The document provides the structure and content for a general technical proposal based Symantec Data Loss Prevention. Please ensure that if being used, the latest information is provided.
This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.
Presentation talks about introduction to MITRE ATT&CK Framework, different use cases, pitfalls to take care about.. Talk was delivered @Null Bangalore and @OWASP Bangalore chapter on 15th February 2019.
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
The Cyber Defense Matrix enables organizations to define clear categories for the range of products and services that are available in the marketplace to solve our various infosec problems. This model removes confusion around the security technologies that we buy and helps organizations align their vendors to have the right suite of capabilities to execute their information security mission.
See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded
See the 2022 version at: http://bit.ly/cyberdefensematrixrevolutions
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.
Presentation talks about introduction to MITRE ATT&CK Framework, different use cases, pitfalls to take care about.. Talk was delivered @Null Bangalore and @OWASP Bangalore chapter on 15th February 2019.
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
The Cyber Defense Matrix enables organizations to define clear categories for the range of products and services that are available in the marketplace to solve our various infosec problems. This model removes confusion around the security technologies that we buy and helps organizations align their vendors to have the right suite of capabilities to execute their information security mission.
See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded
See the 2022 version at: http://bit.ly/cyberdefensematrixrevolutions
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Raffael Marty
Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
For every organization, effective cybersecurity is reliant on a careful deployment of technology, processes and people. The Global Knowledge cybersecurity perspective features a three-tiered organizational matrix, ranging from foundational to expert skills, coupled with eight functional specializations that encompass the features of a successful cybersecurity organization.
Cybersecurity isn’t a one-person job—it’s dependent on several different factors within an organization. This webinar will show you how to build a strong cyber defense by focusing on:
• The characteristics of winning cybersecurity teams
• The Crown – Organizational map and career progression
• The Castle – The eight functional specializations
• Architecture and data policy
• Data loss prevention
• Governance, risk and compliance
• Identity and access management
• Incident response and forensic analysis
• Penetration testing
• Secure DevOps
• Secure software development
• Building a winning cybersecurity organization
Data Leakage is an important concern for the business organizations in this increasingly networked world these days. Unauthorized disclosure may have serious consequences for an organization in both long term and short term. Risks include losing clients and stakeholder confidence, tarnishing of brand image, landing in unwanted lawsuits, and overall losing goodwill and market share in the industry.
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
From ATT&CKcon 3.0
By Jared Stroud, Lacework
Adversaries target common cloud misconfigurations in container-focused workflows for initial access. Whether this is Docker or Kubernetes environments, Lacework Labs has identified adversaries attempting to deploy malicious container images (T1610) , mine Cryptocurrency (T1496), and deploy C2 agents. Defenders new to the container space may be unaware of the built-in capabilities popular container runtime engines have that can help defend against rogue containers being deployed into their environment. Attendees will walk away with an understanding of what these attack patterns look like based on honeypot data Lacework has gathered over the past year, as well as techniques on how to defend their own container focused workloads.
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
We are rapidly approaching the next era of security where we need to be focused on the ability to recover from irrecoverable attacks. This can also be defined as resiliency. The traditional view of resiliency attempts to quickly restore assets that support services that we care about. This new approach/paradigm looks at resilience in ways that promote design patterns (distributed, immutable, ephemeral) where we do not care about a given asset at all while still keeping the overall service functioning. This new approach allows us to avoid having to deal with security at all.
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
From ATT&CKcon 3.0
By Jason Wood and Justin Swisher, CrowdStrike
When it comes to understanding and tracking intrusion tradecraft, security teams must have the tools and processes that allow the mapping of hands-on adversary tradecraft. Doing this enables your team to both understand the adversaries and attacks you currently see and observe how these adversaries and attacks evolve over time. This session will explore how a threat hunting team uses MITRE ATT&CK to understand and categorize adversary activity. The team will demonstrate how threat hunters map ATT&CK TTPs by showcasing a recent interactive intrusion against a Linux endpoint and how the framework allowed for granular tracking of tradecraft and enhanced security operations. They will also take a look into the changes in the Linux activity they have observed over time, using the ATT&CK navigator to compare and contrast technique usage. This session will provide insights into how we use MITRE ATT&CK as a powerful resource to track intrusion tradecraft, identify adversary trends, and prepare for attacks of the future.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Data Loss Prevention - Introduction
- Symantec Data Loss Prevention - Components
- Symantec Data Loss Prevention - Features & Use Cases
- Symantec Data Loss Prevention - System Requirements
- Symantec Data Loss Prevention - Appendix (extra information)
This provides a brief overview of Symantec Data Loss Prevention (DLP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
Symantec Data Loss Prevention. Las tendencias mundiales nos muestran que el mayor porcentaje de perdida y robo de datos responde a la falta de visibilidad y el error en el manejo de los mismos. Conozca como prevenirse.
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Raffael Marty
Extended Detection and Response, or XDR for short, is one of the acronyms that are increasingly used by cybersecurity vendors to explain their approach to solving the cyber security problem. We have been spending trillions of dollars on approaches to secure our systems and data, with what success? Cybersecurity is still one of the biggest and most challenging areas that companies, small and large, are dealing with. XDR is another approach driven by security vendors to solve this problem. The challenge is that every vendor defines XDR slightly differently and makes it fit their own “challenge du jour” for marketing and selling their products.
In this presentation we will demystify the XDR acronym and put a working model behind it. Together, we will explore why XDR is a fabulous concept, but also discover that it’s nothing revolutionarily new. With an MSP lens, we will explore what the XDR benefits are for small and medium businesses and what it means to the security strategy of both MSPs and their clients. The audience will leave with a clear understanding of what XDR is, how the technology matters to them, and how XDR will ultimately help them secure their customers and enable trusted commerce.
For every organization, effective cybersecurity is reliant on a careful deployment of technology, processes and people. The Global Knowledge cybersecurity perspective features a three-tiered organizational matrix, ranging from foundational to expert skills, coupled with eight functional specializations that encompass the features of a successful cybersecurity organization.
Cybersecurity isn’t a one-person job—it’s dependent on several different factors within an organization. This webinar will show you how to build a strong cyber defense by focusing on:
• The characteristics of winning cybersecurity teams
• The Crown – Organizational map and career progression
• The Castle – The eight functional specializations
• Architecture and data policy
• Data loss prevention
• Governance, risk and compliance
• Identity and access management
• Incident response and forensic analysis
• Penetration testing
• Secure DevOps
• Secure software development
• Building a winning cybersecurity organization
Data Leakage is an important concern for the business organizations in this increasingly networked world these days. Unauthorized disclosure may have serious consequences for an organization in both long term and short term. Risks include losing clients and stakeholder confidence, tarnishing of brand image, landing in unwanted lawsuits, and overall losing goodwill and market share in the industry.
