantec DLP Data 9nsi#&t to provide details a$out top users of confidential files found in stora#e incidents. 9nformation provided $y Data 9nsi#&t is displayed directly in t&e stora#e incident snaps&ot for ease of remediation. Does your solution provide the file access history >by all users? for a confidential file found in a stora"e incident!

Hes. Symantec DLP et)or0 Discover inte#rates )it& Symantec DLP Data 9nsi#&t to provide complete file access &istory $y all users/ on confidential files found in stora#e incidents. 9nformation provided $y Data 9nsi#&t is displayed directly in t&e stora#e incident snaps&ot for ease of remediation. Does your solution provide complete access permissions for a confidential file found in a stora"e incident!

Hes. Symantec DLP et)or0 Discover inte#rates )it& Symantec DLP Data 9nsi#&t to provide complete access permissions for confidential files found in stora#e incidents. 9nformation provided $y Data 9nsi#&t is displayed directly in t&e stora#e incident snaps&ot for ease of remediation. Aan your solution alert administrators when unusual folder or user activity is detected! Hes. Symantec DLP Data 9nsi#&t can send automatic alerts if anomalous folder or user activity is detected. ,or e:ample' Data 9nsi#&t can $e confi#ured to send an automatic alert if it detects an unusually &i#& num$er of user accesses to a specified folder 0no)n to contain confidential files. Does your solution provide ade'uate information to perform user%focused investi"ations >e.". see all files a user has accessed over the past year?! Hes. Symantec DLP Data 9nsi#&t lets you see all files residin# on 8indo)s file servers' AS filers and S&arePoint servers t&at users &ave accessed over a #iven period of time. 9ncident responders and investi#ation teams can use t&is detailed information to investi#ate severe incidents correlated to a particular user. Aan your solution identify open shares prior to scannin"! Hes. Symantec DLP Data 9nsi#&t can identify all availa$le s&ares presented to clients' includin# all open s&ares s&ares visi$le to all users/. Symantec DLP administrators can t&en include t&ese open s&ares in tar#ets to $e scanned $y et)or0 Discover. Does your solution provide a report that ran(s directories by data loss ris(!

Hes. Symantec DLP provides a ,older Ris0 Report t&at ran0s all scanned directories $y level of data loss ris0. T&e report' )&ic& com$ines data collected $y $ot& et)or0 Discover and Data 9nsi#&t' is an important tool for prioriti3in# remediation of Stora#e incidents. ,older ris0 is calculated $ased on incident severity' folder openness' and user access &istory. Administrators can create custom ,older Ris0 Reports filterin# on particular tar#et &osts' for e:ample/ and save t&em for on#oin# remediation and revie). Aan your solution provide a sin"le report coverin" stora"e incidents throu"hout the "lobal enterprise! Please e*plain.

Hes. Symantec DLP et)or0 Discover provides a sin#le unified reportin# interface for all stora#e incidents t&rou#&out t&e enterprise. %ver 5- pre(confi#ured reports are availa$le to &elp customers mana#e t&eir $usiness. ,or a screens&ot' see ,i#ure 15 in Attac&ment D – Product Screens&ots. Aan your solution provide the ability to filter incidents based on when they were detected!

Hes. Symantec DLP et)or0 Discover offers t&e a$ility to filter incidents $ased on detection time. Do your stora"e incident reports indicate when an inappropriately e*posed confidential file has been found previously in an earlier scan! Aan incident responders create reports that show only previously%seen incidents so that these can be prioriti,ed for ur"ent remediation! Hes. Symantec DLP et)or0 Discover reportin# indicates )&en a file &as $een detected previously' allo)in# incident responders to prioriti3e remediation of files t&at &ave remained inappropriately e:posed for e:tended periods. 9ncident responders can filter stora#e incidents on a ISeen BeforeJ attri$ute to create reports t&at include only incidents t&at &ave $een detected previously. 6onversely' responders can use t&is attri$ute to create reports t&at include only incidents t&at &ave never $een seen $efore.

24 5can &ana"ement Does your solution provide a sin"le mana"ement interface for all scan confi"uration and control enterprise%wide!

Hes. All scan confi#uration and control is done from Symantec DLP !nforce Platform' )&ic& offers a centrali3ed )e$($ased user interface. ,or a screens&ot' see ,i#ure 1G in Attac&ment D – Product Screens&ots.

PA! ""


Does your solution let administrators enter credentials securely into the system once and then select those stored credentials for use in multiple scans! Aan administrators 'uic(ly update credentials across multiple scan tar"ets!

Hes. Symantec DLP
Hes. T&e last(accessed attri$ute is not c&an#ed $y Symantec DLP et)or0 Discover scans. Does your solution support automatically scheduled repeat scannin"!

Hes. Symantec DLP et)or0 Discover scans can $e confi#ured to run automatically on a sc&eduled $asis. >ultiple scans may $e confi#ured )it& different sc&edule requirements. Aan your solution automatically pause scannin" durin" certain confi"urable time windows such as durin" daytime wor( hours!

Hes. Symantec DLP et)or0 Discover scans can $e confi#ured to temporarily stop runnin# durin# particular time )indo)s' suc& as durin# )ee0 )or0 &ours. >ultiple scans may $e confi#ured )it& different )indo)s. Does your solution support throttlin" to control impact on networ( and scanned system!

Hes. Symantec DLP et)or0 Discover scans may $e t&rottled $y $ytes per minute or files per minute. Does your solution support incremental scannin" to reduce the volume of data to be scanned!

Hes. Symantec DLP et)or0 Discover scans can $e confi#ured to automatically scan only t&at content )&ic& is ne) or c&an#ed since t&e previous scan. Does your solution support detailed scan status information! $f yes describe. Hes Symantec DLP et)or0 Discover supports detailed scan status information includin# identification of scan queue status' sc&eduled start time' paused status' and sc&eduled restart time. Aan your solution run multiple scans in parallel!

Hes. Symantec DLP et)or0 Discover scans may $e distri$uted to multiple scannin# servers allo)in# multiple scans to $e carried out in parallel. Aan your solution support runnin" multiple parallel scans on a sin"le scannin" server!

Hes. Symantec DLP et)or0 Discover supports t&e a$ility to deploy multiple scannin# tas0s concurrently on a sin#le et)or0 Discover server' )&ic& may $e a 8indo)s or Linu: server. Support for sin#le(server parallel scans improves t&e efficiency and t&rou#&put of t&e et)or0 Discover server $y ma:imi3in# its processin# po)er. Aan your solution perform incremental scannin" for SharePoint! Hes. Symantec DLP et)or0 Discover can $e confi#ured to scan only t&ose S&arepoint items t&at &ave not $een analy3ed $efore or t&ose t&at &ave $een modified since t&e last scan. 9t is possi$le to resume incremental scans from )&atever point t&ey left off' )&et&er or not t&e first scan )as a full scan. T&rou#& incremental scannin#' or#ani3ations can ac&ieve si#nificant performance and speed $enefits.

Aan your solution be confi"ured to scan specific machines independent of the way those machines may be a""re"ated within the enterprise!

Hes. Symantec DLP et)or0 Discover supports t&e a$ility to tar#et specific mac&ines $y 9P address' mac&ine name' or 9P address ran#e. T&is offers fle:i$ility to roll out scannin# incrementally or to tar#et deeper investi#ative scans on a particular mac&ine of interest. Aan your solution trac( incident remediation on subse'uent scans! Hes. Symantec DLP et)or0 Discover Provides an option to trac0 remediation status of file(system incidents. T&ere are t&ree confi#uration options7 •

9tem o Lon#er !:ists7 T&e item &as $een moved' deleted' or renamed. T&is option is confi#ured $y default.

PA! "


•

9tem >odified7 T&e item &as $een modified and no lon#er violates a policy. T&is option is off $y default.

•

Policy >odified7 T&e policy t&at t&e files/ violated &as c&an#ed. 9f $ot& t&e item and policy &ave c&an#ed' t&e incident )ill $e remediated as J9tem modifiedJ. T&is option is off $y default.

,or remediated items' all associated incidents )it& same item' location' and policy/ s&o) remediation status. %r#ani3ations can automatically demonstrate ris0 reduction and focus on un(remediated incidents Aan your solution automatically discover open shares! Hes. Symantec DLP et)or0 Discover can automatically locate open s&ares on 69,S servers. Automatic discovery can also $e limited to administrative s&ares only. 9n t&is )ay' Symantec DLP &elps or#ani3ations replace t&e difficult process of manually identifyin# s&ares.

2 5cale and 5ecurity Aan your solution scan remote locations with low n etwor( bandwidth! Please e*plain.

Hes. Symantec DLP4s multi(tier arc&itecture ena$les scannin# servers to $e positioned at remote locations close to t&e scanned systems. Results from remote scans are automatically consolidated to provide a sin#le enterprise()ide vie) of data )&erever it is stored or used' $ot& on t&e net)or0 and on t&e endpoint. Does your solution restrict communications to (nown ports between the scanned system and the scannin" server only! Please e*plain.

Hes. Symantec DLP et)or0 Discover uses standard file(s&arin# protocols $et)een t&e scanned system and t&e scannin# server. o additional ports are required. Does your solution offer both a"ent%less and a"ent%based deployment options!

Hes. Symantec DLP et)or0 Discover includes $ot& a#ent(less and a#ent($ased arc&itectures for scannin#. Does your solution offer an a"ent%based deployment option for Ini* servers! hich platforms are supported!

Hes. Symantec DLP et)or0 Discover includes distri$uted scanners t&at run on Linu:' A9' and Solaris. Does your solution impose any re'uirements >such as OS version or prere'uisite software@system libraries? on the scanned system!

o. Symantec DLP et)or0 Discover employs server($ased scans t&at use standard file(s&arin# functionality supplied in all standard installations. o special soft)are or li$raries are required on t&e scanned &ost.

5: /ndpoint DLP- Laptops Des(tops 3irtual Des(top $nfrastructure 27 On and Off etwor0 &onitorin" Does the endpoint solution provide continuous protection of confidential data re"ardless of whether the user is on or off the networ(!

Hes. Symantec DLP !ndpoint Prevent provides continuous monitorin# of user activities re#ardless of )&et&er t&e user is onKoff t&e corporate net)or0. All data and events are securely stored on t&e endpoints and transferred to !ndpoint servers )&en t&e user connects $ac0 to t&e net)or0 P or direct connect/ to provide a compre&ensive vie) of user activities on t&e endpoint. Aan the endpoint solution monitor remote users who may be disconnected for a lon" time or only connected via a sl ow lin(!

Hes. Symantec DLP !ndpoint Prevent securely stores all data on t&e endpoint computer until t&e user connects $ac0 )it& t&e net)or0 eit&er directly or via a P. T&e a#ent communication can $e t&rottled for lo) $and)idt& connections.

