Symantec Builds Out DLP Technology to Aid Data Discovery

Symantec adds native support for SQL databases in a push for Storage DLP.

Symantec officials spent a fair amount of time discussing integration possibilities between their security and storage products during their Vision conference in Las Vegas.

Now, two weeks later, the company has taken a step toward that goal by expanding the data discovery technology of its Vontu Data Loss Prevention product.

At Vision, Symantec executives said they would be looking for ways to integrate the content awareness capabilities of their DLP (data loss prevention) technology into their storage portfolio. It is a gambit by the company based on the belief that data discovery will be a key driver in the market for CMF (content monitoring and filtering) and data loss prevention tools. According to the company, some two-thirds of its new customers purchase data-at-rest as part of their initial DLP investment.

With that in mind, Symantec has added new management features and native support for SQL databases to help in the area of content discovery. The idea is to help simplify the process of conducting enterprise-scale audits for databases such as Oracle, IBM DB2 and Microsoft SQL Server.

"Previously, SQL database scans had to be triggered remotely," said Helen Yu, senior product marketing manager. "Now, from a single console, an administrator can define a data protection policy and initiate native scanning of relational databases. In addition, Vontu Data Loss Prevention now has enhanced operating system coverage for Windows Server 2003 and Windows Vista, and can perform parallel scanning of thousands of systems by leveraging the Vontu Endpoint DLP agent architecture."

It is easy enough for organizations to lose track of the number of databases they have, as well as what is inside them. As a result, some enterprises are concerned about legacy storage of unencrypted confidential data or the storage of production data in test systems, while others worry about things like inadvertently storing sensitive data in the 'comments' field of a CRM (customer relationship management) application, Yu said. Then there are auditors pressuring businesses to provide a complete account of what databases contain sensitive information, she added.

"With native SQL database scanning, companies can set up an automated job [that] systematically connects to every database, discovers the database schema and produces a report of where all the sensitive data resides," Yu said. "Without this capability, they would likely be required to rely on conversations and recollections of staff [that] often are in the dark as to the actual data stored in the databases."