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
From ATT&CKcon 3.0
By Jared Stroud, Lacework
Adversaries target common cloud misconfigurations in container-focused workflows for initial access. Whether this is Docker or Kubernetes environments, Lacework Labs has identified adversaries attempting to deploy malicious container images (T1610) , mine Cryptocurrency (T1496), and deploy C2 agents. Defenders new to the container space may be unaware of the built-in capabilities popular container runtime engines have that can help defend against rogue containers being deployed into their environment. Attendees will walk away with an understanding of what these attack patterns look like based on honeypot data Lacework has gathered over the past year, as well as techniques on how to defend their own container focused workloads.
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
We are rapidly approaching the next era of security where we need to be focused on the ability to recover from irrecoverable attacks. This can also be defined as resiliency. The traditional view of resiliency attempts to quickly restore assets that support services that we care about. This new approach/paradigm looks at resilience in ways that promote design patterns (distributed, immutable, ephemeral) where we do not care about a given asset at all while still keeping the overall service functioning. This new approach allows us to avoid having to deal with security at all.
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
From ATT&CKcon 3.0
By Jason Wood and Justin Swisher, CrowdStrike
When it comes to understanding and tracking intrusion tradecraft, security teams must have the tools and processes that allow the mapping of hands-on adversary tradecraft. Doing this enables your team to both understand the adversaries and attacks you currently see and observe how these adversaries and attacks evolve over time. This session will explore how a threat hunting team uses MITRE ATT&CK to understand and categorize adversary activity. The team will demonstrate how threat hunters map ATT&CK TTPs by showcasing a recent interactive intrusion against a Linux endpoint and how the framework allowed for granular tracking of tradecraft and enhanced security operations. They will also take a look into the changes in the Linux activity they have observed over time, using the ATT&CK navigator to compare and contrast technique usage. This session will provide insights into how we use MITRE ATT&CK as a powerful resource to track intrusion tradecraft, identify adversary trends, and prepare for attacks of the future.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Security Operations Center (SOC) Essentials for the SMEAlienVault
Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps?
Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering:
*Developments in the threat landscape driving a shift from preventative to detective controls
*Essential security controls needed to defend against modern threats
*Fundamentals for evaluating a security approach that will work for you, not against you
*How a unified approach to security visibility can help you get from install to insight more quickly
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Data Loss Prevention - Introduction
- Symantec Data Loss Prevention - Components
- Symantec Data Loss Prevention - Features & Use Cases
- Symantec Data Loss Prevention - System Requirements
- Symantec Data Loss Prevention - Appendix (extra information)
This provides a brief overview of Symantec Data Loss Prevention (DLP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
Symantec Data Loss Prevention. Las tendencias mundiales nos muestran que el mayor porcentaje de perdida y robo de datos responde a la falta de visibilidad y el error en el manejo de los mismos. Conozca como prevenirse.
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
Not too long ago, many security experts believed that the best way to defend data was to apply the strongest possible technological protections to all of the data, all of the time. While that plan may work perfectly in theory, in the real world of business this model creates unacceptable costs, performance and availability problems.
What works from both IT and management standpoints? Risk-adjusted data security. Protecting data according to risk enables organizations to determine their most significant security exposures, target their budgets towards addressing the most critical issues, strengthen their security and compliance profile, and achieve the right balance between business needs and security demands.
Other issues that risk-adjusted security addresses are the unnecessary expenses, availability problems and system performance lags that result when data is over-protected. And cloud-based technologies, mobile devices and the distributed enterprise require a risk-mitigation approach to security, focused on securing mission critical data, rather than the now-unachievable ‘protect all the data at all costs’ model of years past.
Here’s how to develop and deploy a risk-adjusted data protection plan
Extending Information Security to Non-Production EnvironmentsLindaWatson19
This paper discusses the threats that non-production environments pose to database security and provides practical advice and multiple options for ensuring data assets remain secure against unauthorized access.
Symantec's London vision 2014 event more details emerge on the company splitLluis Altes
IDC attended Symantec's Vision 2014 symposium which took place in London on October 21–22. During the event, a team of Symantec's top executives discussed the rationale behind the decision to separate Symantec into two public companies — one company grouping Symantec's security business and the other focused on information management. The executives also presented the company's strategy going forward in terms of product and services updates in the unified security solutions and unified information management areas. Symantec devoted the second day of the event to discuss with partners market trends and opportunities and how the company split should bring benefits to the company and its partners.
The decision to separate Symantec into two independent public companies was announced on October 9 and is expected to be completed by the end of December 2015. Last year, Symantec's global revenues stood at $6.7 billion; after the split the new security focused Symantec is estimated to be a $4.2 billion business accounting for approximately 62% of Symantec's current total business, with the new information management company expected to account for the remaining $2.5 billion in revenue.
In this exclusive Security Leadership Series eBook, Citrix chief information security officer Stan Black and chief security strategist Kurt Roemer share best practices for leading meaningful security discussions with the board of directors; engaging end users to protect business information; and meeting security-related compliance requirements.
Data Center Security: Achieving Prevention & the Targeted Prevention Policy's...Symantec
This whitepaper discusses a suggested process to achieve the deployment of host-based intrusion prevention (HIPS) policies in any organization and how the Symantec Data Center Security: Server Advanced Targeted Prevention policy can play a major role in helping the organization gain confidence in Symantec’s intrusion prevention technology.
Challenges & Opportunities the Data Privacy Act BringsRobert 'Bob' Reyes
My slide deck used in People Management Association of the Philippines' (PMAP) Data Privacy Act Forum held last 18 SEP 2017 at Ace Hotel & Suites, Pasig City.
From Target to Equifax, we're learning just how expensive data breaches can be. And the cost isn't just financial - it's a hit to reputation as well. Learn how to avoid putting your organization at risk by identifying the three pitfalls of data security...and how to navigate around them.
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
Big data for cybersecurity - skilledfield slides - 25032021Mouaz Alnouri
Now more than ever, the landscape of cybersecurity is getting broader. Both small and large organizations are adopting Big Data technologies to enhance their security detection capabilities.
These slides are from a webinar conducted by Skilledfield, you will learn:
- Why Cybersecurity is a Big Data use case
- How we address Cybersecurity as Big Data Professionals
- How we keep up with the emerging cyber threats
- Benefits of Big Data Technologies for Cybersecurity
It is shocking to note that about 3.5 billion people saw their
personal data stolen in the top two of the 15 biggest breaches
of this century alone. With the average cost of a data breach
exceeding $8 million, it is no wonder that safeguarding
confidential business and customer information has become
more important than ever. Furthermore, with stricter laws and governance requirements, data security is now everyone’s
responsibility across the entire enterprise.
However, that is easier said than done, and for that reason, an
an increasing number of organizations are relying heavily on data masking to proactively protect their data, avoid the cost of security breaches, and ensure compliance.
Similar to Symantec Data Loss Prevention - Technical Proposal (General) (20)
This document is a sample report on the POC (proof of concept) document of MVISION Cloud (MVC), McAfee's Cloud Access Security Broker (CASB) solution - formerly Skyhigh Networks. It includes the following:
- MVISION Cloud (MVC) Overview
- MVISION Cloud (MVC) Architecture
- MVISION Cloud (MVC) for Shadow IT
-- Observations and Recommendations
- MVISION Cloud (MVC) for Sanctioned SaaS
-- Observations and Recommendations
- MVISION Cloud (MVC) for Sanctioned IaaS
-- Observations and Recommendations
- End User Experience
- Administrator Experience
Goes well with the MVC POC document uploaded.