PA! "5


2 ndpoint vent Covera"e Does your endpoint solution levera"e the same data loss poli cies >mana"ed from the same administration console? that are used for your networ( and stora"e solutions! Administrators can mana#e all DLP policies and remediation )or0flo) from Symantec DLP !nforce Platform and deploy t&ose policies universally to protect all data loss t&reats' includin# for endpoint computers. Aan your endpoint solution detect user attempts to send confidential data usin" $nternet protocols >e.". email webmail $# FTP? even when the endpoint is disconnected from the corporate networ(! $f yes what user actions and protocols does your endpoint solution support!

Hes. T&e Symantec DLP !ndpoint A#ent provides complete net)or0 event covera#e )&en t&e endpoint is on and off t&e corporate net)or0. T&e a#ent can monitor and optionally $loc0 t&e follo)in#7 •

!mail &eaders' $odies' and attac&ments

•

FTTPKFTTPS te:t and attac&ments

•

,TP file transfers

•

9> c&at and file transfers

•

S,TP

•

SSF

•

6opy fromKto net)or0 s&ares via 8indo)s !:plorer/

•

Bluetoot&

•

!ncrypted and proprietary protocols7 S0ype' 8e$!:' Live>eetin#' iTunes' Blac0Berry' oo#le 6&rome' Ado$e 6onnect' %ffice 6ommunicator

Aan your endpoint solution prevent the use and sendin" of confidential d ata by any application on the endpoint computer! Hes. Symantec DLP !ndpoint Prevent features are #enerally application(a#nostic' meanin# t&at' e:cept for specific cases' !ndpoint Prevent can monitor and $loc0 covered vectors for most standard applications. 9n addition' t&e !ndpoint Prevent Application ,ile Access 6ontrol feature lets you inspect all files opened $y any applications )it& proprietary or encrypted protocols applications t&at do not use standard 8indo)s calls/. T&is means !ndpoint Prevent can monitor and $loc0 t&e use of confidential data $y any application used on t&e endpoint' includin# unaut&ori3ed encryption applications as )ell as applications t&at use a proprietary protocol for e:ample' >icrosoft %ffice 6ommunicator/. >any applications' suc& as S0ype' 8e$!:' >icrosoft Live>eetin#' >icrosoft %ffice 6ommunicator' Bluetoot&' iTunes' and oo#le Tal0' are covered out(of(t&e($o:' and administrators can quic0ly confi#ure !ndpoint Prevent to cover any additional applications as needed. Aan your endpoint solution monitor and prevent attempts to copy confidential data to removable stora"e devices >e.". IS AD@D3D SD@AF eS2T2?! Hes. Symantec DLP !ndpoint Prevent provides a fully content(a)are endpoint a#ent to continuously monitor confidential data copied to remova$le media for e:ample' SB' 6DKDD' SDK6, cards' eSATA and so on/. Symantec DLP !ndpoint Prevent can also prevent t&ese events in real(time. Does your endpoint solution allow e*ceptions for the authori,ed copy of confidential data to trusted >company%approved? removable devices! Hes. Symantec DLP !ndpoint Prevent can $e confi#ured to allo) copy of confidential data to trusted remova$le devices. ,or e:ample' you can create an e:ception to allo) copies to corporate(approved' encrypted SB drives' even if you &ave confi#ured a policy to prevent copy of confidential data to SBs #enerally.

PA! "G


Aan your endpoint solution detect user attempts to download confidential data >in structured and unstructured format? to their hard drives!

Hes. Symantec DLP !ndpoint Prevent provides a fully content(a)are endpoint a#ent to monitor do)nloads of confidential data to t&e endpoint. Aan your endpoint solution monitor and bloc( the copy of confidential data to and from networ( shares!

Hes. Symantec DLP !ndpoint Prevent can monitor and prevent t&e copy of confidential data to and from any net)or0 file s&are accessed via 8indo)s !:plorer' includin# attempted copies from a file s&are to t&e local endpoint &ard drive or from t&e &ard drive to a s&ared folder on a userana#er Lan>an/' Remote Des0top Protocol RDP/' 8e$ Distri$uted Aut&orin# and ersionin# 8e$DA/. Aan your endpoint solution detect user attempts to print or electronically fa* confidential data! Hes. Symantec DLP !ndpoint Prevent is capa$le of monitorin# and $loc0in# t&e printin# or fa:in# of confidential data. Aan your endpoint solution detect user attempts to print copy or paste confidential information! Hes. Symantec DLP !ndpoint Prevent is capa$le of monitorin# and $loc0in# confidential data from $ein# copied or pasted into a ne) file or from $ein# transferred off t&e des0top. Does your endpoint solution cover end%user actions performed throu"h Aitri* published applications and des(tops!

Hes. Symantec DLP !ndpoint Prevent covers end(user actions performed t&rou#& pu$lis&ed applications and des0tops runnin# on 6itri: enApp and enDes0top. !ndpoint Prevent covera#e is provided $y installin# t&e !ndpoint A#ent on t&e appropriate 6itri: server. T&is covera#e is very useful' for e:ample' )&en employees or contractors use t&in clients' &ome computers' or &and&eld devices to access applications or des0tops pu$lis&ed $y 6itri:. 9f suc& users try to copy confidential data from t&e pu$lis&ed application or virtual des0top to t&eir local des0top or SB drive for e:ample/' !ndpoint Prevent monitors or $loc0s t&is action accordin# to your data loss prevention policies. Aan your endpoint solution display complete details about the incident includin" the file name user information policy match details and a copy of the ori"inal file that violated policy!

Hes. Symantec DLP !ndpoint Prevent provides complete visi$ility into policy violations' includin# t&e username of t&e policy violator' a copy of t&e ori#inal file' and &i#&li#&ts of t&e content t&at violated policy. ,or a screens&ot' see ,i#ure + in Attac&ment D – Product Screens&ots. Aan your endpoint solution apply different policies to different endpoint users or user "roups and do the different policies apply even when these users are lo""ed into the same endpoint computer! Hes. Symantec DLP !ndpoint Prevent offers endpoint user #roup detection rules t&at let you tar#et your policies to)ard specific endpoint users or #roups of users. T&is can $e especially useful in s&ared(computer environments. ,or e:ample' you can use t&is feature to apply a more restrictive policy to a call center employee t&an to &is or &er mana#er )&en lo##ed into t&e same computer/. Anot&er common e:ample is to apply a more restrictive policy to an 9T &elpdes0 representative t&an to an e:ecutive' so t&at )&en t&e &elpdes0 representative trou$les&oots t&e e:ecutiveRDP?!

PA! "


Hes. Symantec DLP !ndpoint Prevent can $e installed on a 8indo)s server t&at &osts virtual des0top sessions usin# Remote Des0top Services. Symantec DLP !ndpoint Prevent monitors t&e RDP protocol for any sensitive data t&at is transferred from t&e virtual des0tops to any remote client. 9f sensitive data is discovered' t&e Symantec DLP !ndpoint Prevent $loc0s t&e data from $ein# sent to t&e remote client. Does your endpoint solution cover end%user actions performed throu"h virtual des(top providers! Hes. Symantec DLP !ndpoint Prevent can protect virtual des0top providers suc& as enDes0top' >icrosoft Fyper(  and >)are ie). %r#ani3ations can confi#ure t&e Symantec DLP !ndpoint Prevent to monitor stora#e volumes' print and fa: requests' clip$oards' and net)or0 activity on t&e virtual des0tops to prevent users from copyin# confidential data t&at is stored on a &osted virtual des0top to anot&er computer or device.

2# ndpoint Discovery Does your solution include a"ent%based data discovery on end%user machines!

Hes. T&e Symantec DLP endpoint a#ent supports discovery of stored data on t&e endpoint. Does the a"ent perform detection locally avoidin" the need to transmit data over the networ(!

Hes. T&e a#ent performs detection locally. %nly t&e results of t&e scan need to $e transmitted over t&e net)or0 for centrali3ed reportin#. Does a"ent%based scannin" continue to operate when the machine is off the networ(!

Hes. T&e a#ent continues to scan and results are $uffered )&ile t&e mac&ine is off t&e net)or0. After t&e mac&ine reconnects' t&e $uffered results are sent to t&e central server. Aan policies be defined once and used for both networ( >a"ent%less? and a"ent%based discovery!

Hes. T&e same policies can $e deployed to $ot& a#ent(less and a#ent($ased scans. $s scan pro"ress reported centrally while scans are runnin"!

Hes. All a#ents report pro#ress to a central location for an up(to(date pro#ress report )&ile scans are runnin#. et)or0 Discover supports detailed scan status information includin# identification of scan queue status' sc&eduled start time' paused status' and sc&eduled restart time. Aan your endpoint solution automatically 'uarantine confidential files found d urin" an endpoint discovery scan!

Hes. Symantec Data Loss Prevent !ndpoint Discover can automatically quarantine confidential files eit&er locally to a folder on t&e endpoint computer includin# to an encrypted folder/ or remotely to a folder on t&e net)or0. Does your a"ent%based data discovery include a timeout! Hes. Symantec DLP !ndpoint Discover can $e confi#ured to timeout after a specified time period. An !ndpoint Discover scan mi#&t not complete due to one or more !ndpoint computers remainin# disconnected from t&e !ndpoint Server. An !ndpoint Discover scan can $e confi#ured to stop scannin# if an !ndpoint computer remains offline for a specified amount of time. Does your a"ent%based data discovery have hi"h resilience features! Hes. Symantec DLP !ndpoint Discover can potentially levera#e multiple endpoint mana#ement servers. 9n t&e event of an a#ent( server disconnection from t&e primary !ndpoint Server durin# a scan tas0' t&e a#ent can continue t&e scan $y esta$lis&in# a connection to a defined $ac0up !ndpoint Server. T&e a$ility to connect to additional servers also improves !ndpoint Discover performance in load($alanced environments. Aan your a"ent%based data discovery scans use operatin" system environment variables as filter criteria! Hes. Symantec DLP !ndpoint Discover can create !ndpoint Discover scans t&at tar#et or e:clude specific file locations re#ardless of t&e %peratin# System version or platform. ,or e:ample' an administrator may )ant to create an !ndpoint Discover tar#et t&at only scans t&e >y Documents folder on all user systems. To create t&is scan' t&e administrator )ould add t&e varia$le E>yE EDocumentsE to t&e scan tar#et. Administrators can use $ot& system varia$les and user varia$les.

PA! "+


3% ndpoint Detection *ccuracy Aan your endpoint solution protect confidential content re"ardless of file type or file location >for e*ample can it distin"uish between an /*cel document with confidential data which must be protected vs. an /*cel document w ithout confidential data which is not protected?!

Hes. Symantec DLP !ndpoint Prevent provides full' content(a)are protection to protect confidential data )it&out interruptin# le#itimate $usiness use of t&e endpoint. 9t protects only t&ose files t&at contain confidential data' )it&out interferin# )it& similar files t&at do not contain confidential information. Does your endpoint solution support detection based on content fin"erprintin" >of both databases and documents? and learned content >machine%learnin" detection methods?! Aan it support hundreds of millions of customer records or hundreds of thousands of fin"erprinted documents without cripplin" the endpoint devices!

