Re: Symantec DLP vs Identity Finder

[Velislav K Pavlov <VelislavPavlov () FERRIS EDU>]

The network component can connect to any SMB share with provided account, discover, classify, and quarantine/remediate 
information based on specified criteria. For the endpoint, there is a Windows and MacOS agent, but we are not at that 
stage where we can provide valuable feedback. We decided to start with the ITS managed servers first, setup network 
discover scans, define policies, rules for scanning, schedules, and make sure we have the foundation. The network 
discover for servers goes through awareness, notification, then remediation which take time. We figured we can use the 
time the operational sides work on remediation to focus my team’s time on the agent testing.

Vel Pavlov | Coordinator, IT Security
M.Sc. ISM, CISSP, C|HFI, C|EH, C)PTE,
Security+, CNA, MPCS, ITILv3F, A+
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy
Sent: Monday, March 27, 2017 5:41 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Symantec DLP vs Identity Finder

This message is from a mail system outside of Office 365
Did they ever release full Mac functionality for their DLP related components?  That used to be one of the 
short-comings, but I haven’t looked at it in a long time.

Brad Judy

Information Security Officer
Office of Information Security
University of Colorado
1800 Grant Street, Suite 300
Denver, CO  80203
Office: (303) 860-4293
Fax: (303) 860-4302
www.cu.edu<http://www.cu.edu/>

[u-logo_fl]



From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of 
Velislav K Pavlov <VelislavPavlov () FERRIS EDU<mailto:VelislavPavlov () FERRIS EDU>>
Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Date: Monday, March 27, 2017 at 3:27 PM
To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Symantec DLP vs Identity Finder

SymEd bundle: endpoint, MDM, email gateway, DLP enforcer (network scan, endpoint), and DLP DataInsight. Based on number 
of full-time staff. The DLP is content and context based. Can scan anything with Creds and share. It can be used for 
incident response to determine impact based on affected data for servers and endpoints. DataInsight is a nice 
compliment to tell who, what, when, where related to files and folders on share it's set up with. Bazooka of a solution 
but it can do everything we needed it to so far.

Vel Pavlov | IT Security Coordinator
M.Sc. ISM, CISSP, C|HFI, C|EH, C)PTE, Security+, CNA, MPCS, ITILv3F, Sec+,A+




On Mar 27, 2017, at 4:18 PM, Gramke, Jim <JGramke () CSBSJU EDU<mailto:JGramke () CSBSJU EDU>> wrote:
This message is from a mail system outside of Office 365
Hi All,

We have been thinking about doing something like Identity Finder to locate and help remediate our sensitive data stored 
all about.     A couple of Educause Security conferences ago, I recall a few people mentioning that Symantec had a 
product that did similar things, and could be part of some sort of educational bundle offered by Symantec, and thus 
more reasonably priced.

Is anybody using Symantec to do their sensitive data discovery?    If so, is it part of a bundle, and if so, what is 
that bundle called?    And finally, how do you like it?

Thanks,

Jim Gramke
College of St. Benedict, St. John’s University
csbsju.edu<http://csbsju.edu>