Please note all the information is based prior to July 2019.
This document is a sample POC (proof of concept) document on MVISION Cloud (MVC), McAfee's Cloud Access Security Broker (CASB) solution - formerly Skyhigh Networks. It includes the following:
- MVISION Cloud (MVC) Overview
- MVISION Cloud (MVC) Architecture
- MVISION Cloud (MVC) System Requirements
- MVISION Cloud (MVC) for Shadow IT
- MVISION Cloud (MVC) for Microsoft Office 365
- MVISION Cloud (MVC) for Google G Suite
- MVISION Cloud (MVC) for BOX
- MVISION Cloud (MVC) for Amazon Web Service (AWS)
- MVISION Cloud (MVC) for Microsoft Azure
- Customer and Consultant Responsibilities
- POC Objectives and Tasks
Goes well with the MVC POC report uploaded.
Please note all the information is based prior to July 2019.
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookIftikhar Ali Iqbal
The idea behind the techbook is to provide a guide for running and operating the solution, either in a lab, POC or pilot production environment.
Topic: McAfee Application Control (MAC)
- Deployment Workflow
- Prerequisites
- Deployment steps
- Configuration
- Policies
- Testing / User Acceptance Testing (UAT)
- Events
- Reports and Dashboards
Please note all the information is based prior to Feb 2018.
McAfee - McAfee Application Control (MAC) - Whitelisting - ProposalIftikhar Ali Iqbal
The proposal provides the following:
- Executive Summary
- Solution Overview
- High-Level Architecture
- Solution Components
- McAfee Customer Success Group
- System Requirements
- Solution Offering
Please note all the information is based prior to June 2019.
McAfee - McAfee Application Control (MAC) - WhitelistingIftikhar Ali Iqbal
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- Whitelisting Strategy - Gartner
- McAfee Endpoint Protection
- McAfee Application Control (MAC) Overview
- McAfee Application Control (MAC) Modes
- McAfee Application Control (MAC) Features
- McAfee Application Control (MAC) Trust Model
- McAfee Application Control (MAC) Architecture
- McAfee Application Control (MAC) Licenses & Packaging
Please note all the information is based prior to Aug 2019.
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)Iftikhar Ali Iqbal
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- McAfee Portfolio Overview
- Endpoint Security Challenges
- McAfee Endpoint Protection Platform
- McAfee Active Response Overview
- McAfee Active Response Features
- McAfee Active Response Architecture
- McAfee Active Response Workflow
- McAfee Active Response Licenses & Packaging
Please note all the information is based prior to Aug 2019.
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- Device Security, Network Security, Cloud Security
- Open Architecture
- Industry Analyst
- Services
- MVISION
- Unified Cloud Edge (UCE)
Please note all the information is based prior to Feb 2020.
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Validation & ID Protection - Introduction
- Symantec Validation & ID Protection - Components
- Symantec Validation & ID Protection - Architecture
- Symantec Validation & ID Protection - Use Cases
- Symantec Validation & ID Protection - Licensing & Packaging
- Symantec Validation & ID Protection - Appendix (extra information)
This provides a brief overview of Symantec Validation & ID Protection (VIP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec IT Management Suite - Introduction
- Symantec IT Management Suite - Features
- Symantec IT Management Suite - Architecture & Design
- Symantec IT Management Suite - System Requirements
- Symantec IT Management Suite - Use Cases
- Symantec IT Management Suite - Licensing & Packaging
This provides a brief overview of Symantec - Symantec IT Management Suite (ITMS). Please note all the information is based prior to February 2016 and the full integration of Blue Coat Systems's set of solutions.
Technology Overview - Symantec Endpoint Protection (SEP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Endpoint Protection - Introduction
- Symantec Endpoint Protection - Features
- Symantec Endpoint Protection - Architecture & Design
- Symantec Endpoint Protection - System Requirements
- Symantec Endpoint Protection - Licensing & Packaging
This provides a brief overview of Symantec Endpoint Protection (SEP). Please note all the information is based prior to February 2016 and the full integration of Blue Coat Systems's set of solutions.
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
The document is to be used as a POC template for the Drive Encryption part in Symantec Endpoint Encryption Powered by PGP. Please make sure that the latest information and platform support is used.
Symantec Messaging Gateway - Technical Proposal (General)Iftikhar Ali Iqbal
The document provides the structure and content for a general technical proposal based Symantec Messaging Gateway. Please ensure that if being used, the latest information is provided.
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Iftikhar Ali Iqbal
Provides a brief comparison between endpoint protection solutions provided by Symantec and Sophos based on threat intelligence network, third-party reports, key differentiators and removal information.
The presentation provides the following:
- Symantec Corporate Overview
- Threat Landscape based on Symantec ISTR
- Threat Landscape of Middle East based on news/blogs
- Solution Portfolio with Sales Play
- Competitive Vendors and Analyst Relations
- Behind The Scenes of Symantec
- Roadmap and Area of Focus technologies
This has been made for those who would like to understand the Symantec portfolio. Please note all the information is based prior to January 2017 and the full integration of Blue Coat Systems's set of solutions.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Symantec Data Loss Prevention - Technical Proposal (General)
1. Symantec Data Loss Prevention
TECHNICAL PROPOSAL
Iftikhar Ali Iqbal
https://www.linkedin.com/in/iftikhariqbal/
2. Tableof Contents
Executive Summary...................................................................................................................3
Solution Overview.....................................................................................................................5
Common Use Cases...................................................................................................................5
Components.............................................................................................................................6
Symantec Data Loss Prevention Enforce Platform....................................................................6
Symantec Data Loss Prevention forNetwork........................................................................... 6
Symantec Data Loss Prevention for Endpoint........................................................................... 6
Symantec Data Loss Prevention for Storage............................................................................. 6
Symantec Data Loss Prevention for Cloud................................................................................ 6
Symantec Data Loss Prevention for Mobile.............................................................................. 7
Symantec Data Loss Prevention IT Analytics ............................................................................ 7
High-Level Architecture.............................................................................................................8
Content Detection Technologies ............................................................................................12
Detection Technology Overview.............................................................................................. 12
Exact Data Matching............................................................................................................ 12
Indexed Document Matching................................................................................................ 12
Described Content Matching................................................................................................ 12
Vector Machine Learning...................................................................................................... 13
Form Recognition ................................................................................................................ 14
Remediation and Reporting....................................................................................................15
Operations and Maturity ........................................................................................................17
System Requirements and Recommendations......................................................................19
Deployment Planning Considerations...................................................................................... 19
Minimum Hardware Requirements (Sample)........................................................................... 20
Single-Tier Deploymentfor Small/Medium Size Organization ................................................. 20
Multi-Tier Deployment for Small/Medium Size Organization.................................................. 20
Software Requirements .......................................................................................................... 21
Enforce and Detection Servers.............................................................................................. 21
Symantec DLP Agent............................................................................................................ 21
Oracle Database Requirements............................................................................................... 22
Virtual Server Support ............................................................................................................ 23
Available Suites and Bundles..................................................................................................24
3. Executive Summary
Symantec are committed to deliveringthe technology and expertise required by ‘XXX’ to protect sensitivedata
stored throughout the network, thereby reducing the risk of data loss to ensure confidence, demonstrate
complianceand maintain competitiveadvantage.Weare grateful for the opportunity to build a partnership with
‘XXX’ based on this current requirement.