Hes. Symantec DLP !ndpoint Prevent provides full' content(a)are protection )it& all availa$le descri$ed content' learned content ector >ac&ine Learnin#/' and fin#erprintin# unstructured or structured data/ detection tec&nolo#ies. Symantec DLP !ndpoint Prevent intelli#ently distri$utes processor(intensive content detection across t&e des0top a#ent and Symantec DLP !ndpoint server to protect lar#e amounts of confidential data )it&out compromisin# t&e usa$ility of endpoint devices. 9n addition to fin#erprintin# and descri$ed content detection met&ods' ector >ac&ine Learnin# uses li#&t)ei#&t statistical profiles $ased on analysis of small sets of sample documents/ and is )ell(suited for &i#&ly accurate detection usin# minimal endpoint resources. Does your endpoint solution support hierarchical user@"roup policies with confi"urable remediation@responses!

Hes. Symantec DLP !ndpoint Prevent supports all of Symantec DLP4s &ierarc&ical policies. Policies can $e #lo$al across t&e entire suite of products includin# data discovery' protection' monitorin#' and prevention on t&e net)or0 and at t&e endpoint/' apply only to certain users or #roups as defined $y any availa$le directory field suc& as $usiness unit' department' or #eo#rap&ical re#ion/' or apply only to specific a#ents. ote t&at endpoint user #roup detection rules let you tar#et policies to)ard specific endpoint users or #roups of users even )&en t&ey are lo##ed into t&e same endpoint computer. All policies are mana#ed centrally t&rou#& t&e Symantec DLP !nforce Platform server. Aan your solution detect file metadata! Hes. Symantec DLP can detect policy violations $ased on metadata. 8&en t&is feature is ena$led' it is possi$le to detect metadata for >icrosoft %ffice and PD, documents. ,or >icrosoft %ffice files' %$;ect Lin0in# and !m$eddin# %L!/ metadata is supported' )&ic& includes t&e fields Title' Su$;ect' Aut&or' and @ey)ords. ,or PD, files' Document 9nformation Dictionary metadata is supported' )&ic& includes fields suc& as Aut&or' Title' Su$;ect' 6reation' and pdate dates.

3$ ndpoint *"ent Deployment and &ana"ement Does your solution offer a sin"le a"ent that is capable of discoverin" monitorin" and protectin" confidential data!

Hes. Symantec DLP !ndpoint Protect and !ndpoint Discover s&are a common a#ent arc&itecture. A sin#le a#ent performs all functions on t&e endpoint' includin# SB monitorin# and endpoint discover scannin#. Does your endpoint solution operate usin" minimal system resources >i.e. API dis( and memory?! Please e*plain resource re'uirements. Hes. T&e Symantec DLP !ndpoint a#ent &as a minimal footprint on endpoint computers. 9t requires appro:imately 25>B of dis0 and 25>B of memory. T&e a#ent monitors user activity in t&e $ac0#round )it& minimal 6P requirements. T&e Symantec DLP administrator can control &o) muc& 6P po)er t&e a#ent can use at any time and t&e a#ent )ill intelli#ently t&rottle $ac0 processin# so as not to disrupt end user activity for e:ample' )aitin# until t&e endpoint computer is idle to analy3e lar#e files/. Does your endpoint solution have any special features for minimi,in" resource use durin" file inspection! Hes. T&e Symantec DLP !ndpoint a#ent cac&es inspection results on files considered &armless so t&at' if t&ese )&itelisted files are encountered a#ain' t&e a#ent can s0ip detection. ote t&at t&e rule results cac&e is very compact and is not s&ared $et)een endpoint computers' so resource and $and)idt& requirements are not impacted. Aan your endpoint solution monitor physical and virtual des(tops! Please list the operatin" systems and virtuali,ed environments supported by your endpoint a"ent.

Hes. T&e Symantec DLP !ndpoint A#ent supports t&e follo)in# operatin# systems and virtuali3ed environments7

PA! "*


•

Apple >ac %S  1-.+' 1-.*

•

>icrosoft 8indo)s ' +.-' +.1 Server 2--"' Server 2--+

•

6itri: enApp .5' G.-' G.5 enDes0top ".-' .-' 5.-' 5.G

•

>icrosoft Fyper(

•

>)are 8or0station G.5 >)are ie) .G

Aan your endpoint solution be deployed with e*istin" des(top mana"ement tools >e.". Symantec #ana"ement Platform #icrosoft S#S or $# Tivoli?!

Hes. Symantec DLP for !ndpoint is pac0a#ed in standard >icrosoft 9nstaller >S9/ pac0a#es for ease of deployment )it& standard des0top mana#ement tools suc& as S>S and Tivoli. 9n addition' t&e Symantec DLP for !ndpoint includes Symantec >ana#ement Platform' )&ic& ena$les administrators to easily deploy t&e Data Loss Prevention !ndpoint a#ent. Does your endpoint solution provide robust options for a"ent mana"ement and troubleshootin" from within a central administrative console! Hes. T&e Symantec DLP !nforce Platform administration console provides native options for vie)in# a#ent status revie)in# a#ent events disa$lin#' ena$lin#' restartin#' and s&uttin# do)n a#ents pullin# a#ent lo#s c&an#in# t&e endpoint server )it& )&ic& a#ents communicate and desi#natin# specified a#ents as $ein# under investi#ation. 2re your endpoint a"ent mana"ement and troubleshootin" tools desi"ned to be mana"ed by non%$T staff!

Hes. Symantec DLPana#ement Platform S>P/' )&ic& can $e inte#rated optionally and easily )it& t&e !nforce Platform administration console to provide support for continuous automatic a#ent discovery and sc&eduled a#ent deployment. S>P identifies initial and any ne) mac&ines to understand )&at needs to $e deployed in any particular environment. LDAP inte#ration allo)s policies and response rules to $e mapped to #roups or individuals )it&in t&e or#ani3ation. Aan your endpoint solution support automatic a"ent updates and policy chan"es without re'uirin" third%party tools!

Hes. Symantec DLP for !ndpoint supports a#ent confi#uration updates and automatic policy updates. 8indo)s 9nstaller >S9 / pac0a#es are also availa$le for customers if t&ey c&oose to mana#e a#ent updates t&rou#& t&eir e:istin# des0top mana#ement solutions. Does your endpoint solution support different a"ent confi"urations for individual a"ents or "roups of a"ents! Hes. T&e Symantec DLP solution lets you create any num$er of a#ent confi#urations ( specifyin# different t&reat vectors to monitor' different filters for monitorin#' different settin#s for endpoint resource usa#e' etc. ( )&ic& you can t&en apply to individual endpoint servers. Do your endpoint a"ents have failover capability! Aan you mi"rate a "roup of a"ents from one endpoint server to another >for mana"ement purposes?! Hes. Administrators can confi#ure Symantec DLP endpoint a#ents to connect to one of multiple specified Symantec Data Loss Prevent !ndpoint Servers. 9n t&e event of server failure' t&e a#ent automatically connects to anot&er endpoint server in t&e failover list. T&e system also includes t&e a$ility to re(assi#n an a#ent or #roup of a#ents to a different endpoint server )&enever needed. T&is is useful' for e:ample' )&en you )ant to move e:istin# a#ents to a ne) endpoint server t&at &as ;ust $een deployed into your environment. Aan your endpoint solution mana"e a"ents connectin" over open networ(s >$nternet? to a"ent mana"ement servers deployed in the D#C! Hes. Symantec DLP for !ndpoint features a li#&t)ei#&t and secure endpoint communications layer $ased on t&e FTTP and SSL protocols FTTPS/. Symantec DLP A#ents connect to !ndpoint Servers securely usin# open 9nternet standards. Symantec DLP !ndpoint Servers can $e deployed in t&e D> and connect to Symantec DLP A#ents securely )it&out t&e need for P. Aan your mana"ement system apply a"ent confi"urations based on user or machine directory properties or conditions! Hes. Symantec DLP for !ndpoint mana#ement servers can &ost multiple A#ent roups confi#urations $ased on dynamic attri$utes derived from A#ent information' ser or >ac&ine directory properties. %r#ani3ations can levera#e t&e provided out(of( t&e($o: predefined set of attri$utes for e:ample7 computer name' arc&itecture or version of t&e operatin# system' current lo##ed(

PA! -


in user' domain of t&e computer' etc./. Additionally' a#ent #roup mem$ers&ip can $e assi#ned from t&e com$ination of userKmac&ine Directory properties suc& as $usiness unit' mana#er' office location. Dynamic A#ent roup confi#urations not only result in lo)er incremental &ard)are costs $ut also in a fle:i$le arc&itecture t&at )ill ena$le strict DLP policies ali#ned )it& strate#ic initiatives Does your mana"ement system provide tools to monitor the health status of the endpoint a"ents! Hes. Symantec DLP !nforce allo) or#ani3ation quic0ly identify t&e &ealt& status of deployed Symantec DLP for !ndpoint A#ents. T&is $uilt(in feature facilitates a#ent &ealt& reportin# $y providin# a summari3ed vie) of t&e a#ents instead of providin# a sin#le list of all deployed a#ents. %r#ani3ations &ave full visi$ility over t&e a#ent &ealt& status' )&ic& can ran#e from a#ents operatin# under normal conditions up to endpoints requirin# immediate trou$les&ootin# and attention. hat type of alerts does your mana"ement system have to review endpoint events! Hes. Symantec DLP !nforce platform &as a compre&ensive set of alerts t&at provide endpoint a#ent &ealt& status for t&e follo)in# items7 ,ile system driver' A#ent service' A#ent store' Detection'' %utloo0 plu#(in' Lotus otes plu#(in' A9> plu#(in' Active Directory user #roup resolution' A#ent trou$les&ootin# tas0' A#ent monitorin#' 6ras& dump' Soft)are compati$ility and Reportin#. Does your mana"ement system have a"ent mana"ement and troubleshootin" capabilities! Hes. Symantec DLP !nforce platform provides $uilt(in a#ent mana#ement and trou$les&ootin# )it& native a$ility to vie) a#ent status revie) a#ent events disa$le' ena$le' set lo##in#(level' restart' and s&ut do)n a#ents pull a#ent lo#s c&an#e t&e endpoint server )it& )&ic& a#ents communicate and desi#nate specified a#ents as $ein# under investi#ation.

