Posted: 3 Min ReadProduct Insights

Harnessing Symantec’s DLP Integration with Microsoft Information Protection

Increasing customer control over critical data

Ever since Symantec, a division of Broadcom (NASDAQ: AVGO), was acquired last November, we have been investing to meet the changing demands of our enterprise customers, and focused on an industry-leading, integrated cyber defense platform to protect them.  The most recent example is the engineering work we’ve done to ensure that Symantec’s Data Loss Prevention (DLP) works smoothly in concert with Microsoft Information Protection (MIP). 

Symantec DLP is an essential tool to help businesses keep their critical information secure even when employees - many of whom are now using unmanaged devices - access corporate resources from outside of the office. This capability is even more essential today as many enterprises have their employees working from home in order to lower their risk of infection from COVID-19. 

We came up with a technical solution that allows customers to use Microsoft Information Protection while still allowing Symantec DLP to inspect encrypted content.

But customers often deploy a variety of security applications, instead of one, as they build out their network defenses.  That sometimes leads to situations where different technologies from different companies get in the way of what ought to be a seamless user experience. 

For instance, when organizations deployed MIP to encrypt their data, their documents were no longer visible to Symantec DLP. That worked to nobody’s advantage because it left customers vulnerable to potential loss of sensitive information that may have been embedded inside the encrypted documents.

Improving the Customer Experience  

Customers reached out and asked us to remedy the situation and that’s just what we did. We came up with a technical solution that allows customers to use Microsoft Information Protection while still allowing Symantec DLP to inspect encrypted content. This makes sure that sensitive data remains securely within the corporate network and also ensures continued regulatory compliance. 

The latter point is also something we hear often from our largest customers who need to comply with the enactment of the more stringent regulations governing data privacy protection being enacted across the globe such as SOX, HIPAA and GDPR. Organizations need to be able to thwart unauthorized attempts to share documents containing sensitive data over email or to unsanctioned file sharing sites.

A Real World Scenario

Here’s an example. Let’s say a user attempts to share a Word document with an unauthorized partner that has been previously classified and encrypted by MIP. Symantec DLP will automatically decrypt such documents, inspect its content based on their existing DLP policies, and prevent the email from being sent if it violates such policies. It will also block any attempt to share the same document using an unsanctioned file-sharing site or by inviting an external party to collaborate on the document on the corporate OneDrive. 

In each instance, Symantec DLP will block the attempts and notify administrators each time it registers policy violations around the sharing of sensitive corporate data. 

Better Together 

Symantec and Microsoft together help enterprises protect their sensitive data wherever it lives and travels with the deepest data discovery and protection available in the industry. Customers can now take full advantage of Symantec Data Loss Prevention’s powerful content inspection engine combined with the broad classification and encryption capabilities provided by MIP. The integrated solution gives customers the ability to detect and read MIP-labeled and -protected documents and emails. In the upcoming release, customers will also be able to automatically suggest and enforce MIP labels for sensitive and personal data with greater accuracy based on their DLP policies. 

Customers can now take full advantage of Symantec Data Loss Prevention’s powerful content inspection engine combined with the broad classification and encryption capabilities provided by MIP.

Ultimately, this is what a best in class Symantec DLP solution does: it allows you to discover, monitor and protect your sensitive data leveraging our industry-leading content detection technologies while managing all of your policies in one central place regardless if documents are protected with Microsoft MIP or not. This speaks to Symantec’s larger commitment: We will continue to work with strategic partners, supporting our overarching goal of helping our customers remain secure.  It’s why we are the best DLP solution in the business.

Symantec DLP Integration with Microsoft Information Protection
Symantec Enterprise Blogs
You might also enjoy
Product Insights5 Min Read

Symantec Enterprise DLP Named a Gartner Peer Customers’ Choice

Enterprise customers are choosing Symantec

About the Author

Bruce Ong

Director of Product Management, Information Security

Bruce has been on the product management team for Symantec Data Loss Prevention since 2014. Currently he is focused on the roadmap to expand the leadership of our world-class DLP detection technologies, and extend it into new channels and applications.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.