‘XXX’, like many significant companies are challenged to determine where their most sensitive information is
stored, how it is being used, who has access to it and how to prevent it from being lost or compromised. To
address the risk of data loss, ‘XXX’ are planning to adopt a comprehensive solution that enables to locate,
monitor and prevent confidential data from being copied or sent outside the company, with automatically
enforced data protection policies.
Consideringthe nature of the ‘XXX’ workforce, network and partners, it’s not surprisingto find data protection
a challenge.With the increaseof data mobility and access,itisimportantthatwe support‘XXX’in understanding
the associated risks.Together we can ensure that security policies required to obtain and retain data protection
are not only implemented but are followed and managed.
Provided within this response are the following:
Management summary of how Symantec DLP covers key requirements.
Management summary of our Implementation Methodology.
Management summary of our key detection technologies.
Solution options, detailing the schedule of licenses and annual maintenance/support costs.
It is our proposal that Symantec DLP will help ‘XXX’ to understand:
The location of sensitive information that is exposed in open file shares and desktops
Quantity and type of confidential and sensitive information that is exiting the network
Who is transmitting confidential and sensitive information outside the organization
How much confidential and sensitivedata is copied to USB drives and other removablemedia, and who
is responsible
The network protocols that carry the most violations
The business processes that need to be have risk reduced
The regulations and internal policies that are being violated
Developed since2001,Symantec DLP is the market leadingtechnology providingdata lossprevention solutions.
By building upon Symantec’s long history of innovation and strength in enterprise security solutions, we are
uniquely positioned to help ‘XXX’answer today’s importantquestions - where confidential information isstored,
how it is being used, and how best to prevent its loss?
Symantec Data Loss Prevention delivers a proven solution to discover, monitor and protect confidential data
wherever it is stored or used. It enables enterprises to measurably reduce their risk of a data breach,
demonstrate regulatory compliance, and safeguard customer privacy, brand equity and intellectual property.
Additionally,with the integration of Veritas Data InsightData Insight,Symantec is the only data loss prevention
solution to deliver an integrated data owner and remediation capability. Unstructured data on shared file
systems is a large source of critical business information, and over-exposed content presents a significant risk
for data breaches. The technology monitors who has accessed or modified individual files, and can notify
information security teams and data owners that data has been exposed.
4. The 2016 Gartner Magic Quadrant for Content-Aware Data
Loss Prevention report makes Symantec the only 9-time
leader in this quadrant. Data Loss Prevention is the market
leader with a track record of successful customer
deployments at the largest global companies and public
organizations, including over half of the FORTUNE 100.
The Forrester Wave: Data Loss Prevention Suites, Q4 2106
report marks Symantec as a Leader with the highestscores in
Current Offering, Strategy and Market Presence.
Furthermore, the report states that Symantec provides a
comprehensive DLP suite with robust capabilities for
intellectual property protection, information management,
incidentmanagement, and encryption support. It also offers
a rich set of capabilities to help firms meet privacy
requirements. Symantec has the most staffingand resources
dedicated to DLP compared with other vendors evaluated in
this Forrester Wave. Symantec continues to innovate in this
space and has strong brand recognition in the DLP market.
Symantec was also marked Leaders in the Forrester
Wave™: Cloud Security Gateways, Q4 2016, this report
not only covers threat detection, fraudulent activities in
cloud but also the detect, monitor and protect against
leaks of confidential information in cloud platforms.Blue
Coat/Symantec was give the highest score on Current
Offerings and Strategy.
5. Solution Overview
Symantec Data Loss Prevention delivers a unified solution to discover, monitor, and protect confidential
data wherever it is stored or used. It is built on a structured, risk-based approach to develop, tune, and
expand policies and protection, effectively remediate violations, monitor metrics to demonstrate
decreased data loss risk, and consistently make employees aware of the company’s information security
policies and their role in safeguarding confidential data. It requires a firm foundation of security
governance to guide the program and ensure these elements are working effectively together.
The following summarizes all Symantec Data Loss Prevention components:
Common Use Cases
The below table shows which product or module is appropriate for protecting the storage or movement of
sensitive data in various scenarios.
Use Case Symantec Data Loss Prevention Module
Information stored in on-premises and cloud
collaboration platforms, shared servers, and data
repositories
Network Discover, Cloud Storage Discover, Network
Protect (Data Loss Prevention for Storage), Veritas
Data Insight
Information exiting the network by cloud email Cloud Prevent for Email and Cloud Service for Email
Information exiting the network by email, web mail,
or other Internet protocols
Network Monitor, Network Prevent for Email, and
Network Prevent for Web (Data Loss Prevention for
Network)
Information exiting mobile devices by corporate
email, web mail, web posts, or mobile applications
Symantec Data Loss Prevention for Mobile
Information exiting endpoints to cloud storage
applications; by USB, CD/DVD, network protocols,
and popular email applications; from the Clipboard;
to and from network shares;stored on Windows and
Mac endpoints; and all while on or off the corporate
network
Endpoint Discover and Symantec Data Loss
Prevention Endpoint Prevent (Data Loss Prevention
for Endpoint)
Advanced reporting capabilities Symantec Data Loss Prevention IT Analytics
6. Components
Symantec Data Loss Prevention Enforce Platform
The Enforce Platform is the central web-based management console and incident repository that is included
with Symantec Data Loss Prevention. It is where you define, deploy and enforce data loss policies, respond to
incidents, analyze and report policy violations, and performs system administration
Symantec Data Loss Prevention for Network
Network Monitor inspects all ‘XXX’ network communications for sensitive data.
Network Prevent for Email redirects, quarantines, or stops outbound messages containing sensitive data.
Network Prevent for Web stops or removes sensitive data from outbound Web communications.
Symantec Data Loss Prevention for Endpoint
Endpoint Discover scans for sensitivedata stored on laptops and desktops to inventory, secure, or relocate
the data. It monitors and blocks confidential data from being transferred, sent, copied, or printed by ‘XXX’
desktop or laptop users.
Endpoint Prevent monitors and blocks confidential data frombeing transferred, sent, copied, or printed by
desktop or laptop users.
Symantec Data Loss Prevention for Storage
Network Discover identifies sensitivedata exposed on ‘XXX’ fileservers, collaboration platforms,websites,
desktops, laptops, and other data repositories.
