Hi Ansh,
Please refer below
Key Features
- Discover—Find confidential data wherever it is stored, create an inventory of sensitive data, and automatically manage data cleanup.
- Monitor—Understand how confidential data is being used whether the user is on or off the corporate network, and gain enterprise visibility.
- Protect—Automatically enforce security policies to proactively secure data and prevent confidential data from leaving an organization.
- Manage—Define universal policies across the enterprise, remediate and report on incidents, and detect content accurately within one unified platform.
Key Benefits
- Reduce proliferation of confidential data across enterprise data centers, client systems, remote offices, and end-user machines.
- Identify broken business processes transmitting confidential data.
- Monitor and protect communications of sensitive content to public websites.
- Define and deploy universal policies across the enterprise.
The Vontu DLP system is a complete all around solution,
- Vontu Enforce - the enforce server is the heart of the system. This is the main console of the system where we will define all the rules, control all of the servers, treat incidents and generate reports. (This server is mandatory)
- Vontu Endpoint Server - the endpoint server is responsible to deploy policies to the endpoints on our network. The endpoint server is the server that all clients report to.
- Vontu Discover/protect - the discover/protect server is responsible for scanning the databases and fileservers in the organization. The discover server only has the option to alert on confidential data the is found. The protect server has the ability to do something about the information. The server can either copy the file to another location (still keeping the file in the same location) or quarantine the file, and leave a marker file that will point the employee to the security department.
- Vontu Network:
- Network Monitor - we talked about this server before in Chapter One. This is a server that "taps" in to our network (using mirror/SPAN port) and then analyzes the network traffic.
It should be mentioned that the server is completely passive and has no proactive abilities, it will provide us with valuable information, but it won't stop the data flow.
- Network Prevent (Web) - web prevent has the ability to analyze and block/alter traffic that is going out to the internet/intranet (depending on the location being used).
The server receives traffic using the ICAP protocol from a proxy server.
- Network Prevent (Mail) - mail prevent has the ability to analyze and block/alter mails sent from the organization. The mail prevent server receives mails from the organizational
MTA (Mail Transfer Agent).
https://www-secure.symantec.com/connect/articles/chapter-1-concept-dlp-define-what-confidential-and-find-where-it-stored
https://www-secure.symantec.com/connect/articles/chapter-2-concept-dlp-monitoring-and-blocking-confidential-data
https://www-secure.symantec.com/connect/articles/what-protection-does-symantec-dlp-provide-note-beginners