What information in the Symantec Data Loss Prevention database is encrypted?

Sensitive data contained within the original message, as well as the attachments and components, captured by the DLP Detection Servers are encrypted using industry standard AES with 256 bit keys. This encryption occurs at the time of capture, is securely transmitted to the Enforce database via TLS, and is stored in the same encrypted format (using AES-256).

All parts of an incident which can be treated as sensitive (the same information which has triggered the incident) are stored encrypted in the DLP database. That includes message contents (the original message, message components and cracked components), which are all encrypted at the point of incident creation.

In terms of incident components - that would be: list of matches, message body (if present), and file attachment (if present). 

Other encrypted information (encrypted by Enforce):

- Discover credentials
- Symantec user credentials (if local)
- Administration credentials
- Master rotating keys keystore

Other encrypted information (not by Enforce):

- all communication channels (enforce to detection servers, endpoint server to endpoints)
- all data persisted by agent on endpoint