Network Protect remediates exposure of sensitive data.
Typically residingin the data center, Data Insightcollects information on top fileusers as well as complete
fileaccess history to help determine who owns the data.Italso provides visualization of accesspermissions.
Data Insight integrates with Network Discover to display data owner and access details in Symantec DLP
storage incidentsnapshots. Symantec resells Data InsightfromVeritas for the usewith Symantec Data Loss
Prevention only.
Symantec Data Loss Prevention for Cloud
DLP Cloud Service for Email combines our industry-leadingDLP and email security into a single,convenient
cloud-based service hosted by Symantec. It catches more sensitive data before it leaves your cloud email
services such as Microsoft Office 365 and Gmail for Business with real -time monitoring that leverages
advanced and accurate content-aware detection; it also stops malware, spam, and malicious links from
getting into users’ inboxes with Symantec Skeptic heuristic technology and Real -Time Link Following.
DLP Cloud Prevent for Office365 provides accurate,real-timemonitoringand prevention of data in motion,
and seamless integration with Symantec Email Security.cloud to ensure mail delivery. It also gives you the
flexibility to deploy in a public cloud environment such as Rackspace or Microsoft Azure.
DLP for Cloud Storage provides powerful content discovery capabilities so you can easily scan Box Business
and Enterprise accounts and understand what sensitivedata is being stored, how it’s being used, and with
whom it’s being shared. Cloud Storage even engages users to self-remediate policy violations by placing
visual tags on Box files and enablingincidentremediation froman intuitiveonlineportal, the Symantec DLP
Self-Service Portal.
7. Symantec Data Loss Prevention for Mobile
Mobile Email Monitor detects confidential email downloaded by ‘XXX’ users to iPads, iPhones, and now
Android devices over the Microsoft Exchange ActiveSync protocol.
MobilePrevent monitors and protects outbound network communications sentfrom the nativemail client,
browser and other apps (e.g., Dropbox, Facebook) on iPads and iPhones
Symantec Data Loss Prevention IT Analytics
Symantec Data Loss Prevention IT Analytics isan advanced reportingand analytics module.On a scheduled basis,
it extracts the data contained within the Symantec Data Loss Prevention database(s) into summarized tables
that span mostof the Symantec Data Loss Prevention functions such as auditinformation,incident remediation,
agent health,Discover scans,policy changes,and so on.Italso provides an easy to use,pivot-tablelikeinterface
to create ad-hoc, multi-dimensional, graphical or tabular reports, scorecards, and dashboards. In addition, it
provides features to analyze the data, such as data drill-downs, filtering, and custom formulas.
8. High-Level Architecture
The following illustrates the physical architecture of Symantec Data Loss Prevention, including where in the
network the various products reside.The Network products residein the DMZ, the Endpoint productcan reside
in the DMZ or within the corporateLAN, whilethe other products residewithin thecorporateLAN or data center.
All products are server-based except for the Endpoint products; these use both a server component (Data Loss
Prevention Endpoint Server) and a DLP Agent (Data Loss Prevention Endpoint Agents).
Alongwiththe environmentcomponentsrequired,acondensedversionof the architecturebe below.
9. The Enforce Server is the central management platform which will be used to define,deploy,and
enforce datalosspreventionandsecuritypolicies.The Enforce Serveradministrationconsole provides
a centralized, Web-based interface for deploying detection servers, authoring policies, remediating
incidents, and managing the system.
The NetworkMonitorwill capture andanalyzestrafficonyournetwork thoroughthe SPAN/TAPport,
detectingconfidential data,andsignificanttrafficmetadataoverprotocolsyouspecify.Forexample,
SMTP, FTP, HTTP, and variousIM protocols.Youcan configure a NetworkMonitorServerto monitor
custom protocols and to use a variety of filters (per protocol) to filter out low-risk traffic.
The NetworkPreventforWebServerintegrateswithanHTTP, HTTPS, or FTP proxyserverusingICAP
for in-line active Web request management. If it detects confidential data in Web content, it causes
the proxy to reject requests or remove HTML content as specified in your policies.
The NetworkPreventforEmail monitorsand analyzesoutboundemail trafficin-line and(optionally)
blocks,redirects,ormodifiesemail messagesasspecifiedin yourpolicies.NetworkPreventforEmail
integrates with industry-standard mail transfer agents (MTAs) and hosted email services to let you
monitor and stop data loss incidents over SMTP. Policies that are deployedon the Network Prevent
for Email Server direct the Prevent-integrated MTA or hosted email server. The Prevent-integrated
mail server blocks, reroutes, and alters email messages based on specific content or other message
attributes.
Endpoint Prevent and Endpoint Discover both apply Data Loss Prevention policies to protect your
sensitiveorat-riskdata.Sensitiveorat-riskdatacanincludecreditcardnumbersornames,addresses,
and identification numbers. You can configure both products to recognize and protect the files that
containsensitive data.EndpointPreventstopssensitive datafrommovingoff endpointsandEndpoint
Discover examines the local fixed drives of an endpoint and locates every file that contains the
information that matches a policy.
10. The NetworkDiscover/CloudStorage Discoverlocatesexposedconfidential databyscanninga broad
range of enterprise datarepositories.These datarepositoriesinclude Box cloudstorage,file servers,
databases,MicrosoftSharePoint,IBM(Lotus) Notes,Documentum, Livelink,MicrosoftExchange,Web
servers, and other data repositories. Symantec Data Loss Prevention Network Protect reduces your
risk by removing exposed confidential data, intellectual property, and classified information from
open file shares on network servers or desktop computers.
Additionally, with Veritas Data Insight (separate solution offered by Veritas), users can monitor file
access to automatically identify the data user of a file based on the access history. The usage
informationthen automaticallyentersintothe incidentdetailof filesthatviolate SymantecDataLoss
Prevention policies. This method enables users to identify sensitive data along with the responsible
users to enable more efficient remediation and data management.
The Mobile Email Monitor monitors corporate email that are sent through Microsoft Exchange
ActiveSync and downloaded to the native email client on supported mobile devices.
The Mobile Prevent monitors email, Web, and application communications from mobile devicesto
prevent sensitive informationfrom leaving your organization. After the connectionto the corporate
networkisestablished,all networktrafficissenttothe Mobile PreventforWebServerforanalysis.In
thisway,youcanprotectyourorganization'ssensitive informationwhile allowingmobile deviceusers
to access sites and apps such as Facebook, Dropbox, and Twitter.
To provide data loss prevention for Microsoft Office 365, with Symantec there two methodologies
available:
SymantecCloudPreventforOffice 365 monitorsand analyzesoutboundemail trafficin-line andcan
block, redirect, or modify email messages as specified in your policies. Cloud Prevent for Email
integrateswithyourData Loss PreventionEnforce Serveradministrationconsole andwithSymantec
Email Security.cloud and Microsoft Office 365 Exchange. You manage the Cloud Prevent for Email
Servers that are installed in a public cloud, such as Rackspace, Microsoft Azure, or Amazon Web
Services. Symantec Email Security.Cloud is only used as an MTA for final delivery of the emails.
