EMEA Data Loss Prevention User Group

 View Only
  • 1.  Network Discover/Protect - Secure deletion?

    Broadcom Employee
    Posted Mar 28, 2014 05:34 AM

    Hello,

    we are running PCI scans on shared drives with a view to deleting lots of old files containing PAN. My question is around the quarantine/deletion mechanism - if  we quarantine the files and then delete them from the quarantine, is it a secure deletion which renders the files completely unrecoverable? i.e. is it PCI compliant?

    I can't seem to find any detailed documentation on how this works 'under the covers', any help appreciated!

    Thanks



  • 2.  RE: Network Discover/Protect - Secure deletion?

    Posted Apr 01, 2014 11:13 AM

    I guess it depends on what tool (not SDLP) you will be using to delete the files.

    Network Protect simply copies or quarantines the file. The tool isn't leveraged to do the actual deletion of the file.

    Hope that helps.



  • 3.  RE: Network Discover/Protect - Secure deletion?
    Best Answer

    Posted Apr 01, 2014 02:44 PM

    Just a follow up, as mentioned there is no part of Symantec DLP that performs the actual deletion.  It would depend on the 3rd party tool that is used to perform the deletion.

    The deletion program could be call from the response rule via a FlexResponse



  • 4.  RE: Network Discover/Protect - Secure deletion?

    Broadcom Employee
    Posted Apr 02, 2014 04:18 AM

    Thanks guys,

    I'll look to use your suggestion of setting up a FlexResponse rule to perform the deletion. I'll contact our account manager to see which suitable tools are available.

    So, if my understanding is correct, we could quarantine the files then when we get business approval to delete them we could simply re-run the scan with the FlexResponse rule to call the secure deletion tool active?

    To clarify around quarantining, I have heard conflicting reports about what actually happens; does a 'quarantined' file actually get moved to the quarantine? I have also heard that a link is merely created and the original file is rendered inaccessible to the user, but doesn't move.

    Thanks in anticipation!