32 ndpoint .ncident +eportin" Does your solution show access control list >2AL? information for endpoint discovery incidents as well as for incidents involvin" user copies to the local drive! Hes. Symantec DLP !ndpoint Discover captures and displays access control list A6L/ information in endpoint discovery incidents. Symantec DLP !ndpoint Prevent displays t&is same type of information in incident snaps&ots for local(drive incidents incidents tri##ered $y t&e copy of confidential data to t&e local endpoint drive/. A6L information #ives incident responders an understandin# of )&ic& files are at ris0 in s&ared directories or t&rou#& RDP sessions. Does your solution include complete actionable information on endpoint incidents includin" information about IS FTP and $# incidents on the endpoint! Hes. Symantec DLP endpoint incident snaps&ots contain actiona$le information in every incident snaps&ot' $ot& for !ndpoint Prevent and !ndpoint Discover. !ndpoint Prevent incidents include important information a$out SB' ,TP' and 9> incidents' )&ere applica$le.

33 ndpoint 5cala)ility Aan your endpoint solution scale to tens of thousands of endpoint a"ents in a production environment! Please e*plain how the solution supports this and provide an e*ample of your lar"est endpoint deployment.

Hes. Symantec DLP for !ndpoint is proven to )or0 effectively in production environments runnin# up tens of t&ousands of endpoint a#ents. 9t levera#es a t&ree(tier deployment arc&itecture t&at provides linear scala$ility to support t&ousands of a#ents on eac& endpoint server t&e mana#ement server can support up to a &undred endpoint servers. Symantec DLP &as $een deployed in customer production environments t&at monitor and protect &undreds of t&ousands of endpoints e.#.' 6iti#roup – "5-@' CP>or#an 6&ase ( "1-@/. Does your endpoint solution support deployment in virtuali,ed environments!

Hes. T&e Symantec DLP !ndpoint Server' )&ic& ena$les $ot& t&e !ndpoint Prevent and !ndpoint Discover products' is supported on >)are !S .- !SK!Si .1 and 5.:. T&is support allo)s for multiple !ndpoint Server installations on a sin#le &ard)are platform. Does your endpoint solution support "eo"raphically dispersed machines for "lobal deployments of endpoint a"ents while maintainin" a central mana"ement@reportin" interface! Please e*plain.

Hes. Symantec DLP4s distri$uted arc&itecture )it& t&ree(tier deployment ena$les lar#e enterprises to support #eo#rap&ically dispersed deployments )&ere endpoint a#ents can $e confi#ured to communicate )it& t&e closest !ndpoint Server. All !ndpoint Servers across t&e #lo$al deployment securely communicate $ac0 to t&e Symantec DLP !nforce Platform server for centrali3ed incident reportin# and remediation. Aan your endpoint mana"ement servers be deployed in load%balanced environments! Hes. Symantec DLP for !ndpoint supports deployment for !ndpoint Severs in environments )&ere load $alancers are used. T&e

PA! 1


communication layer and fle:i$le endpoint arc&itecture allo) or#ani3ations to accommodate Symantec DLP for !ndpoint servers )it&out modifyin# t&eir net)or0 infrastructure. Does your endpoint mana"ement solution offer controls to mana"e bandwidth throttle! Hes. Symantec DLP for !ndpoint offers full control over t&e a#ent(to(server connection interval' )&ic& can ran#e from a persistent connection to a transient c&ec0(in interval. Suc& fle:i$le confi#uration options let or#ani3ations stri0e t&eir required $alance $et)een scala$ility and communication frequency.

34 ndpoint *"ent 5ecurity Does your endpoint solution secure the a"ent from end%user tamperin"! Please e*plain.

Hes. Symantec DLP for !ndpoint levera#es standard 8indo)s access control ri#&ts' confi#ura$le layers of o$fuscation' and additional protection mec&anisms to safe#uard prevent users from tamperin# )it& t&e a#ent file system' services and re#istry components. %ptionally' t&e endpoint a#ent can $e protected $y requirin# a pass)ord for uninstallation. Aan your endpoint solution detect end%user tamperin" and restart itself if it is stopped!

Hes. T&e Symantec DLP endpoint a#ent includes a tamper(proofin# )atc&do#/ service t&at monitors t&e main a#ent service and restarts it if it is ever tampered )it&. T&e main a#ent service' in turn' monitors t&e )atc&do# and restarts it if it is ever tampered )it&. Aan your endpoint solution ensure that communications between a"ents and server are authenticated and secure!

Hes. All communications require $i(directional a#entKserver aut&entication and t&e data is protected )it& Advanced !ncryption Standards A!S/.

98 #obile DLP- iOS and 2ndroid Devices 36 &o)ile Device Covera"e Aan your solution provide monitorin" and protection for mobile devices! Please e*plain and list supported operatin" systems. Hes. T&e Symantec DLP for >o$ile solution monitors and protects confidential data used $y employees on t&eir mo$ile devices )it&out disruptin# $usiness. 9t consists of t)o modules7

1.

>o$ile !mail >onitor inspects confidential email do)nloaded to t&e native mail app over t&e >icrosoft !:c&an#e ActiveSync protocol on i%S and Android devices7 • • •

2.

i"ad), i"ad3, i"ad mini and i6S '->, *-0-> i"#one , i"#one S, i"#one 5, i"#one 5S, i"#one 5C and i6S '->, * Android 6S Felly @ean -&-> 2Felly @ean, -)->, -3-> 2Felly @ean

>o$ile Prevent monitors and protects out$ound net)or0 communications sent from t&e native mail app >icrosoft !:c&an#e ActiveSync/' native $ro)ser FTTPKFTTPS/' and popular apps e.#.' Drop$o:' ,ace$oo0/ on i%S devices7 • •

i"ad), i"ad3 , i"ad Mini and i6S '->, *-> i"#one  and i"#one S , i"#one 5, i"#one 5S , i"#one 5C and i6S '->, *

PA! 2


37 &o)ile Device Protection Aan your solution provide real time protection for outbound traffic on mobile devices! Hes. Symantec DLP >o$ile Prevent detects and $loc0s confidential data in 8e$mail' ,TP' and t&ird(party applications suc& as Drop$o: and ,ace$oo0. >o$ile Prevent &as minimal performance impact and does not affect users )&ose devices are $ein# protected. Aan your solution bloc( emails sent from mobile devices! Hes. Symantec DLP >o$ile Prevent monitors and protects emails sent $y employees from iPads and iP&ones typically company( o)ned/. 9t detects and $loc0s confidential data in corporate email sent via >icrosoft !:c&an#e ActiveSync.

3 1rin" our Own Device Aan your solution monitor corporate email sent to employee%owned >OD? d evices! Please e*plain the supported devices and operatin" systems. Hes. >o$ile !mail >onitor inspects confidential email do)nloaded to t&e native mail app over t&e >icrosoft !:c&an#e ActiveSync protocol on company and employee(o)ned i%S and Android devices7

3- i"ad), i"ad3, i"ad mini and i6S '->, * - i"#one , i"#one S, i"#one 5, i"#one 5S, i"#one 5C and i6S '>, * 5- Android 6S Felly @ean -&-> 2Felly @ean, -)->, -3-> 2Felly @ean Aan your solution provide visibility into confidential data bein" sent to mobile devices! Hes. Symantec DLP >o$ile !mail >onitor 0eeps a continuous record of data $ein# do)nloaded to mo$ile devices. 9n t&e event of loss or t&eft' or#ani3ations can easily identify and assess t&eir ris0 of $ein# compromised.

9; Aloud DLP- Aloud 2pplications and /mail 4% Cloud Vision hat is your company)s vision for protectin" confidential data that is stored and shared in the cloud!

T&e rapid adoption of cloud services in t&e enterprise is creatin# ne) data loss prevention c&allen#es for 9nformationK9T Security. !mployees are usin# cloud services to store' s&are and e:c&an#e data )it& or )it&out approval from 9T. 9n addition' 69%s and 69S%s are under constant pressure to reduce t&e cost and comple:ity of 9T )&ile improvin# productivity for t&e $usiness. Symantec
4$ Cloud *pplications Aan your solution monitor cloud applications >e.". o*.n et Dropbo* SharePoint?! Please e*plain.

Hes. Symantec DLP provides out(of($o: support for popular cloud($ased applications7 •

Symantec DLP et)or0 Prevent for 8e$ monitors and $loc0s uploads to cloud($ased stora#e suc& as Bo:.net and Drop$o:. 9t also &as en&anced compati$ility )it& many cloud services to provide customers )it& improved end(user e:periences.

•

Symantec DLP et)or0 Discover scans Dedicated S&arePoint environments. Symantec is t&e only DLP vendor certified to do so $y >icrosoft.

PA! "


hat is your vision for securin" cloud applications!

Symantec
42 Cloud mail Does your solution support email monitorin" for hosted email services >e.". Office9:8 &mail?!

Hes. Symantec DLP et)or0 Prevent for !mail and et)or0 Prevent for 8e$ can $e deployed in pu$lic or private clouds $y Symantec Speciali3ed DLP Partners. B!8 lo$al and ot&er >ana#ed Security Service Providers are usin# t&is capa$ility to deliver a mana#ed & y$rid cloud deployment confi#uration solution to customers. Does your solution inte"rate with hosted email and web security services >e.". &oo"le 2pps Symantec.cloud?!

Hes. Symantec DLP supports inte#ration )it& oo#le Apps' >icrosoft ,orefront %nline Protection for !:c&an#e ,%P!/' Symantec !mail and 8e$ Security.cloud. hat is your vision for securin" cloud email! Symantecicrosoft !:c&an#e %nline or %ffice "G5 and mail. 9n addition' )e )ill ena$le data loss prevention email detection servers/ to $e &osted in t&e cloud )it& DLP in t&e 6loud Services. T&is )ould reduce t&e total cost of o)ners&ip and improve time to value of DLP.

79 #ana"ement and Security 44 .nterface Does the solution have a sin"le unified console for all confi"uration and reportin" operations across all detection paths!

Hes. Symantec DLP !nforce Platform is t&e central' )e$($ased mana#ement application t&at ena$les or#ani3ations to $uild' deploy' and automatically enforce consistent data loss prevention policies across all Symantec DLP products. T&e !nforce Platform automatically enforces policies )it& a centrali3ed application for detection accuracy' policy mana#ement and automatic enforcement' access control' and )or0flo) and reportin#. Does the solution allow multiple concurrent accesses to the administration@reportin" system! Please indicate the ma*imum number of concurrent users supported.

Hes. Symantec DLP &as no limit to t&e amount of concurrent accesses to t&e Symantec DLP !nforce Platform' )&ic& &ouses t&e reportin# system. $s the solution available in any lan"ua"es other than /n"lish!

Hes. Symantec DLP is fully internationali3ed7 •

A locali3ed version of t&e mana#ement user interface is provided in !n#lis&' ,renc&' Capanese' Simplified 6&inese' Traditional 6&inese' @orean' Spanis&' Bra3ilian Portu#uese and Russian.

•

9t supports multi(national deployments $y allo)in# t&e mana#ement console to $e vie)ed in different locali3ed lan#ua#es on a per(user $asis )it& a sin#le DLP !nforce server.

