DLP Support training by Philipp Hiestand, with NV, AM, CG
It's all about support the DLP solution at BEKB.
Symantec DLP is a suite of 3 produce (Endpoint, Network, Storage)
Monitor part only monitors, Prevent part can prevent actions (prevent sending mail, file on storage delete or encrypt)
OS based agent for endpoint (Windows, Linux) with local Endpoint Manager (Policies etc.).
Network part includes mail and Proxy, storage part databases and files.
Policy is a policy that tells where to look for what (e.g. RegEx in mail or storage).
Dinotronic only implements and defining policies, performing scans, etc. But for example Integration into a customer's ticket system starts via Silicon Mountains Because contractual penalties have also been agreed in some cases, the company E3. such projects often via Silicon Mountains (another legal entity).
On DTSECLAB003 is a Demo environment with Endpoint Manager on it.
Under Incidents you see the Incidents.
At BEKB a lot is done with RegEx these sometimes slow down the sending of mails; in many cases it is possible to the mail will not be scanned completely; however, BEKB follows an Open Policy which does not prevent the transmission in such cases.
Most problems and topics are listed in the DLP Administration Guide (Symantec).
Key solutions in the Freshdesk under "Customers with a maintenance contract - Berner Kantonalbank".
Business incidents are handled by the BEKB itself.
System Alerts arrive at BEKB our helpdesk.
Priska Schumacher always in the loop hold.
Access via RDManager, Berner Kantonalbank: to view incidents go to the Enforce Server, PWs in the Safe under BEKB (DLP GUI Dinotronic Support, the URL is also stored there; Support User sees only Policies but no Incidents).
The expectation is that we will be on system Alerts, restart services (Vontu) and servers if necessary (previously always inform Mrs. Schumacher that DLP has a short interruption but the mails will still go out). If unsolvable, call Symantec Support (via DF, Support ID in Y with BEKB under licenses) or if necessary to E3 (via DF).
Often the detection Timeout, because simply inform Mrs. Schumacher that we have closed this since yes known.