How Symantec DLP 16 Can Kickstart Your Zero Trust Program

Nearly 60% of organizations are yet to deploy a Zero Trust security architecture - putting them at a larger risk than they might even realize. Organizations that have mature Zero Trust deployments see average breach cost savings of £1.51 million versus organizations who are in the early stages of adopting Zero Trust. If you want to find out more about Zero Trust, visit our website or read this blog series about implementing a Zero Trust strategy.

Symantec Data Loss Prevention (DLP) 16 is now available and provides customers a number of benefits. These include ways for organizations to turbo-boost their Zero Trust programs by:

• Detecting and responding to the risk that individual users and devices present based on their behavior
• Supporting the complex ecosystem of endpoints in a hybrid-work world
• Providing additional intelligence on threat risk

Let’s look at precisely how DLP 16 enhances Zero Trust through new capabilities and integration with existing products.

Integrating User Risk into DLP Policies

Zero Trust is about understanding and mitigating risk, so people and devices that should be able to access your data can, while those who shouldn’t have access can’t. DLP 16 encapsulates that philosophy into the DLP policy itself.

DLP 16 makes use of user behavior by tracking actions – such as failed log-in attempts or visits to risky websites – to assess and attribute each user. The information about the user’s actions are included in calculations to create a “User Risk Score,” a determination of how likely a user is to cause a data breach.

The User Risk Scores are imported into DLP 16 from Symantec Information Centric Analytics, which collects data from your company's security monitoring tools, such as Symantec DLP, and user directory information, such as Microsoft Active Directory. The User Risk Score correlates and distills data to provide a holistic view of user activity, threats and events to provide contextual awareness to recognize and remediate events.

DLP administrators can add the User Risk Score as a detection rule while evaluating policy violations and applying appropriate response rules.

As a result, administrators can genuinely ask if a user should have access to a particular set of data, and take steps if they shouldn’t have access. For example, if a user’s profile identifies them as the CEO, but they’re interacting with the network in a risky way, you might want to deny them access to the data or require additional verification.

Administrators, who already benefit from the DLP Policy Framework “single policy to monitor all channels,” including the cloud or on-premises storage, can fine-tune their policies to heighten security while they reduce friction to the business. Importantly, users can customize their policies based on their individual needs and risk appetite.

Eliminating the VPN for Remote and Hybrid Workers

Employees, gig workers, partners, and the ecosystem of people who need access to a companies’ data is more complex than ever. Virtually every company is developing or fine-tuning their policies for a remote and hybrid workforce.

In a hybrid work environment, most end-users connect via a home network that uses IPv6 addresses. Previously, a VPN or other network device has been needed to translate between IPv6 and IPv4 IP addresses so home-based users could access the DLP Endpoint Server.

DLP 16 simplifies this process by providing native support for endpoint agents on IPv6 devices, meaning home users no longer need a VPN every time they access the network.

In addition, DLP 16 integrates with existing core products –such as Symantec Web Gateway, Symantec CASB, Symantec CloudSOC Mirror Gateway, and Symantec Endpoint Protection – to protect unmanaged and BYOD devices.

In the past, IT departments would try to control these unmanaged devices through agents or other complicated means. DLP 16 integrates with Symantec CloudSOC Mirror Gateway to implement controls that allow authenticated users on unmanaged devices to access data they need, but prevent them from taking some steps that might introduce malware into the network, such as preventing them from uploading files.

Critical Context for Remediation

Remediating incidents is all about the right amount of context. DLP 16 provides additional attributes such as URL category, website threat risk level, and geolocation for network incidents.

This critical information is cross-referenced between DLP and Symantec Web Gateway, giving more insight into the cause and potential consequences of incidents. As a result, DLP incident remediators can perform their duties more effectively and faster, reducing their organization’s risk. This information is also made available to ICA, fortifying the User Risk Score.

Ready to find out more?

With DLP 16, companies can access best-in-class protection for both managed and unmanaged devices. With a single DLP policy for data-in-motion, data-in-use, and data-at-rest, companies can easily control access to data and develop a Zero Trust foundation that gives them the protection they need for their data “crown jewels.”  Find out more about What’s New in DLP 16.