Posted: 5 Min ReadProduct Insights

Data Loss: The Risk of MacOS and Linux

Reducing data loss risk from unprotected endpoints with DLP 16

In this conversation with Sunil Choudrie, Suresh Ramkumar (Product Manager for Symantec DLP Endpoint) explains why Symantec DLP 16.0 includes expanded protection for macOS devices, and new support for Linux desktops.

Q: Suresh, why are we investing in DLP Endpoint? So many organizations are moving their operations to the cloud?

A: That’s a great question Sunil.  Actually, it’s exactly because data is in the cloud that we need to protect the endpoint - it’s a vital control as the endpoint serves as the connection between the user and the cloud.  This has come into stronger focus, with organizations adopting more flexible working styles, as staff may be able to work from anywhere, but they are likely using a known device.  We see the endpoint as a mutually supportive element for cloud based working, whether you are office based or remote- the endpoint is critical.

Q: OK, that makes sense.  But macOS? The majority of users are on Windows devices, why extend support?

A: Sunil, the simple answer is that our customers are using all these platforms.  There is no point providing great DLP controls on Windows devices if data can leak from other devices.  That’s like locking the front door, but leaving the back door wide open.

We have long invested in providing broad coverage in our DLP solution, which has included providing support for macOS.  In DLP 16 we extend the protection even further.  This is really important for our customers, as macOS represents a significant proportion of today’s computing environment, it can’t be dismissed as a niche operating system.  Research shows that macOS accounts for 23% share of devices being used by US Enterprises.

Our clear aspiration is that we will provide equivalent functionality between Windows and macOS.  Therefore, in DLP 16 we add extended capabilities around print monitoring and the usage of Chromium-based Edge browser.  It allows us to expand our capabilities relating to data-at-rest, and also our support for data-in-motion when using removable storage, copying to network shares, browser monitoring etc.  Customers that are already protecting macOS, can cover some new and important use cases.  If customers need to expand their DLP controls to macOS endpoints (which we would recommend), they can be confident in our robust, well tested solution.

Q: Suresh, what’s the deal with Linux?  Surely that’s not widely used by businesses?

A: Here’s the twist: If you were just to look at the market share of this operating system in enterprises you’d conclude it’s small.  However, when you look deeper, this is an operating system preferred by developers and other IT staff.  This is a very important population of users if you want to protect internal knowledge, hence our development in this capability.  We typically find that software developers who use Linux access them via virtual desktops or on physical devices.  This gives them flexibility but also presents a degree of data loss risk. So, the relatively smaller Linux estate is equally important as is the dominant Windows user base or that of macOS.

Symantec DLP 16 supports a Linux Agent for Red Hat Enterprise Linux (RHEL). Using this, enterprises can run automated discovery of sensitive content on Linux endpoints to meet compliance requirements. Leveraging the strength of the various detection technologies supported by Symantec DLP, enterprises can be assured that their sensitive data is flagged regularly and appropriate remediation taken in terms of safely quarantining the content.

Q: What’s so important about what we’ve done? How does this all come together?

A: If we step back, it’s clear that enterprises need complete visibility into how their users are handling data. Typically, the user base is spread over a large estate of windows endpoints and a relatively smaller but growing proportion of both mac and Linux users. Symantec DLP can provide that visibility across these multiple operating systems.  Having consistent visibility and policy controls makes both operational and security sense.

Leveraging the strength of the various detection technologies supported by Symantec DLP, enterprises can be assured that their sensitive data is flagged regularly and appropriate remediation taken in terms of safely quarantining the content.

Q: So job done? Or do we have further plans?

A: If only it was that simple!  In future releases, we look towards adding support for monitoring other data loss vectors and extending support to Linux distributions beyond RHEL. We also want to listen to and respond to our customers’ feedback as they deploy and use these new agents.

It is important to note that we continually develop and test our endpoint agents to ensure they are compatible with the latest operating system so that we can provide same day support for macOS and Windows updates.  We provide the same for popular browser updates too.

Q: How do you pick the right DLP macOS agent?  What should be considered? 

A: That’s a really important question as we aren’t the only DLP vendor to provide a macOS agent.  We believe our ability to support a wide variety of data loss vectors with a full suite of detection technologies best meets the needs of Enterprise DLP Administrators.  For example our policy model means we provide the granular configurability within a single policy that applies to all the endpoint platforms. Additionally newer features like our integration with Symantec Information Centric Analytics (ICA) can be leveraged on mac endpoints as well to provide user risk based adaptive detection and response. 

I would also highlight these three features to look for in a DLP macOS agent:

  • Does it offer cross-browser support including support for the native Safari browser? How are the latest OS and browsers updates supported so the DLP agent remains compatible?
  • Is great detection technology available on the mac agent, offering the same breadth and depth as it does for the Windows agent?  What about user risk?
  • Is granular configuration available so administrators of large enterprises can manage the macOS agents with the same fine-grained control they apply to all the data loss vectors?

Q: How do Symantec customers get the new agents?  What’s your advice for the best way for them to get started?

A: The new agents are available as part of the software download for DLP 16.0 on our Broadcom Software Support portal. Customers can simply package the new macOS agent and distribute it via their MDM tools like JAMF to upgrade existing mac agents. This will enable them for Print monitoring & Edge support on macOS. For the RHEL platform, customers can package and distribute the RPM bundle. This will enable them to run discover scans on the endpoint file system.

Q: Suresh, how does someone find out more?

A: The simplest way is to visit our customer support site where we describe all the improvements we’ve made to DLP Endpoint.

Symantec Enterprise Blogs
You might also enjoy
4 Min Read

How Symantec DLP 16 Can Kickstart Your Zero Trust Program

Three new features you can implement right now

Symantec Enterprise Blogs
You might also enjoy
4 Min Read

3 Ways Symantec Customers Are Using AppNeta Solutions to Safeguard User Experience

How AppNeta and Symantec technologies are fueling cloud transformation

About the Author

Suresh Ramkumar

Product Manager, Information Security

Suresh has been working on Symantec Enterprise Products for over ten years. He is currently part of the Information Security Product Management group where he drives product planning and roadmap for the Symantec Endpoint DLP.

About the Author

Sunil Choudrie

Sr. Manager, Symantec’s Global Information Protection

Sunil helps organizations protect their data against insider and external threats. He holds a Mechanical Engineering degree from the University of Bath and an MBA from Henley Business School.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.