12. Content Detection Technologies
To prevent data loss,itisnecessary to accurately detectall types of confidential datawherever the data is stored,
copied, or transmitted. Without accurate detection, data security systems generate numerous false positives
(messages or files identified as violations that are not actually violations), as well as false negatives (messages
or files not identified as policy violations that are violations). False positives create high costs in time and
resources required to further investigate and resolve apparent incidents. False negatives obscure gaps in
security by allowing data loss and the potential for financial losses, legal exposure, and damage to the
organization’s reputation.
Detection Technology Overview
To ensure the highest accuracy, Symantec Data Loss Prevention employs five main types of detection
technologies:
Exact Data Matching (EDM)
Indexed Document Matching (IDM)
Described Content Matching (DCM)
Vector Machine Learning (VML)
Form Recognition – This requires an additional purchase
Exact Data Matching
Exact Data Matching (EDM) protects customer and employee data, as well as other structured data that is
generally stored in a database.For example, a customer could write a policy usingEDMdetection that looks for
any three of FirstName, Last Name, SSN, Account Number, or Phone Number occurringtogether in a message
and correspondingto a record from the customer database.EDM technology is designed to scaleto very large
data sets and is currently protecting over 300 million customer records on a single server at each of several
customer deployments. Additionally,on a singleserver, Symantec has tested EDM on a databaseof 500 million
rows of data, each with four columns, for a total of two billion individual data elements. This capacity scales
linearly with additional servers.
Indexed Document Matching
Indexed Document Matching (IDM) ensures accurate detection of unstructured data stored in the form of
documents such as Microsoft Word and PowerPoint files, PDF documents, design plans, source code files,
CAD/CAM images, financial reports, mergers and acquisition documents, and other sensitive or proprietary
information.IDM creates document fingerprints to detect extracted portions of the original document, drafts,
or different versions of protected documents, as well as exact matches against the bi nary content. Symantec
Data Loss Prevention IDM also provides the ability to "white list" content such as standard boilerplate text to
reduce falsepositives.On a singleserver,Symantec has successfully created and detected with IDM fingerprints
of over two million documents. As with EDM, the capacity to scale increases linearly with additional servers.
Described Content Matching
Described Content Matching (DCM) delivers a high degree of accuracy and is mostuseful when it is impossible
or impractical to get a copy of the information for indexing,or when the precisecontent is unknown but readily
described. DCM works with both structured and unstructured data, using Data Identifiers, keywords, lexicons,
pattern matching,filetypes,filesizes,sender, recipient,user name,endpointuser groups (for EndpointPrevent),
and network protocol information entered into the Enforce Platform by the user to detect data loss incidents.
13. Vector Machine Learning
Recently, a new category of DLP detection technology has emerged that enables organizations to use software
that learns to detect the types of confidential data that require protection. Through training, this approach
continuously improves the accuracy and reliability of finding sensitive information. By applying the concept of
machine learning to DLP, Vector Machine Learning (VML) helps to quickly and efficiently protect IP and
confidential information among increasing amounts of unstructured data.
Vector Machine Learning has specific advantages that complement existing describing and fingerprinting
technologies,improvingthe ability of organizations to protect sensitiveinformation especially for unstructured
data that resides in highly dispersed and diverse locations, such as:
Automated processes help streamline set up and management – By automating the policy definition and
tuning process,VML significantly reduces staff timerequired to set up and maintain DLP technologies.Since
trainingrequires only examples of data to beprotected, setup can beachieved quickly and efficiently.Many
manual tasks such as maintainingkeyword lists or tryingto collectall data for fingerprintingareeliminated,
and the incidenceof falsepositives and tuningis minimized as the technology learns to recognize targeted
information and improves in accuracy over time.
Dynamic learningimproves Accuracy and Timely Protection – Much likezero-day protection with antivirus
software, Vector MachineLearning is capableof delivering“zero-day protection” for confidential data with
the accuracy of fingerprinting. The dynamic learning characteristics of VML make it possible to recognize
newer or never seen before information more easily and accurately and therefore provide coverage for
sensitive data that has yet to be created. Given the accelerating growth of unstructured data, therefore,
VML complements the content analysis of both fingerprinting and described content technologies to
enhance enforcement of DLP policies.
14. Form Recognition
With Symantec DLP Form Recognition, you can protect data stored in images of handwritten and typed forms
such as tax returns, insuranceclaims,patientforms or any form that might contain PII.DLP Form Recognition is
a new content detection technology that leverages intelligent image processingto catch and stop confidential
data that would otherwise go undetected in scanned or photographed forms.
Symantec Data Loss Prevention analyzes thefeatures of your blank forms and stores the results as key points in
the Form Recognition profile. This process is called indexing. Then the detection server compares images in
network traffic or stored in data repositories to the forms you have indexed. The extent that the detected form
matches key points in indexed blank form is called the alignment.
The comparison between the detected image and the indexed blank form also allows Symantec Data Loss
Prevention to determine how much of the form has been filled in.
Form Recognition works with Network Monitor, Network Prevent for Email,Network Prevent for Web, Network
Discover and Network Protect.
15. Remediation and Reporting
The Enforce Platform includes robust reporting and incident workflow features to support effective incident
remediation. It has fully customizableworkflowthat allows you to build any kind of remediation and detection
process needed. The user interface allows you to define various case management statuses that indicate an
incident’s position within the workflow. Typically, customers choose status flag names that are customized to
their own internal processes like:“Escalated to Security & Risk”,“To be reviewed by HR”, or “Dismissed due to
Broken Business Process”.
The user interface is web-based and extremely easy to use for non-IT users,containing all information relevant
to a business user for diagnosing and responding to an incident. The Incident Snapshot provides highlighted
violation information fromany attachment or message content. This makes it easy to see where the violation
exists within the message transmission,as well as the specific data that was put at risk (such as specific Credit
Card numbers). Additionally, the Incident Snapshot contains a clear indication of calculated severity as well as
the total match count (for example, the number of customer records exposed).
Workflow can be established through the use of incident work queues for each role. Each queue contains
incidents for which a given user is responsiblefor processing.A very simpleworkflow would work as follows:A
firstresponder work queue may includeall incidents of status "New". A manager may have a work queue with
incidents of status "Escalated". An investigator may see incidents of status "Investigation Required". To pass an
incident between roles, the status is changed and the incident passes between queues.
16. More complex workflows also include segmentation by business unit, such that work queues include only
incidents of the specified status from senders in the specified business unit.
Symantec DLP Solution Packs deliver out-of-the-box industry best practices for incident response and
remediation. Functionality includes:
Industry-focused detection policies like PCI, Data Protection Regulations etc
All commonly used automatic response rules such as notifications, escalate to forensics, set incident
reason codes, send syslog event, and so on
Pre-configured workflow and roles, including role-based risk reports
Defined custom attributes and statuses
Symantec DLP reporting functionality includes the ability to view, save, and create custom dashboards for
executive-level reporting. Dashboards can combine up to six portlets (each summarizing an out-of-the-box
system report or custom saved report), presenting data on network, storage, and endpoint incidents in a single
dashboard.Each report within the dashboard is hyperlinked so users can drill down to the summarized reports
directly from the dashboard.
