search cancel

What is encrypted in the Symantec DLP database?

book

Article ID: 159707

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention Endpoint Discover Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Suite

Issue/Introduction

What information in the Symantec Data Loss Prevention database is encrypted?

 

Resolution

Sensitive data contained within the original message, as well as the attachments and components, captured by the DLP Detection Servers are encrypted using industry standard AES with 256 bit keys. This encryption occurs at the time of capture, is securely transmitted to the Enforce database, and is stored in the same encrypted format. 

All parts of an incident which can be treated as sensitive (the same information which has triggered the incident) are stored encrypted in the DLP database. That includes message contents (the original message, message components and cracked components), which are all encrypted at the point of incident creation.

In terms of incident components - that would be: list of matches, message body (if present), and file attachment (if present). 

Other encrypted information (encrypted by Enforce):

- Discover credentials
- Symantec user credentials (if local)
- Administration credentials
- Master rotating keys keystore

Other encrypted information (not by Enforce):

- all communication channels (enforce to detection servers, endpoint server to endpoints)
- all data persisted by agent on endpoint