I were working on Symantec DLP project and had some experience with it. This post is going to review what I have been done and how I managed to install it in my home lab environment. It will not be alike a step by step installation tutorial since Symantec documents have explained details enough. It mostly high level lists all related steps. But I recorded my screen with what I have done and what kind of issues I have met , and how I resolved it. All are in those YouTube videos for future references, which will be helpful if you have same lab project for Symantec DLP products.

The Symantec Data Loss Prevention suite is designed to meets the needs of large enterprises, as well as small and medium-sized enterprises. The product covers a variety of areas, including endpoint data in use, network data in transit, and files and databases at rest. Symantec Data Loss Prevention addresses on-premises, mobile and cloud data and can be deployed on both physical servers — Windows Server, Red Hat Enterprise Linux and others — and cloud infrastructures, such as AWS.

1. Download Installation Files from Symantec File Connect

You will need a Serial Number to download all DLP related software from Symantec File Connect web site : https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken

After you log in, you can choose the product and version you want to install.

Symantec DLP 15.5 File Connect Download Page

Also, please read “Symantec Data Loss Prevention System Requirements and Compatibility Guide Version 15.5. Last updated 5 April 2019” to make sure you meet those prerequisites. Symantec_DLP_15.5_System_Requirements_Guide.pdf (819.4 KB)

2. Decide DLP Installation Tiers 

Symantec DLP Architecture  Overview



2.1 Singer Tier
To implement the single-tier installation, you install the database, the Enforce Server, and a detection server all on the same computer. Typically, this installation is implemented for testing purposes.

2.2 Two-Tier
To implement the two-tier installation, you install the Oracle database and the Enforce Server on the same computer. You then install detection servers on separate computers. Typically, this installation is implemented when an organization, or the group responsible for data loss prevention, does not have a separate database administration team.

2.3 Three-Tier
To implement the three-tier installation, you install the Oracle database, the Enforce Server, and a detection server on separate computers. Symantec recommends implementing the three-tier installation architecture as it enables your database administration team to control the database.

In my lab, I choose Two-Tier for my testing since it can distribute computer resources into different machines also make installation easier than three-tier.

3. Install Oracle DB
3.1 Install Oracle 12c SE2.
3.2 Create the Symantec Data Loss Prevention database.
3.3 Create the database listener.
3.4 Configure the local net service name.
3.5 Create the Symantec Data Loss Prevention database user.

4. Install Enforce Server
4.1 Installing the Java Runtime Environment on the Enforce Server
4.2 Installing an Enforce Server
4.3 Verifying an Enforce Server installation
4.4 Installing a new license file ( note: License will not restrict in those numbers you bought)
4.5 Importing a solution pack

5. Install Detection Servers
5.1 Installing the Java Runtime Environment on a detection server
5.2 Installing a detection server : Network Monitor, Network Discover, Network Prevent for Email, Network Prevent for Web, and the Endpoint Prevent and Endpoint Discover detection servers
5.3 Verifying a detection server installation
5.4 Registering a detection server

6. Install Endpoint DLP Agent
6.1 Downloading Endpoint DLP Agent

How Endpoint DLP works?

6.2 Unzip Agent to local folder
6.3 Run the DLP Agent installer batch file
6.4 Confirm that the agent is running

7. Configure Policy and Response Rule

8. Discovery

How Storage DLP works?

References:

Appendices:

Symantec ATP (EDR) Appliance 8880 Rear View

By Jonny

Leave a Reply