•

9t supports auto(detection of 25 lan#ua#es for endpoint pop(up notifications )it&out requirin# a separate response rule or policy for a certain su$set of users t&at spea0 a #iven lan#ua#e. >any components of t&e user interface ( suc& as report titles' email and pop(up notifications' and policy names ( support all lan#ua#es includin# dou$le($yte c&aracter sets.

PA! 


4 ser *ut'entication and .dentity +esolution Aan multiple users be created within the system and assi"ned to various roles! $f yes are the followin" supported•

Aan a role be confi"ured to contain any combination of permissions!

•

Aan a role be created to have access to system administration functions but not to policy incident or employee information!

•

Aan a role have the ability to author policies but not to deploy them l ive on the networ(!

•

Aan a role be created that allows users to vi ew incidents but not to modify or remediate them!

•

Aan a role be created that has the ability to see summary reports trend reports and hi"h%level metrics without the ability to see individual incidents!

Hes. T&is is supported in Symantec DLP. T&e user administration system supports a variety of data(loss(prevention(specific roles li0e Ireport vie)er'J Iincident remediator'J Iuser administrator'J Ipolicy aut&or'J and so on. T&e follo)in# role permissions are availa$le )it&in Symantec DLP7 a/

ser Administration

$/

Server Administration

c/

ie) Reports

d/

ie) 9ncident Details Display Attri$utes/

e/

Remediate 9ncidents

f/

Delete 9ncidents

#/ !:port 8e$ Arc&ive &/

>L !:port

i/

Reportin# AP9

;/

>ana#in# individual policies or #roups of policies

0/ Policy Aut&orin# l/

,ile System Scan 6ontrol

m/ 6redential >ana#ement

Additionally' to ensure privacy safe#uards for employees' roles can $e used to control access to incident attri$ute fields' suc& as7 •

>essa#e 6ontent

PA! 5


•

>ar0up e:cerpt &i#&li#&tin# t&e violation/

•

Sender

•

Recipients

•

9ncident Fistory

•

6ustom Attri$ute Privile#es from Active Directory andKor LDAP' suc& as !mployee 9D' Last ame' ,irst ame' P&one um$er' >ana#er Last ame' >ana#er ,irst ame' >ana#er !mail' Business nit' and so on/

Roles can $e assi#ned to partitions suc& t&at access to policies or incidents can $e restricted. ,or e:ample' access could $e defined $ased on t&e $usiness unit from )&ic& an incident ori#inated. T&is &elps ensure t&at users do not &ave access to data outside of t&eir area of responsi$ility. Pertainin# to t&e specific questions mentioned' t&e follo)in# are supported7 •

A role can $e confi#ured to &ave any com$ination of t&e role permissions.

•

Symantec DLP &as a System Administrator role )&ic& allo)s t&is.

•

Symantec DLP &as a Policy Administrator role )&ic& allo)s t&is.

•

Symantec DLP &as a ie) 9ncidents role )&ic& allo)s t&is.

•

Symantec DLP &as a ie) Reports role )&ic& allo)s t&is.

Does the system allow user authentication to be controlled in an e*ternal directory >for e*ample 2ctive Directory?!

Hes. ser aut&entication )it& Active Directory @er$eros v5/ is supported so t&at pass)ords can $e mana#ed in an e:ternal directory instead of locally stored on t&e Symantec DLP system. Does your solution support Sin"le Si"n%On >SSO?!

Hes. Symantec DLP supports t&e use of standard .5-* certificates for aut&entication to t&e !nforce Server administration console. T&is allo)s user to securely aut&enticate to !nforce usin# certificates #enerated $y t&eir o)n Pu$lic @ey 9nfrastructure P@9/. ,or e:ample' t&is implementation supports t&e use of t&e .S. Department of Defense 6ommon Access 6ard 6A6/ for aut&entication. Symantec DLP supports t)o met&ods for c&ec0in# certificate revocation7 6ertificate Revocation List 6RL/ and %nline 6ertificate Status Protocol %6SP/. Does your solution support inte"ration with directories for sender@file owner identity resolution! Please e*plain specific uses.

Hes. Symantec DLP can resolve sender identities includin# non(email incidents/ for purposes of reportin# for e:ample' incident $rea0do)n $y $usiness unit/ as )ell as access control for e:ample' access $ased on sender4s #eo#rap&ical re#ion/. Symantec DLP supports an import arc&itecture t&at allo)s for inte#ration )it& a )ide variety of directories' data$ases' and ot&er $usiness applications t&at may contain relevant identity data. Additionally' 9dentity Resolution supports real(time identity resolution a#ainst LDAP(compliant directories. Aan these e*ternal loo(up inte"rations be easily updated as the directory information and sources chan"e! Describe how this is accomplished.

Hes. T&e script loo0up plu#(in follo)s a standard inputKoutput format supported in any scriptin# lan#ua#e. As suc&' it can $e readily updated $y customers as t&e information sources or t&e data format c&an#es )it&out any furt&er inte#ration effort.

PA! G


46 Distri)uted *rc'itecture Does your architecture support remote sites and networ( u sers distributed across many different locations! Describe any limitations around number of components. Please describe a typical deployment and where each component resides. Please attach a detailed architecture dia"ram

Hes. Symantec DLP &as a multi(tier arc&itecture t&at efficiently processes policy updates' data inde:in#' and incident flo)s. T&e arc&itecture scales to &undreds of et)or0 >onitor servers and et)or0 Discover servers' t&ousands of endpoint a#ents for eac& !ndpoint server' all usin# a sin#le centrali3ed !nforce Platform server. Symantec DLP servers can $e deployed to cover all e:its points and net)or0 locations' and t&e arc&itecture is desi#ned to scale linearly $y addin# more &ard)are to increase capacity. ,or a detailed arc&itecture dia#ram' see Attac&ment A – Arc&itecture and Fard)are Requirements. Aan all networ( components be confi"ured and mana"ed throu"h a sin"le centrali,ed I$! Please describe any system confi"uration or mana"ement not accessible throu"h a web based I$. Please describe conditions where the I$ is not centrali,ed >for e*ample where you need to lo" into indi vidual networ( components to receive system events or lo" data?.

Hes. All aspects of system mana#ement and confi#uration are accessed t&rou#& t&e centrali3ed )e$($ased system mana#ement 9. Does your solution have failover capability!

Hes. Symantec DLP supports clusterin#Kload $alancin# across t&e entire product line. Symantec DLP Prevent supports load $alancin# amon# multiple Prevent servers via DS round ro$in )&en inte#ratin# )it& an >TA' and )it& pro:y(supported 96AP load($alancin# )&en inte#ratin# )it& pro:y servers. Symantec DLP et)or0 >onitor supports load $alancin# $y partitionin# traffic amon# multiple monitors' t&rou#& t&e use of 9P filterin# confi#ured on t&e monitors. Symantec DLP et)or0 Discover scans can $e distri$uted amon# multiple Discover servers eit&er e:plicitly' or $y allo)in# Discover to c&oose from amon# a cluster of servers on )&ic& to deploy a scan ;o$. Symantec DLP !nforce Platform supports deployin# t&e %racle data$ase on a separate tier allo)in# t&e application to ta0e advanta#e of %racle data$ase clusterin# support. ,or eritas 6luster Server 6S/ customers' a DLP 6S a#ent for !nforce is availa$le for real(time' automatic failover of !nforce )it& no data loss. 9n addition' Symantec DLP et)or0 >onitor implements t&e follo)in# features to ad;ust for communication failures or une:pected $ursts of messa#e traffic7 •

•

9ncident re(transmission. 9f communications $et)een a et)or0 >onitor server and t&e !nforce Platform server are disrupted' for e:ample' t&e et)or0 >onitor server continues to re(transmit incidents until it is a$le to positively verify t&at t&e !nforce Platform server &as received t&e communication. 9ncident processin# flo) control. 9f t&e rate of out$ound communications e:ceeds t&e capacity of a Symantec DLP et)or0 >onitor' it )ill ma0e ad;ustments in t&e processin# of messa#es to #uarantee a $est(effort at retainin# copies of messa#e streams for later processin#. As t&e traffic li#&tens' and demand on t&e mac&ines resources li#&tens' t&e system automatically recovers and processes t&e $ac0lo#.

Symantec DLP !nforce Platform is $uilt on top of a variety of 6%TS tec&nolo#ies )it& fault(tolerant capa$ilities. Typical deployments to current customers include dual(redundant po)er supplies and various levels of RA9D confi#uration. T&e main 6%TS components t&at en&ance relia$ility and fault(tolerance are7 •

%racle($ased stora#e system

•

Redo(lo#s to assist system recovery from unforeseen errors

•

6ommercial(#rade $ac0up and restore functionality

PA! 


47 5ystem &ana"ement Does your solution provide standard reports on system traffic performance and throu"hput metrics! Please describe the capabilities and provide a screenshot.

Hes. Symantec DLP provides system traffic reports t&at provide details on t&e amount of data capture in >B/' files inspected' incidents created' unprocessed files' and pac0ets discarded for eac& monitorin# server. T&is allo)s t&e customer to perform effective traffic filterin# and capacity mana#ement on all Symantec DLP servers. ,or screens&ots' see ,i#ures 1+ and 1* in Attac&ment D – Product Screens&ots. Does your solution store captured data and lo"s in a centrali,ed database! hich database is it and is it included in the license cost!

Hes. All incidents and audit lo# events are stored in Symantec DLP !nforce Platform
Hes. 9ncidents can $e deleted $y t&e system administrator t&ey can also $e deleted in $ul0. Does your solution "ive administrator control over the amount of incident data that "ets stored in the database!

Hes. Administrators can specify )&et&er certain incident details are stored in t&e data$ase. 9ncident details t&at can $e 0ept out of t&e data$ase )&ile retainin# t&e incident for trendin# and &istoric reference include7 •

Attac&ments )it& no violations

•

All attac&ments

•

%ri#inal messa#e

Aan your solution be deployed on different operatin" systems >e.". indows Linu*?!

Hes. T&e Symantec DLP for !ndpoint' >o$ile' et)or0 and Stora#e detection servers can $e deployed on7 •

>icrosoft 8indo)s Server 2--+ R2' !nterprise !dition and Standard !dition

•

>icrosoft 8indo)s Server 2-12

•

Red Fat !nterprise Linu: 5 pdate  t&rou#& Linu: 5 pdate 1- G($it/

•

Red Fat !nterprise Linu: G pdate  and 5 G($it/

9n addition' t&e Symantec DLP Data 9nsi#&t server can $e deployed on7 •

>icrosoft 8indo)s 2--"' 2--+' 2-12

•

Red Fat !nterprise Linu: 5.5U 9nde:er soft)are only/

Does your solution run on commodity hardware! Please list the hardware re'uirements.

