The latest version of Symantec's data loss prevention (DLP) suite features new technology for defining search patterns to detect sensitive information, as well as improved risk assessment and remediation capabilities. The enhancements in Symantec DLP 11 are heavily weighted to the protection of intellectual property (IP) in unstructured data on file servers, NAS and groupware applications such as Microsoft SharePoint.
"In an unstructured data environment, organizations have issues with intellectual property, source code, marketing plans, product designs," says David Dorsin, Symantec's director of product marketing. "It's hard to define--what does a product design or an M and A document look like?"
The new technology, dubbed vector machine learning, addresses one of the most difficult aspects of DLP: defining accurate search rules while minimizing false positives. Enabling rules to detect and block patterns for straightforward patterns, such as credit card and Social Security numbers, is a simple matter, and some organizations will deploy some sort of "DLP light" for that sort of limited purpose, often to help PCI Data Security Standard (PCI DSS) compliance.
However, complex enterprise deployments of products such as Symantec DLP, formerly Vontu, are difficult. Organizations will often focus on using DLP to understand the flow of information through the business and track suspicious activities. This helps identify gaps in security and collect evidence of malicious activity, such as the theft of IP. But companies often will shy away from blocking all but obvious violations because of false positives.
Symantec's suite, like most enterprise DLP systems, identifies sensitive data through a combination of keyword/keyword matching and document fingerprinting. Fingerprinting is used to tag known sensitive documents, generally using a hash. But identifying sensitive data everywhere else is problematic, as organizations struggle to define and refine rules to improve accuracy.