What data does Symantec EDR send to Broadcom?
Article ID: 222309
Updated On:
Products
Issue/Introduction
You need to know about the type and extent of data leaving your organisation and what details may be sent to Broadcom.
Environment
EDR 4.5.0
Cause
Your company may have a policy on certain types of Data leaving it's perimeter and request the purposes of each rule when submitting change requests to the Firewall team.
Resolution
The data flow to Symantec servers is shown in the following diagram:
The breakdown of data directly to Symantec can be made as these headings:
1. Email
2. Reputation
3. Telemetry
4. Cynic submissions (US or UK)
5. Live Update
Note: SSO requests are no longer processed through any Symantec server since 4.5 - current versions of SEDR go directly to your IdP.
Data may be configured by you to go elsewhere other than Symantec servers.
Refer to Required firewall ports and note what you have opened and in which direction. Splunk/SIEMS, OAuth connectors are configured on the product to internal applications as set during configuration.
There is a large amount of normal telemetry on risks and files that are sent and checked. Most of these are file hashes and file based checking, or Cynic sandboxing, which would be expected as part of the product.
Telemetry data is device configuration and error data concerned with the ongoing support of the product.
You maybe able to utilize SEP's broad description of Telemetry data to compare to EDR:
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Using-policies-to-manage-security/telemetry-submissions-v118681007-d3870e480.html
Finally, in terms of a Data Processor under the GDPR, you can find our legal statements here:
https://www.broadcom.com/company/legal/privacy
This is the summary of all the data that Support has available to share. Additional queries should be made directly to your account team or local Sales Engineer.
Feedback