Hes. T&e minimum recommended &ard)are requirements are7 •

2 : ".- F3 6P

PA! +


•

G ( + B RA>

•

1- B local dis0 space 5-- B for !nforce Platform/

•

1 copper or fi$er 1$K1-->$ !t&ernet 96 to communicate )it& t&e !nforce Server/

•

%peratin# systems7 >icrosoft 8indo)s Server 2--+ R2' !nterprise !dition and Standard !dition >icrosoft 8indo)s Server 2-12 Red Fat !nterprise Linu: 5 pdate  t&rou#& Linu: 5 pdate 1- G($it/ Red Fat !nterprise Linu: G pdate  and 5 G($it/

Does your solution support virtuali,ed deployment options!

Hes. Symantec DLP detection servers can $e deployed on >)are !S .- !SK!Si .1 and 5.: e:cept )&ere indicated ot&er)ise7 1.

Symantec DLP !nforce Platform

2.

Symantec DLP for !ndpoint7 !ndpoint Discover' !ndpoint Prevent

".

Symantec DLP for et)or07 et)or0 Prevent for !mail' et)or0 Prevent for 8e$

.

Symantec DLP for Stora#e7 et)or0 Discover' et)or0 Protect

9n addition' t&e Symantec DLP !ndpoint A#ent supports t&e follo)in# virtuali3ed environments7 •

6itri: enApp .5' G.-' G.5 enDes0top ".-' .-' 5.-' 5.G

•

>icrosoft Fyper(

•

>)are 8or0station G.5 >)are ie) .G

4 5ystem 5ecurity Aan customers determine the security of the underlyin" technolo"y platform!

Hes. Because Symantec DLP uses standard operatin# and system &ard)are components' customers can verify t&at systems are consistent )it& industry $est practices' includin#7 Fost Security •

T&e server %S is confi#ured )it& t&e minimum required permissions and active services.

•

All unnecessary accounts for e:ample' I#uestJ/ are removed from t&e system.

•

ser and Administrator pass)ords are c&an#ed to meet &i#& minimum standards.

PA! *


Services are deployed )it& t&e minimal necessary permissions. Services are not run )it& Administrator privile#es. •

Deployed systems are confi#ured )it& a default(deny T6PK9P security policy t&at only admits t&ose protocols necessary to run t&e system.

•

>onitorin# of net)or0 traffic occurs on a 96 t&at &as T6PK9P disa$led. T&is 96 is only confi#ured to accept incomin# !t&ernet traffic t&at is safely reconstituted as T6PK9P communication streams $y t&e application.

•

Administrative functions are operated over a separate mana#ement 96.

+as your solution under"one any e*ternal audits or security certifications! $f not detail any future plans for obtainin" such certification.

Hes. Symantec DLP under#oes re#ular security audits $y leadin# soft)are security and quality consultin# firms to validate t&e security of its $usiness lo#ic' tec&nolo#y stac0' and controls' and &as $een found to $e compliant )it& industry $est practices for application and data level security. $s your solution certified for or currently under"oin" certification for Aommon Ariteria!

Hes. Symantec DLP is currently under#oin# certification for 6ommon 6riteria. T&e product is tar#eted for and currently on trac0 for ac&ievin# certification for Level 2U. 2re security patches mana"ed for your solution! +ow does your solution E(now that a security patch i s needed!

Hes. Symantec prepares re#ular patc& releases t&at are coordinated )it& t&e security patc& cycles of t&e t&ird(party vendors< soft)are t&at is em$edded in our product. Symantec also carefully )atc&es ne)s#roups and )e$sites to ensure t&at off(sc&edule security patc&es are factored into our security patc& update plan. 9n eit&er case' Symantec – as part of t&e on#oin# support process – tests our soft)are for compati$ility )it& t&ese security patc&es and proactively contacts customers )it& instructions on )&ic& patc&es' if any' to apply. 2re the communication lin(s into and out of the hosts that run your solution secured! List the specific protocols ciphers and (ey len"ths used to secure this traffic.

Hes. Administrative functions are protected via SSL(encrypted communication usin# RSA(1-2($it 0eys. SSL communication $et)een Symantec DLP et)or0 >onitor and Symantec DLP !nforce Platform use server and client(side certificates to perform mutual aut&entication. 2re there any special measures ta(en to secure confidential data in your solution! $f so list these measures includin" >as appropriate? ciphers (ey%len"ths and (ey%mana"ement schemes.

Hes. All captured and stored confidential data is secured via t&e follo)in# measures7 •

9ncident data ori#inal captured messa#es and stored messa#e components/ are encrypted usin# A!S encryption and 12+( $it 0eys.

•

Fas&in# usin# SFA(1 is done for !D> inde:es and user
•

•

•

A ne) 0ey is created periodically' minimally every "- days t&is is confi#ura$le/. All encryption 0eys are 0ept in secure 0eystore )&ic& resides inside %racle and is t&erefore additionally protected $y %racle security/. T&is 0eystore is encrypted )it& a >aster 0ey t&at is derived from t&e IAdministratorJ account pass)ord. 8&enever t&e IAdministratorJ account pass)ord is c&an#ed t&is secure 0eystore is re(encrypted )it& t&e ne) pass)ord. T&e unencrypted version of t&is 0eystore e:ists only in RA> memory of Symantec DLP soft)are processes )&en t&ey are runnin#. ,urt&ermore' t&e IAdministratorJ account pass)ord is not stored in %racle only &as&es of pass)ords stored t&ere/ and t&erefore $rea0in# into t&e data$ase )ill not compromise t&e 0eystore.

PA! 5-


9n addition7 •

All data$ase ta$les are confi#ured )it& minimum permissions suc& as very strict access controls/ and t&e DB user account used to access t&ese ta$les is confi#ured as a non(administrative account.

•

T&e installation process forces t&e installer to c&an#e t&e default administrator pass)ord.

•

Symantec DLP confi#ures t&e accounts to use pass)ords )it& &i#& minimum standards for pass)ord quality. Symantec DLP is )illin# to adopt t&e pass)ord security standards used $y your or#ani3ation' $ut )e recommend a minimum of 1c&aracters' )it& mi:ed(case' punctuation' and di#its.

2re users of your solution authenticated and authori,ed securely! Specifically list the measures used to securely store and process passwords or other authentication to(ens.

Hes. Symantec DLP implements t&e follo)in# aut&entication security measures7 Administrative and reportin# functions are controlled via mandatory access control met&ods usin# SSL encrypted pass)ord aut&entication. Access to application functionality is controlled via permission #roups t&at allo) #ranular allocation of capa$ilities to aut&ori3ed users $y t&e Symantec DLP application administrator. T&e Symantec DLP application securely &as&es stored aut&entication pass)ords t&at #overn permissions for users of t&e Symantec DLP system. T&e system automatically lo#s out any user )&o is inactive for lon#er t&an ten minutes. T&is parameter is confi#ura$le. •

•

•

•

$s every lo"in into the solution and modification to policies or incidents lo""ed in an audit trail!

Hes. Symantec DLP maintains a &istory of all actions performed $y users on t&e Symantec DLP !nforce Platform system. T&e audit trail is stored in t&e Symantec DLP !nforce Platform data$ase. 6&an#es or actions made to an incident messa#e' suc& as status and comments' are all lo##ed and visi$le in t&e &istory of t&e incident. 6reation of and modifications to policies' users' incidents' and e:act data profiles are also maintained as audit events in t&e data$ase. Does the solution have the capability to disallow lo"ins! +ow are lo"ins re%enabled! Please e*plain.

Hes. Symantec DLP local user administration allo)s for enforcement of stron# pass)ords' maintains pass)ord &istory' and allo)s for disa$lin# and re(ena$lin# lo#ins. T&is can also $e dele#ated to an e:ternal directory via t&e LDAP AP9.

4# .nte"ration and *P.s Please provide a "eneral description of your solution)s options for inte"ration with third%party products includin" any available 2P$s.

Symantec DLP provides seamless inte#ration )it& t&ird(party solutions in your environment7 •

•

•

•

%&siness Intelligence ( Symantec <=" can e>port incident data to any usiness intellience or das# oardin solutions 2e--, Arc#er, @usiness 6ects, Crystal 7eports /ia an open We Ser/ices A".(lo&d Services ( Symantec <=" supports interation wit# a road rane o cloud ser/ices includin 4oole Apps, Microsot 1oreront, Microsot 2c#ane and S#are"oint, and Symantec Email Security-cloudEmail Encryption ( Symantec <=" interates wit# a road rane o email encryption ateways 2e--, Cisco .ron"ort, "roopoint, Symantec Encryption to pro/ide automated encryption o sensiti/e messaes and ile attac#mentsEnterprise Digital $ig"ts Management -ED$M. ( Symantec <=" 2etwor:
PA! 51


•

•

•

•

•

)ile Encryption ( Symantec <=" 2etwor: "rotect oers turn:ey interation wit# Symantec Encryption and SecureGip or ile(ased encryption- Symantec <=" can also e interated wit# any ot#er encryption oerin t#at accepts t#ird(party in/ocation /ia t#e Symantec <=" 1le>7esponse A".Mail +ateways/MTAs ( Symantec <=" interates wit# any SM8"(compliant M8A- 8#is enales customers to use t#eir e>istin inrastructure wit#out addin an e>tra #op in t#e outound messain low$emediation and Ticeting Systems ( Symantec <=" e>ports incidents to t#ird(party remediation and tic:etin systems 2e-- 7emedy or common incident #andlin and wor:lowSec&rity Information and Event Management -SIEM. D Symantec <=" syslo output response rules allow you to easily e>port incident data to rane o S.EM systems!eb Pro'ies ( Symantec <=" 2etwor: "re/ent or We interates wit# .CA"(enaled We pro>ies and #as certiied H88"H88"S pre/ention wit# @lue Coat, Cisco .ron"ort, McAee, Microsot 1oreront, Squid, Symantec We 4ateway and Wesense-

9n addition' you can easily e:tend t&e functionality of Symantec DLP to ot&er security and stora#e solutions from Symantec7 •

Symantec %ac&p E'ec System $ecovery D ec System 7eco/ery to enale scannin o ac:up imaes or conidential dataSymantec (ontrol (ompliance S&ite D tract, decrypt and analy;e te>t in 1ileS#are(encrypted documents? it interates wit# Symantec *niversal +ateway Email to enorce policy(ased encryption o email and pro/ide closed( loop conirmation o secure deli/ery in t#e
Does your solution support inte"ration with #T2s >#essa"e Transfer 2"ents?!

Hes. Symantec DLP et)or0 Prevent for !mail inte#rates )it& any S>TP(compliant >TA )&ic& ena$les customers to use t&eir e:istin# infrastructure )it&out addin# a &op in t&e out$ound messa#in# flo). et)or0 Prevent for !mail can $e deployed in eit&er a reflectin# sin#le >TA/ or for)ardin# multiple >TA/ arc&itecture. Symantec &as deployed implementations )it& t&e follo)in# >TAs7 6isco 9ronPort' >cAfee !mail ate)ay' Proofpoint' Sendmail' Symantec >essa#in# ate)ay. Does your solution support inte"ration with eb pro*ies!

