Symantec Data Loss Prevention Review & Alternatives

Symantec Data Loss Prevention Review

Symantec Data Loss Prevention is a product of Broadcom, Inc. The package is part of the Symantec Enterprise Security product line that Broadcom bought from NortonLifeLock Inc (formerly Symantec Corporation) in 2019.

This system covers all endpoints connected to a network but is controlled by a central server. This is an on-premises package with an agent program installed on each protected endpoint to ensure continuity of service should the network go down.

Here is our list of the best alternatives to Symantec Data Loss Prevention:

  1. ManageEngine Endpoint DLP Plus (FREE TRIAL) This package provides discovery, classification, protection, and analysis for sensitive data management, including scanning and controls for data movement channels. Runs on Windows Server. Get a 30-day free trial.
  2. Endpoint Protector This insider threat protection system operates as a data loss prevention service. It controls all exit points for data and includes a sensitive data management module for data privacy standards compliance. This is a cloud service with agents for Windows, macOS, and Linux.
  3. Digital Guardian DLP This cloud platform includes modules for endpoint and network monitoring to prevent data leaks. It controls network activity, attachments to email, USB ports, and printers to block data exfiltration. Installs agents for Windows, macOS, and Linux.
  4. Teramind DLP This cloud package performs user activity monitoring and insider threat assessment as part of its data loss prevention strategy.
  5. Azure Information Protector, This service on the Azure platform can discover and classify sensitive data and monitor and control its access.

What does Symantec Data Loss Prevention do?

There are many types of system security software. While most cybersecurity software focuses on entry points into the system and tries to block malware or intruders from getting in, Data loss prevention (DLP) systems watch data stores within a system and monitor how that data is accessed or moved.

Symantec DLP is a package of specialized tools. Each module focuses on a specific task to prevent data misuse or disclosure. A coordinating server gathers activity reports from those modules and updates each piece of software to ensure that they can identify the latest attack strategies.

The modules on Symantec Data Loss Prevention are defined in three categories:

  • Discover
  • Monitor
  • Protect

These modules have adapted versions for different types of resources. This results in a matrix of services. These adaptions watch over:

  • Endpoints
  • Cloud services
  • Networks
  • Storage devices

Thus, there is a Discover module for endpoints, one for cloud services, and so on.


The Discover modules of Symantec Data Loss Prevention identify all existing locations of data. This service is continuous, so if you install a new application that generates its own data stores that weren’t present during the initial system sweep, the Discover process will enroll those locations in the monitoring service. The storage version of the system looks at file server systems and also databases. Cloud resources discovery includes storage services and cloud apps and services, such as Microsoft 365 and Gmail. As networks don’t engage directly in data storage, there isn’t a Discover version for them.


Symantec Data Loss Prevention monitors networks. This monitor looks at data in motion rather than data stores. It mainly focuses on those applications involved in data transfers: FTP, email, Web, and chat apps. Endpoint monitoring looks at removable storage connection slots and fax and printer activity. It also examines activity in Web browsers and drive mounting systems, such as cloud syncing services. Monitoring for storage and cloud services watches file movements in and out of those locations.


The Protect modules provide a significant part of Symantec DLP’s activities. This relies on the settings that you create in the central server’s dashboard. First, you need to create security policies that dictate how data is going to be protected. According to those policies, the DLP system will encrypt files so that access can be controlled. The system also scans user activities to watch for actions outside of that user’s regular activity. For example, these actions would indicate an account takeover.

The Symantec service’s control can block specific files from being copied onto removable storage, printed, or sent by fax. The service will also scan email attachments to ensure that these are not restricted files.

Symantec Data Loss Prevention system requirements

The central server of Symantec Data Loss Prevention installs on:

  • Microsoft Windows Server 2008 Standard and Enterprise
  • Microsoft Windows Server 2012 Standard, Enterprise, and Data Center
  • Red Hat Enterprise Linux 6.7 through 7.3
  • VMware ESX 5.x and later (except for the Network Monitor module)
  • Endpoint agents are available for:
  • Microsoft Windows 7 Enterprise, Professional and Ultimate
  • Microsoft Windows 8.1 Enterprise and Professional
  • Microsoft Windows Server 2008
  • MacOS 10.10, 10.11, 10.12
  • Microsoft Hyper-V Server
  • VMware Workstation 6.5.x
  • VMware View 4.6, VMware Horizon 6.0.1, 6.2.1 and 7.1
  • Citrix XenApp 6.5, 7.6, 7.9, 7.11, 7.12
  • Citrix XenDesktop 7.6, 7.9, 7.12, 7.14

Symantec Data Loss Prevention Pros and Cons

When deciding on whether to choose Symantec Data Loss Prevention, these points should be considered:


  • Controls all possible exit points for data
  • Flexible security service according to policies
  • User behavior tracking to spot account takeover
  • A centralized console for activity reports
  • The ability to reach out to cloud services as well as on-site resources


  • Needs updating for the latest versions of Windows and Windows Server
  • No sensitive data categorization

Alternatives to Symantec Data Loss Prevention

As you can see from the system requirements, Symantec Data Loss Prevention isn’t available for Windows Server 2019, and there are no endpoint agents for Windows 10 or any type of Linux. Unfortunately, this is a problem, and so, if you have discovered that this package isn’t suitable for your system, you need to know about other data loss prevention systems.