Dashboards,likeall other reports in the system, can be defined as either personal reports or role-based reports.
There are over 40 pre-configured reports to help customers manage their information risk.These allowthem to
meet compliance requirements, assess business risk, provide oversight and manage remediation operations,
whilst viewing trends across business units within the organization.
17. Operations and Maturity
Symantec’s recommendation for long-term, sustainable data protection is that the client commit to an
enterprise-wide initiative, involving people, processes and technology, to address data security risk head-on.
With the decision made to address this risk, the client needs a clearly defined plan for success, with specific
steps, tasks, resources, and objectives to reach their short and long term goals.
The maturity of Symantec’s DLP technology and the expertise of our Specialistpartners ensures theDLP program
is effective and successful. We have developed an impressive set of best practices gained through 1100
Symantec DLP deployments across a wide variety of customer environments and industry verticals.
Together with specialist partners we ensure the project team contains the right mix of people, processes and
technology, with the right application of that mix across six projectphases.Companies tha t have followed this
methodology and leveraged the Symantec expertise and best practices haveconsistently achieved measurable
risk reduction within 90 days.
Comprehensive, clearly-defined,business-focused DLP programs achievegreater risk reduction, faster and with
fewer resources,by integratingSymantec DLP into their existingsecurity program and leveragingthe software
to promote enterprise-wide initiatives that drive change across the organization. These successful programs
share five common attributes:
Executive level involvement. Support to protect data and change business processes and employee
behavior must come from the top.
A prioritized approach. Confidential data can take many forms and be anywhere in an organization,
targeting the most critical data first proves value immediately.
Business owner involvement. The information needed to identify new threats, keep policies current,
and fix broken business processes must come from those closest to the data.
A trained Incident Response Team (IRT). Clearly defined roles, responsibilities, and procedures drive
consistency and organizational buy-in.
Employee education. Visibility into employee behavior allows focused training on primary risk areas,
and real-time enforcement of company data protection policies promotes a culture of security.
In the first two phases – Planning and Deployment – the goal is to lay the groundwork and infrastructure for
long term success. This is the most critical period in your DLP rollout, because your success in the future will
depend on the work completed here. In the first two phases you will ensure that:
Your most critical data is identified and protected
Your system is deployed, operational, and providing maximum coverage based on your goals
Policies are correctly configured to capture incidents of interest and minimize false positives
Incident responders are trained, and fully prepared to address policy violations
Employees are aware of their data protection responsibilities
The further four Risk Reduction phases – Baseline,Remediation, Notification,and Prevent/Protect – are where
the client achieves and measures results. In these phases you will:
Fine-tune policies
Identify and change business processes contributing to risk
Expand, modify, and automate remediation efforts to achieve the greatest impact with the fewest
resources
Begin real-time notification to employees when their actions cause risk
Prevent and protect critical data from leaving the organization without impacting business as usual
Collectspecific metrics to demonstrate and document risk reduction over time.
18. By way of an example, a typical project comprises of addressinga high risk area of the network, namely the web
gateway. The modules deployed in this phase will enable a client to inspect all network communications.
Protocols covered include email (SMTP), web (HTTP), instant messaging (IM), file transfers (FTP), and all other
TCP sessions over any port.
Once deployed and operational with thesemodules, our clientshould address the major business process issues
and change employee behavior through notifications, so that the risk of disrupting business by blocking
communications or moving files is minimal. The next phase of further modules increases the prevention and
protection capabilities.
After progressing through the six phases of a best practice DLP deployment, our client can be confident that:
Their initial policies aresuccessfully protecting theorganization’s confidential information fromleaving
via the Web
They have builtgood workingrelationshipsbetween the Security Team and the lineof business owners
and are working to address the faulty business processes uncovered by the Symantec DLP solution
They have leveraged auto-notification to change employee behavior, and
They have solid metrics to demonstrate your results.
With the success of this firstdeployment, our clientshould be well positioned to continueexpandingpolicy and
exit/exposure point coverage and continuing to drive their organization’s DLP risk down.
19. System Requirements and Recommendations
Symantec provides a separateRequirements and Compatibility Guide, before implementation please check for
the latest available guide at https://support.symantec.com/en_US/article.DOC9256.html.
Deployment Planning Considerations
Installation planning and system requirements for Symantec Data Loss Prevention depend on:
The type and amount of information you want to protect
The amount of network traffic you want to monitor
The size of your organization
The type of Symantec Data Loss Prevention detection servers you choose to install
These factors affect both:
The type of installation tier you choose to deploy (three-tier, two-tier, or single-tier)
The system requirements for your Symantec Data Loss Prevention installation
The effect of scale on system requirements
Some system requirements vary depending on the size of the Symantec Data Loss Prevention software
deployment. Determine the size of your organization and the corresponding Symantec Data Loss Prevention
deployment using the information in this section.
The key considerations in determining the deployment size are as follows:
Number of employees to be monitored
Amount of network traffic to monitor
Size of Exact Data Match profile (EDM) or Indexed Data Match profile (IDM)
Size of your Form Recognition profile
The tablefollowingin the next section outlines two sampledeployments based on enterprise size. Review these
sample deployments to understand which best matches your organization’s environment.
20. Minimum Hardware Requirements (Sample)
All Symantec Data Loss Prevention servers must meet or exceed the minimum hardware specificationsand run
on one of the supported operatingsystems. If the Oracledatabasefor Symantec Data Loss Prevention is installed
on a dedicated computer (a three-tier deployment), that system must meet its own set of system requirements.
The following provides examples of hardware sizing for small/medium size infrastructure on a single-tier and
multi-tier deployment.
Single-Tier Deployment for Small/Medium Size Organization
Item Description
Processor 8-core 2.5 GHz CPU
Memory 64 GB RAM
Disk 3 TB, RAID 5 configurations (with a minimum of five spindles)
NICs 1 copper or fiber 1 Gb Ethernet NIC (if you are using Network Monitor you will need a
minimum of two NICs)
Multi-Tier Deployment for Small/Medium Size Organization
Item Enforce Server Network Monitor Network Discover/Cloud Storage
Discover, Network Prevent, Cloud
Prevent for Email, Mobile Email
Monitor, Mobile Prevent or
Endpoint Prevent
Processor 4-core 3.0 GHz CPU 4-core 3.0 GHz CPU 4-core 3.0 GHz CPU
Memory 8–10 GB RAM (EDM/IDM and
Form Recognition profilesizecan
increase memory requirements.
Two-tier deployments may
require additional memory for
running Oracle.
6–8 GB RAM
(EDM/IDM and Form
Recognition profilesize
can increase memory
requirements.
6–8 GB RAM (EDM/IDM and Form
Recognition profile size
can increase memory requirements.
Disk 500 GB, RAID 1+0 or RAID 5
configuration is recommended.