Hes. Symantec DLP et)or0 Prevent for 8e$ inte#rates )it& 96AP(ena$led )e$ pro:ies and &as certified FTTPKFTTPS prevention )it& t&e follo)in# pro:ies7 Blue 6oat Pro:yS 6isco 9ronPort S(Series >cAfee 8e$ ate)ay >icrosoft ,orefront T&reat >ana#ement ate)ay Squid 8e$ Pro:y Symantec 8e$ ate)ay 8e$sense Appliance 5---' 1---• • • • • • •

PA! 52


Does your solution support inte"ration with email encryption "ateways! Please e*plain.

Hes. Symantec DLP et)or0 Prevent inte#rates )it& messa#e encryption #ate)ays' includin# Symantec ate)ay !mail !ncryption' 6isco 9ronPort Post' olta#e' and Proofpoint to provide automated encryption of sensitive messa#es and file attac&ments. 9t also inte#rates )it& Symantec !mail !ncryption.cloud to provide a &osted encryption option as )ell. Does your solution support inte"ration with case or problem mana"ement systems! Please e*plain.

Hes. Symantec DLP &as t&e capa$ility t&rou#& t&e policy enforcement process automation feature to send incident information to a case mana#ement or security event mana#ement system' suc& as ArcSi#&t. 9nte#ration is confi#ura$le and $ased on policy. Symantec DLP can send events to any Syslo#(ena$led case mana#ement or security event mana#ement system. Does your solution support inte"ration with email archivin" solutions! Please e*plain.

Hes. 9nte#ration )it& arc&ival systems is supported. Symantec DLP et)or0 Prevent can $e confi#ured to modify &eaders or su$;ect lines of analy3ed emails in a )ay t&at tri##ers do)nstream arc&ivin#. ote t&at Symantec DLP et)or0 Discover can also inte#rate )it& arc&ives to support eDiscovery a#ainst stored email. 9n addition' Symantec DLP can inte#rate seamlessly )it& Symantec !nterprise ault to provide content(a)are inspection and automated ta##in# of >icrosoft !:c&an#e emails for arc&ival. Hou can use any availa$le Symantec DLP detection met&od to classify !:c&an#e emails' and automatically apply any arc&ivin# ta#s confi#ured in !nterprise ault. T&e Symantec DLP component of t&is feature is inte#rated into t&e #eneral product arc&itecture and is confi#ured and controlled from )it&in t&e central !nforce Platform administration console. Does your solution support inte"ration with third%party reportin" compliance and remediation systems! Hes. Symantec DLP s&ips )it& a 8e$ Services AP9 t&at allo)s inte#ration )it& t&ird(party reportin#' compliance' and remediation systems. T&ird(party systems can pull incident lists' individual incident details as recorded in incident snaps&ots/' and complete incident $inaries from t&e Symantec DLP system. 8e$ service connections are secured over SSL and t&e t&ird(party system must aut&enticate )it& Symantec DLP as a user defined in t&e DLP system )it& special Reportin# AP9 privile#es.

86 Support $ .mplementation Do you have a professional services team to assist wi th the implementation on%site!

Hes. Symantec
Hes. Symantec 6onsultin# Services offers advisory' ena$lement' e:pert resident and installation services7

Data Loss Prevention 2dvisory Services

Symantec DLP Advisory services are desi#ned to assist or#ani3ations in t&e development of a Data Protection Pro#ram strate#y. !ac& en#a#ement $e#ins )it& a discovery p&ase' )&ere consultants revie) 0ey $usiness o$;ectives' sta0e&olders' success criteria' and roles and responsi$ilities for t&e en#a#ement. 6onsultants provide a pro;ect plan and time(line for t&e proposed start and completion of t&e strate#y sessions' includin# 0ey milestones. T&e analysis p&ase includes a revie) of t&e current security landscape $ased on t&e customer
PA! 5"


Data Loss Prevention /nablement

T&is offerin# provides customers )it& a full implementation of Symantec DLP from a tec&nical and operational perspective. Symantec DLP consultants provide a documented implementation and system inte#ration plan' includin# tec&nical #oals' success criteria' and roles and responsi$ilities. After plannin#' t&e consultants assist t&e customer in implementin# t&e Symantec DLP application and its components on customer(provided &ard)are. After implementation' system component testin# and tunin# is provided. 9n con;unction )it& tec&nical plannin#' consultants $e#in t&e $usiness advisory portion of t&e en#a#ement $y plannin# and desi#nin# t&e DLP rule sets' ris0 reduction tar#ets' incident response )or0flo)' reportin# and metrics' and employee communications. After t&e tec&nical implementation' consultants assist t&e customer in t&e implementation of t&e policies' processes' reports' and communication plan' as previously defined. 6onsultants also provide a DLP pro#ram road map to assist t&e customer in furt&er maturin# t&eir pro#ram and reducin# operational ris0.

Data Loss Prevention /*pert Resident

8it& t&e Data Loss Prevention !:pert Resident service' consultants provide DLP administration for day(to(day activities' sc&eduled maintenance' and optimi3ation of t&e DLP environment. Administration includes' $ut is not limited to' t&e desi#n' confi#uration' documentation' and mana#ement of incident response rules' policies' reports' and user roles. 6onsultants provide #uidance on data analysis and strate#ic direction. Pro#ram status and pro#ress reports are provided and communicated to team mem$ers' $usiness o)ners' and sta0e&olders on a )ee0ly or quarterly $asis.

Data Loss Prevention $T 2nalytics $nstall

T&e DLP 9T Analytics installation $e#ins )it& t&e revie) of customer $usiness o$;ectives. 6onsultants revie) t&e confi#uration of t&e server &ard)are desi#nated for t&e 9T Analytics server to determine readiness for t&e installation of 9T Analytics. T&e 9T Analytics server and content pac0s are installed alon# )it& t&e initial cu$e and report. T&e consultant performs initial cu$e processin# and creates up to t)o processin# sc&edules. 6u$e contents and functionality are tested and verified. T&e consultant also transfers 0no)led#e on %LAP cu$e fundamentals' use of pivot ta$les' reports' das&$oards' and 0ey performance indicators availa$le )it&in 9T Analytics for DLP. A final report' includin# documentation of current(state confi#uration of 9T Analytics for DLP and recommendations $ased on initial analysis of activities to $e performed in support of identified $usiness o$;ectives' is provided.

,or more information a$out consultin# services' visit7 ))).symantec.comKit(consultin#(services Do you have domain e*perts who can assist in the creation of policies advise on industry best practices and establish the ri"ht business processes!

Hes. Symantec
T&e typical Symantec DLP implementation &as t)o overlappin# p&ases. T&e first p&ase is system deployment' )&ic& ta0es t)o )ee0s or more dependin# on t&e comple:ity of t&e environment. T&e second p&ase' or $usiness ena$lement p&ase' is an on#oin# process of policy development' policy tunin#' and incident remediation. A 0ey driver of t&e total effort is t&e level of $usinessKprocess implementation support t&e customer requires from Symantec in order to fully deploy. Since Symantec DLP is a

PA! 5


$usiness tool' not ;ust a tec&nolo#y' t&ere may $e more effort associated )it& providin# t&is $usiness ena$lement support. Symantec &as found t&at in any Data lose Prevention solution' 1-E of t&e solution is findin# t&e data )&ile t&e ot&er *-E of t&e solution is t&e remediation of t&at data once it &ad $een found. ,i:in# $ro0en $usiness processes and settin# up t&e policies and procedures necessary to fi: t&ose processes are )&at ta0e t&e lar#est portion of t&e time. Do you have e*perience implementin" your software in "lobal or"ani,ations that have country%specific remediation concerns!

Hes. T&e Symantec DLP solution is desi#ned for deployment in lar#e' comple: net)or0 environ ments. %ur centrali3ed !nforce platform can mana#e up to 1-- individual detection servers distri$uted across a #lo$al corporation
Hes. As part of every en#a#ement' t&e consultants )or0 )it& customers to define t&e initial metrics for system reportin#. T&ese metrics are intended to monitor ris0 reduction over time and demonstrate pro#ram success. 9n addition' a periodic &ealt& c&ec0 is offered t&at measures system performance' incident remediation and reportin# procedures' pro#ram development pro#ress' and enterprise()ide pro#ram adoption a#ainst our unique DLP >aturity >odel. T&e results &elp customers set process improvement #oals and priorities t&at )ill accelerate tec&nolo#y adoption' lo)er T6%' and furt&er promote an enterprise()ide culture of security.

2 rainin" hat has been the typical time for a typical end user to become proficient!

Typical end users &ave $ecome proficient )it&in a day of usin# Symantec DLP
Symantec !ducation Services provides compre&ensive and fle:i$le DLP trainin# options desi#ned to quic0ly ramp up administrators and incident responders on tec&nical product 0no)led#e and implementation $est practices so t&ey can $e#in reducin# data loss ris0 immediately. Symantec recommends t&at primary administrators o$tain trainin# prior to implementation. ,or more information' visit7 ))).symantec.comKproducts(solutionsKtrainin#Kproduct(trainin#Kdetail.;spV p0idWdataXlossXprevention hat documentation is provided with your solution! Symantec DLP s&ips )it& t&e follo)in# documentation7 6onte:t(Sensitive %nline Felp Symantec DLP G($it Server >i#ration = Tunin# uide Symantec DLP Administration uide Symantec DLP Data 9nsi#&t 9mplementation uide Symantec DLP Detection 6ustomi3ation uide Symantec DLP !mail Prevent >TA 9nte#ration uide Symantec DLP !mail ?uarantine 6onnect ,le:Response 9mplementation uide Symantec DLP !ncryption 9nsi#&t 9mplementation uide Symantec DLP 9ncident Reportin# pdate AP9 Developers uide Symantec DLP 9nstallation uide Symantec DLP %racle 9nstallation and p#rade uide Symantec DLP Release otes Symantec DLP Server ,le:Response Platform Developers uide Symantec DLP Solution Pac0s Symantec DLP Squid 9nte#ration uide Symantec DLP Supporta$ility Telemetry uide Symantec DLP System >aintenance uide • • • • • • • • • • • • • • • • •

PA! 55


• • • •

Symantec DLP System Requirements uide Symantec DLP >icrosoft T&reat >ana#ement ate)ay T>/ 9nte#ration uide Symantec DLP p#rade uides Symantec DLP 8&at
hat trainin" is necessary for operatin" your software pac(a"e!

Symantec recommends sendin# your system administrator and incident responders to t&e Symantec DLP Administration 6ourse prior to implementation. T&is )ill prepare your security team to reduce data loss ris0 and ma:imi3e your investment in Symantec DLP from Day 1. T&e five(day' instructor led class is desi#ned to provide you )it& t&e fundamental 0no)led#e to confi#ure and administer t&e Symantec DLP !nforce platform. T&e &ands(on la$s include e:ercises for confi#urin# !nforce server' detection servers' and DLP A#ents as )ell as reportin#' )or0flo)' incident response mana#ement' policy mana#ement and detection' response mana#ement' user and role administration' directory inte#ration' and filterin#. Additionally' you are introduced to deployment $est practices for Symantec DLP. ,or more information' visit7 ))).symantec.comKproducts(solutionsKtrainin#Kproduct(trainin#Kdetail.;spV p0idWdataXlossXprevention +ow is trainin" delivered!

