Symantec DLP 15.8: The Power of Integration

As we embark into 2021, we all need to look forward to something new, something better, something that will shift our focus from the unpredictable 2020. One thing that we’re sure will bring some excitement is Symantec DLP’s 15.8 release, available in early February 2021.

One of the exciting features of this upcoming release is End User Remediation, a built-in solution for decentralized incident remediation using ServiceNow. End User Remediation enables customers to engage anybody in their organization for incident remediation. They can choose to select certain types of incidents or all incidents. For example, some Symantec customers we have spoken to, would like to delegate all low and medium severity incidents to the frontline managers. Some others want to engage the file owners for remediating all DLP Discover incidents.  With End User Remediation, decisions on incidents can now be made with better context, in turn, reducing the workload on InfoSec teams without  losing compliance oversight.

The Need for Better Incident Management

Over the last few years we are seeing an increased use of DLP across Endpoint, Storage, Network, and SaaS applications. Enterprises with central InfoSec teams are struggling to keep up with the volume of incidents and are forced to prioritize what to remediate.  As a result this can lead to many DLP incidents remaining unremediated, causing data loss risk to an organization. Additionally, they are not aware of the context of the policy violation and are not in the best position to remediate the incidents. Incorrect remediation could break business processes in the organization thereby impacting the day to day operations.

Decentralizing incident remediation enables more people to be engaged so that more incidents can be resolved. And engaging the correct users reduces the overall data loss risk associated with incorrect remediation. 

DLP End User Remediation with ServiceNow

DLP End User Remediation with ServiceNow provides a superior and comprehensive incident remediation process.  There are two steps involved to configure and deploy the solution:

1. A simple one time configuration to be done in the DLP Enforce management console, where, customers identify incidents to be remediated, what incident information will be made available to the remediators and what remediation actions they can take.
2. Deploy the Symantec DLP End User Remediation (EUR) app in ServiceNow, where workflows can be defined and there is complete flexibility to model a remediation process based on your organization’s requirements.

Real World Scenarios

We have developed this solution to cater to the multiple use cases that our customers need to solve.  Below are some of these examples that have been shared by some of our large customers where the EUR solution can help solve their problems. For example:

1. Involving line managers to determine the severity of the incidents generated by their employees. This would help organizations quickly identify the most critical issues.
2. Quarantining emails with sensitive content and have the sender’s manager review the quarantined email and decide if it can be allowed or rejected.
3. Enabling the file owners to remediate any sensitive files that might be stored on a network share, SharePoint or a SaaS app like Dropbox, etc.
4. Capability to define workflows, specifically to take care of situations like the remediator being “Out of Office” and the remediator not taking action within the stipulated time, automatic enrollment of the policy violator for privacy training, etc.

How to get started?

To start using End User Remediation, customers will need to be using Symantec DLP 15.8 (available in February). There is no additional licensing requirement for DLP. Customers will also need to have ServiceNow and the DLP End User Remediation application will need to be deployed in their ServiceNow environment.

What’s Next

Symantec DLP End User Remediation offers many benefits. The key takeaway is that it helps remediate more incidents by engaging more users and reduces the risk associated with incorrect remediation. 

Along with End User Remediation, there are many more interesting features lined up in DLP 15.8 and over the next couple of weeks we will be sharing insight into some of those.

Watch this space for more blog posts!