EMEA Data Loss Prevention User Group

 View Only
  • 1.  Quarantine deployement

    Posted Feb 14, 2019 09:30 AM

    Hello all,

     

    We want to deploy Symantec Quarantine with SMG. We already have a symantec DLP prevent for mail&Web installed.

    We will use specific policies with low number of false positive events and turn them into quarantine mode.

    Our issue concern the process to implement the quarantine. Our leadership is afraid of critical mails that will be quarantine without any action.

    Issues :

    1. We have a central team to handle events and they are in France with normal working hours and we have clients from everywhere in the world
    2. We have business practice allowing client to send specific mails (sender+subject+filename+recipients) to autorized partners
    3. We could be asked by a manager to release a specific mail very critical

    What we read on Symantec Quarantine is that we only can use a flexresponse on Enforce to unlock the mails.But we will have problems with non-working hours and foreigner clients and also with business partners.

    We think of a solution with a code send to the user to bypass the block policy but that will be without the SMG and that reduce the risk of a data leak.

     

    Do you deploy SMG+Symantec DLP on your environment/customers. What processes do you think of for dealing with this kind of business issue ?

     

    With regards