Data Loss Prevention

 View Only

  • 1.  Symantec DLP facts

    Posted Oct 23, 2009 10:04 AM
    Hello,


    Can someone direct me to a detailed technical data sheet for DLP products?
    I'm interesed in:
    - 64-bit OS support for monitoring/disocover/mgnt/etc servers
    - support for agents on mobile devices, like blackberry or symbian
    - latency, throughputs, other performance issues.


    Can someone send me some info?


    Best regards,

    Mihai


  • 2.  RE: Symantec DLP facts

    Posted Oct 23, 2009 01:08 PM
    Currently there is no 64-bit agent for Endpoint as far as I know, trying to get the offical word but as far as i understand on the endpoint side it is 32-bit only.  Will double check that

    Also there is not a supported agent for mobile devices, yet I have heard that it is on the roadmap.

    For data rest it does not matter whether or not the server is 64-bit or 32-bit as you doing the scanning against  the file share/database/etc... 

    A lot of the performance issues/throughputs/latency all depend on how you set things up and also what product within DLP you are talking about as well (Data in Motion vs Data at Rest).

    Each DAR scan can be throttled and scheduled around backup windows, work hours, etc.

    Drop me a note if you have further questions or would like to talk in person


  • 3.  RE: Symantec DLP facts

    Broadcom Employee
    Posted Nov 13, 2009 09:27 AM
    -We can scan againist 64bit shares and databases, however Enforce, EDPA and Detection servers must remain on 32-bit OS.
    Article ID: 50079 Network monitor does not show traffic on RHEL x64
    Article ID: 42256
    Can Vontu run on a 64 bit OS?
    Applies To


     
     
    • Vontu Installation/Upgrade
    Problem Summary

     
     
    If you have a 64-bit OS installed, will Vontu run on it?
     
    Solution

     
     
    Vontu does not currently support 64-bit OS. You can run on 64-bit hardware, but the OS must be installed as 32-bit.


    -Mobile device support is currently not available
    -Discover Performance/throughput:  See - Symantec DLP Network Sizing Guide KB 46671 https://kb-vontu.altiris.com/article.asp?article=46671&p=4
    Public Article ID: 49240
    Discover Performance Troubleshooting
    Applies To

     
     
    • Vontu Discover Server
     
     
    Problem Summary

     
     
    My Discover Scan is slower than I would expect. How can I determine where the bottleneck is?
     
    Solution

     
     
    In general, the performance bottleneck for Discover scans is the transfer to the Discover machine.  Linux Discover processes are 1/3 slower than Windows. 
    1. Setup your target
    2. Check your policy groups.  Are there any empty policy groups?  This will affect Discover performance.
    3. Run the scan for 10 minutes, keeping an eye on CPU usage on the Discover machine. Then pause the scan. Calculate the scan rate in GB/Day using the information on the Scan Detail page.
      • If it is at least 250 GB/Day then all is good.  Resume the scan. 
      • If it is much less than 250 GB/Day go to step 4.
    4. Was the CPU usage on the Discover machine close to 100% during the 10 minutes of scanning? 
      • If so, you are probably limited by cracking.  Check to see if the target has a lot of XLS and/or PDF files.  If this is the case, there is not much that can be done except add more hardware. 
      • If CPU was not maxed out, go to step 5.
    5. Manually copy 2GB worth of representative files from the target to the Discover machine and calculate the transfer rate.  (It is important to copy the actual files that you will be scanning as the average file size has a big impact on transfer rates.) 
      • If this rate is slower than 300 GB/Day, then you are probably limited by network issues.  Check NIC settings and make sure they are compatible with the relevant switch settings.  Check number of hops and move Discover closer to target if possible. 
      • If the rate is greater than 300 GB/Day go to step 6
    6. Turn off collection of ACL and Owner information.  In Crawler.properties, set filesystemcrawler.collectaclandowner = false.  Restart the Discover monitor.  Run the 10 minute test again. 
      • If this solves the problem, then you need to weigh the value of scan rate vs security meta-data.  Collecting the extra meta-data takes time and there probably isn't anything that can be done to speed it up.
     


  • 4.  RE: Symantec DLP facts

    Posted Dec 02, 2009 10:02 PM
    thank you for the answer jim but im a bit confused.  Are you talking about the network product or the vontu dlp endpoint agent?  i am just looking for a simple answer of "does dlp endpoint support windows 7 32 bit and 64bit?"  If not when is the expected date.  I checked the big windows 7 support page you guys have but it says it will support win7 in december but doesnt specify 32 or 64bit.  TIA


  • 5.  RE: Symantec DLP facts

    Posted May 26, 2010 07:13 PM
    Currently there is no agent for 64bit OS.
    The DLP Agent does support Windows 7 But only 32Bit.

    Kind Regards,
    Naor Penso


  • 6.  RE: Symantec DLP facts

    Posted Sep 24, 2010 03:21 PM

    Symantec DLP 10.0 Has agents for 32bit Windows 7 and 64bit Windows 7. They were released in April or May of 2010

     

    There are 2 different installers for it.



  • 7.  RE: Symantec DLP facts

    Posted Oct 08, 2010 09:50 AM

    Does anyone know what the product ID is for Symantec DLP endpoint agent 10.5.1000.01022.  I have to manualy clean the clients from the registry and need the product ID.

    George



  • 8.  RE: Symantec DLP facts

    Posted Mar 10, 2011 05:38 AM

    Is there any document describing DLP 11 hardware support? Looking for it for a long time.