RAID 5 is not recommended for
computers that host the Oracle
database.
For Network Discover/Cloud
Storage Discover deployments,
approximately 150 MB of disk
space is required to maintain
incremental scan indexes. This is
based on an overhead of 5 MB
per incremental scan target and
50 bytes per item in the target.
140 GB 140 GB
For Network Discover/Cloud Storage
Discover deployments,
approximately 150 MB of disk space
is required to maintain incremental
scan indexes. This is based on an
overhead of 5 MB per incremental
scan target and 50 bytes per item in
the target.
NICs 1 copper or fiber 1 Gb/100 Mb
Ethernet NIC to communicate
with detection servers.
1 copper or fiber 1
Gb/100 Mb Ethernet
NIC to communicate
with detection servers.
1 copper or fiber 1 Gb/100 Mb
Ethernet NIC to communicate with
detection servers.
21. Software Requirements
Enforce and Detection Servers
Symantec Data Loss Prevention servers can be installed on a supported Linux or Windows operating system.
Different operating systems can be used for different servers in a heterogeneous environment.
Symantec Data Loss Prevention supports thefollowing64-bitoperatingsystems for EnforceServer and detection
server computers:
Microsoft Windows Server 2008 R2 SP1, Enterprise/Standard Edition
Microsoft Windows Server 2012, Datacenter/Standard Edition
Microsoft Windows Server 2016, Database/Standard Edition (Oracle Database not supported)
Red Hat Linux 6.6 through 6.8
Red Hat Linux 7.1 and 7.2
Symantec DLP Agent
Symantec DLP Agents can be installed on computers running any of the following operating systems:
Microsoft Windows Server 2008 Enterprise or Standard Editions R2 (64-bit)
Microsoft Windows Server 2012 R2 Datacenter, Standard, Essential, or Foundation Editions (64-bit,
Desktop mode only)
MicrosoftWindows 7 Enterprise, Professional,or Ultimate, including Service Pack 1 (32-bit or 64-bit)
Microsoft Windows 8 Enterprise 64-bit
Microsoft Windows 8.1 Enterprise, Pro 64-bit
Microsoft Windows 8.1 Update 1x Enterprise, Pro 64-bit
Microsoft Windows 8.1 Update 2 Enterprise, Pro 64-bit
Microsoft Windows 8.1 Update 3 Enterprise, Pro 64-bit
Microsoft Windows 10 Update 1511 Enterprise, Pro 64-bit
Microsoft Windows 10 Anniversary Update Enterprise, Pro 64-bit
Apple macOS 10.9, 10.10, 10.11, 10.12
22. Oracle Database Requirements
Symantec Data Loss Prevention requires Oracle11gStandard Edition (or Standard Edition One) version 11.2.0.4
(64-bit) with the most recent Critical Patch Update. Symantec provides Oracle 11g with Data Loss Prevention.
Symantec only supports the Standard Edition and the Standard Edition One of the Oracle database, but the
Symantec Data Loss Prevention database schema is supported on all editi ons of Oracle.
You can install Oracleon a dedicated server (a three-tier deployment) or on the same computer as the Enforce
Server (a two-tier or single-tier deployment):
Three-tier deployment – System requirements for a dedicated Oracleserver arelisted below. Note that
dedicated Oracleserver deployments also requirethat you install theOracle 11g Client on the Enforce
Server computer to communicate with the remote Oracle 11g instance.
Single- and two-tier deployments – When installed on the Enforce Server computer, the Oraclesystem
requirements are the same as those of the Enforce Server.
If you install Oracle 11g on a dedicated server, that computer must meet the following minimum system
requirements for Symantec Data Loss Prevention:
One of the following operating systems:
o Microsoft Windows Server 2008 R2 Standard or Enterprise (64-bit)
o Microsoft Windows Server 2008 R2 SP1 Standard or Enterprise (64-bit)
o Microsoft Windows Server 2012 R2 Standard, Enterprise, or Datacenter (64-bit)
o Red Hat Enterprise Linux 6.6 through 6.8 (64-bit)
o Red Hat Enterprise Linux 7.1 and 7.2 (64-bit)
6 GB of RAM
6 GB of swap space (equal to RAM up to 16 GB)
500 GB – 1 TB of disk space for the Enforce database
23. Virtual Server Support
Symantec supports runningSymantec Data Loss Prevention servers on VMware ESXi 5.x, VMware ESXi 6.x, and
Windows Hyper-V virtualization products,provided that the virtualization environment is runninga supported
operating system.
At a minimum, ensure that each virtual server environment matches the system requirements for servers
described in this document.
Consider the following support information when configuring a virtual server environment:
Endpoint Prevent servers are supported only for configurations that do not exceed the recommended
number of connected agents.
Symantec does not support runningthe Oracledatabaseserver on VMware ESXi 5.x, VMware ESXi 5.x, and
VMware ESX 6.x virtual hardware. If you deploy the Enforce Server to a virtual machine, you must install
the Oracle database using physical server hardware.
Symantec supports running the Enforce Server and Oracle database server in a Windows Hyper-V
environment.
Symantec does not supportrunning the Network Monitor or MobilePrevent for Web detection servers on
virtual machines.
Symantec does not support Single Server installations on virtual machines.
A variety of factors influence virtual machine performance, including the number of CPUs, the amount of
dedicated RAM, and the resource reservations for CPU cycles and RAM. The virtualization overhead and guest
operating system overhead can lead to a performance degradation in throughput for largedatasets compared
to a system runningon physical hardware.Use your own test results as a basisfor sizingdeployments to virtual
machines.
You can deploy the DLP Agent on Citrix and VMware virtual machines.
24. Available Suites and Bundles
As of Symantec Data Loss Prevention 14.6, the following suites and bundles are offered:
DLP ENTERPRISE SUITE
o Network Monitor
o Network Prevent for Email
o Network Prevent for Web
o Network Discover
o Network Protect
o Endpoint Discover
o Endpoint Prevent
o Mobile Email Monitor
o Mobile Prevent
DLP DISCOVER SUITE
o Network Discover
o Network Protect
NETWORK PRODUCTS
o Network Monitor
o Network Prevent for Email
o Network Prevent for Web
STORAGE PRODUCTS
o Network Discover
o Network Protect
ENDPOINT PRODUCTS
o Endpoint Discover
o Endpoint Prevent
CLOUD PRODUCTS
o Cloud Prevent for Microsoft Office 365 Exchange
o Cloud Storage (for Box)
MOBILE PRODUCTS
o Mobile Prevent
o Mobile Email Monitor
DETECTION
o Form Recognition
VERITAS PRODUCTS
o Veritas Data Insight
o Veritas Data Insight SelfService Portal
Symantec resells Oracle Standard Edition One and Standard Edition licenses on a per CPU (Processor) basis:
Oracle Standard Edition One is available for single server with up to 2 Processors.
OracleStandard Edition,which adds OracleReal Application Clusters,isavailable for singleor clustered
servers with up to 4 Processors.