Symantec !ducation Services offers tec&nical trainin# to assist customers in application confi#uration' operation and maintenance of DLP. 6ustomers )ill $enefit from learnin# and ta0in# advanta#e of t&e full functionality of t&e solution. 6ourses are availa$le t&rou#& a ran#e of fle:i$le delivery models includin# classroom' live online – tau#&t $y certified instructors' and self(paced trainin#. 6lasses are sometimes delivered in lan#ua#es ot&er t&an !n#lis&. Please visit your country(specific site to vie) a listin# of classes. o-rse!ame

Delivery

Len(t)

Price

0vaila%ility

DataLossPrevention12.+0dministration

0nstructorled

5 days

<3=*$5 7D

>uly 241$


Virtual class

5 days

<3=*$5 7D

>uly 241$


e))ased

9 &ours

<944 7D

+u#ust 241$

"ree

%ay241$

Data'ossPrevention 12.5Di//erencesOnline ;ec&nical Product ;rainin#

e))ased

,or more information' visit7 ))).symantec.comKproducts(solutionsKtrainin#Kproduct(trainin#Kdetail.;spV p0idWdataXlossXprevention

3 5upport Provide a detailed description of your companyMs support or"ani,ation.

Symantec !nterprise Support Services provides unmatc&ed e:pertise' innovative support tec&nolo#y' and customer advocacy t&rou#& a portfolio of fle:i$le offerin#s desi#ned to optimi3e our customers< 9T infrastructure and mana#e t&eir 9T ris0. Symantec DLP Support Services is staffed $y a dedicated team of Tec&nical Support !n#ineers. T&ey &ave completed ro$ust education and certification to ensure e:pertise in DLP. 9n addition' t&ey &ave e:perience )it& ad;acent tec&nolo#ies includin#7 security' net)or0in#' messa#in#' data$ase administration' active directory inte#ration' application performance' and scriptin#. Do you have defined support levels response times and escalation paths! Please e*plain.

Hes. Symantec offers t&ree support and maintenance options for DLP7 •

%&siness (ritical Services$ Symantecs premium le/el o support eatures industry(leadin response le/els, onsite and remote ser/ices, and a proacti/e sinle point(o(contact or eac# customer, ased on w#ic# @CS oerin is purc#ased-

PA! 5G


•

•

Essential S&pport$ 7ecommended as t#e core oerin across t#e readt# o Symantecs product line, pro/ides )>* access to Symantecs award(winnin team o tec#nical e>perts, as well as patc#es, content and uprade assurance%asic Maintenance$ 8#e lowest price option, includes access to patc#es, content and uprade assurance and access to our tec#nical support e>perts durin reional usiness #ours- @asic Maintenance is recommended or co/erae o non(essential systems only-

,or more information' visit7 ))).symantec.comKsupportKsupportXfundamentals.;sp. Do you provide a 57*< support option!

Hes. Symantec offers t)o options for customers )&o require 2: support7 •

•

%&siness (ritical Services$ Symantecs premium le/el o support eatures industry(leadin response le/els, onsite and remote ser/ices, and a proacti/e sinle point(o(contact or eac# customer, ased on w#ic# @CS oerin is purc#asedEssential S&pport$ 7ecommended as t#e core oerin across t#e readt# o Symantecs product line, pro/ides )>* access to Symantecs award(winnin team o tec#nical e>perts, as well as patc#es, content and uprade assurance-

,or more information' visit7 ))).symantec.comKsupportKsupportXfundamentals.;sp. Do you have web% and phone%based support! Hes. ,or more information' visit7 ))).symantec.comKsupportKsupportXfundamentals.;sp. Do you wor( with any partners! $n what way!

Hes. Symantec en#a#es )it& partners to provide additional security domain e:pertise and $usiness processKremediation support. Symantec DLP
6ustomers can su$mit en&ancement requests at any time t&rou#& a num$er of c&annels7 6ustomer Support' Product >ana#ement and Sales. 9n addition' Symantec &osts customer advisory $oards' tec&nical advisory $oards and user #roups t&rou#&out t&e year for customers to provide feed$ac0 on its product strate#y and roadmap. T&e Symantec Product >ana#ement team documents t&e use cases and requirements of t&e request' and provides a trac0in# num$er for reference. Requests are prioriti3ed $ased on several factors' includin# t&e frequency' severity' ur#ency' and lon#(term strate#ic impact for t&e product. T&e Symantec !n#ineerin# team t&en scopes t&e request and accepts it for t&e ne:t release or defers it for consideration for t&e ne:t release. Symantec Data Loss Prevention is typically released as follo)s7 >a;or releases are released yearly >inor updates are released semi(annually or as needed Patc& updates are released as often as needed !n&ancements must #et si#n(off from Product >ana#ement' !n#ineerin#' and ?uality Assurance $efore $ein# released in t&e product. • • •

+ow do you handle bu" fi*es and new version releases!

T&e ?uality Assurance team revie)s any desi#n or mar0etin# documents t&at descri$e t&e feature' modification' or en&ancement. ?A creates a test plan $ased on information contained in t&is input documentation. T&e test plan specifies t&e items to $e tested' t&e test cases t&at )ill $e created' and t&e criteria for release. T&e test plan is revie)ed $y t&e appropriate personnel and amended as necessary. Typically' t&is revie) process includes personnel from Soft)are Development and Professional Services as )ell as Product >ana#ement. T&e test cases are constructed and e:ecuted. 9n addition to t&e specific tests for t&e modification or en&ancement' re#ression testin# is done to ensure t&at t&e modification or en&ancement &as not caused a defect in previously e:istin# functionality. T&e code is not released until it passes t&e pre(defined release criteria. Dependin# on t&e nature of t&e modification or en&ancement' t&ese criteria may typically include t&res&olds for various items for e:ample' rate of defect arrival and remediation' performance' and percenta#e of code covered in testin#/.

PA! 5


Does your company have a process for bu" remedy! $f so please describe.

Symantec4s Tec&nical Support and !n#ineerin# or#ani3ations )or0 very closely to ensure t&at customer(reported anomalies are detected' verified' and addressed efficiently. All customer(reported issues are addressed t&rou#& Symantec4s Tec&nical Support' )&ic& )ill trou$les&oot and dia#nose t&e issue. 9f Tec&nical Support is una$le to correct t&e issue' it is reported to our Sustainin# !n#ineerin# team )&ic& )ill )or0 )it& Tec&nical Support and t&e customer to furt&er dia#nose t&e issue. T&ere are several potential outcomes to customer(reported anomalies. T&ese outcomes may include7 8or0(around customer(accepta$le alternative solution/ Fotfi: a custom($uilt fi: to address t&e specific issue/ ,i: in a future version )&ere t&e issue )ill $e resolved in a future release/ o action )&ere it is determined t&at no action )ill $e ta0en/ • • • •

Do you measure and report customer satisfaction! Please e*plain.

Hes. Symantec conducts relations&ip surveys )it& a $road cross(section of contacts )it&in our enterprise accounts on a quarterly $asis. 9t provides a full complement of customer satisfaction and loyalty metrics across t&e spectrum of 0ey touc& points )it& t&e customer. 9t also measures overall satisfaction )it& our company as )ell as )it& specific products' includin# DLP. Reportin# das&$oards are pu$lis&ed and revie)ed at &i#&est levels of t&e or#ani3ation )it& quarterly trends trac0ed. 9n addition' Symantec Account >ana#ers are in re#ular contact )it& customers to ensure t&at issues are resolved in a timely manner' and t&at t&ey are &appy )it& t&e products and services provided $y Symantec. Provide a list of the recommended tool set and best practices needed for support includin" but not limited to ac(ups Service 2ssurance and #onitorin" 2pplication Performance #onitorin" Database bac(ups and recovery.

Supporta$ility tools may include t&e follo)in#7 •

Data$ase Bac0(ups7 %racle !nterprise mana#er' )&ic& s&ips )it& %racle' is typically used for data$ase $ac0(up mana#ement and administration.

•

Application >onitorin#7 T&ere are many application monitorin# tools t&at are #enerally availa$le. >ost application tools can $e confi#ured to monitor Symantec DLP.

•

%t&er Tools7 te:t editor' 8ires&ar0 !t&ereal/

4 p"rades Describe your process for performin" system up"rades.

Availa$ility of ne) updates is communicated to customers via t&e Symantec DLP Support #roup. pdates are delivered via a secure ,TP c&annel on t&e Symantec DLP Support )e$site. After updates are received' Symantec DLP !nforce Platform can automatically apply t&e updates to t&e Symantec DLP servers via a $uilt(in updater and administrative function. Symantec
Symantec DLP !nforce Platform can automatically apply updates to all Symantec DLP servers simultaneously via a $uilt(in updater. T&is approac& saves valua$le time )&en updatesKc&an#es need to $e pus&ed out to remote monitorin# points across t&e corporate net)or0. Describe the support your company provides durin" a software up"rade. /*amples are onsite on%call remote dial%in none and other.

Symantec 6onsultin# Services team provides onsite' on(call' andKor remote P support durin# a soft)are up#rade. ,or more information' visit7 ))).symantec.comKit(consultin#(services 2re previous versions supported after a new release! Please describe.

Hes. Symantec provides standard support for t&e current ma;or version of Symantec DLP soft)are' as )ell as t&e previous ma;or

PA! 5+


version for a period of "- mont&s follo)in# t&e initial release of t&e current ma;or version. Standard support includes $u# fi:es' minor releases and content updates as needed' etc./ !:ample7 Symantec DLP 12 )as released on C une "' 2-1". Symantec DLP 11 )ill $e supported until Decem$er "' 2-15. Symantec provides partial support for seven years after t&e ori#inal release date. Partial support includes ans)erin# tec&nical questions./ Symantec stron#ly recommends t&at customers adopt t&e latest released version of any ma;or release as certain patc&es may only $e availa$le a#ainst t&e latest released versions. ,or more information a$out our enterprise tec&nical support lifecycle' visit7 ))).symantec.comK$usinessKsupportKsupportXpolicies.;sp Describe the type of test environment recommended for testin" new fi*es@up"rades.

Symantec recommends t&at customers $uild a test environment representative of &o) t&e products )ill $e deployed in production. 6ustomers s&ould &ave a sufficient num$er of servers in t&eir test environment to test all Symantec DLP products simultaneously. 9f t&e customer4s production data$ase is deployed in t&ree(tier mode' t&en it is recommended t&at customers confi#ure t&eir test environment t&e same )ay.

PA! 5*

Dlp 12.5 Rfp Responses Final

Recommend Documents