What should you look for in a Symantec Data Loss Prevention alternative?

We reviewed the market for data loss prevention systems and analyzed the options based on the following criteria:

  • The option to run the central server for DLP on the cloud
  • Endpoint agents for Windows, macOS, and Linux
  • Nice to have a sensitive data categorization service for PII management
  • Suitability for compliance with the significant data privacy standards
  • Nice to have a bundle that includes a range of other security services
  • A free trial or a demo to allow a no-cost assessment
  • A fair price that reflects value for money given the benefits that the package provides

Data loss prevention is a significant field of cybersecurity at the moment because of the legal requirements surrounding the protection of personally identifiable information (PII).

You can read more about each of these options in the following sections.

1. ManageEngine Endpoint DLP Plus (FREE TRIAL)

ManageEngine Endpoint DLP Plus

ManageEngine Endpoint DLP Plus is a sensitive data management package that is able to scan all endpoints on a network and discover instances of sensitive data. The process also classifies the discovered data instances. The service can tailor its searches to specific types of data, such as credit card information.

Key Features:

  • Tailored to data protection standards
  • User behavior tracking
  • Defines trusted applications
  • Data containerization
  • USB device control

The system builds a container around discovered data files and only allows access to trusted applications. You need to set up a list of trusted software and then enforce access rights in those applications. This creates a requirement to then enforce strong credentials management, such as password security policy enforcement. That function requires a separate security tool.

The package controls USB ports and applies four levels of security to each port. These range from allowing all devices but log activity through to blocking. One of the permission levels blocks all devices but allows users to request specific devices to be allowed.

The tool also tracks file transfer systems, emails, and cloud uploads to detect data movements. The email scanner only works with Outlook. This tool lets you allow the movement of data by email within the company. Outgoing emails can be controlled according to your policies. These will allow specific users to send data, block all sensitive data movements, or allow all transfers but log activity when sensitive data is detected.


  • Provides a flexibility of controls rather than just an outright block
  • Builds access controls on those built into trusted applications
  • Generates activity logs for security analysis
  • Builds logs for compliance auditing


  • Doesn’t include an access rights manager

The Endpoint DLP Plus system is a software package for Windows Server. There is a Free edition available that will control data on 25 endpoints. The paid version is called the Professional edition and you can get it on a 30-day free trial.

ManageEngine Endpoint DLP Plus Start a 30-day FREE Trial

2. Endpoint Protector

Endpoint Protector Content Aware Protection Policies

Endpoint Protector is a distributed security service that includes a central server module and on-device agents. This combination enables data protection on each endpoint to continue even when that device is disconnected from the network. The service can control data events on any site and also on the cloud.

The central controller gathers activity reports from endpoints agents and updates their monitoring and control systems according to the security policies that you set up on the central console. The controller also audits your access rights management system to recommend fine-tuning of permissions and user groups.

The protection system includes a sensitive data discovery service. This operates continuously, and it identifies all location of data that needs to be protected. The tool also categorizes the sensitivity of each data instance. In the console, you set up how the protection of each sensitivity classification should be managed. These policies can be applied by selecting a template from a library. File access protection can be enforced by using encryption.

The endpoint agents can then implement the combination of policies. Those agents also profile each user account and identify a pattern of normal behavior. For example, deviations from this standard could indicate account takeover. Asa well as examining activities on files and databases, the agents control USB devices, printers, and email clients.

Endpoint Protector is a great pick for a Symantec DLP alternative because it includes protection for data on multiple sites and cloud platforms. The service is flexible in that you can choose whether to host it on one of your servers as a virtual appliance or take out a subscription to the tool either as a service from the marketplace of a cloud platform or as a SaaS account with CoSoSys, the providers of Endpoint Protector.


  • Performs sensitive data discovery and classification for PII protection
  • Controls all exit points for data, including printers, emails, and USB ports
  • Monitors network traffic to block the transfer of data
  • Improves access rights management
  • Uses encryption to enforce the protection of sensitive files at rest and in motion
  • Allows variable controls according to user department and role
  • Spots account takeover by monitoring user activity


  • It would be nice to have an anti-malware system included

Endpoint Protector is offered as a hosted SaaS platform and available as a service on AWS, GCP, and Azure. Alternatively, you can install the software package on-site over a VM. There are endpoint agents for Windows, macOS, and Linux. In addition, you can get access to a demo to assess Endpoint Protector free of charge.

3. Digital Guardian DLP

Digital Guardian Endpoint DLP

Digital Guardian DLP is a cloud platform that offers a package of modules to implement endpoint data loss protection and network monitoring to control the transfer of data outside of your system. On-site activity is monitored by endpoint agents, which are available for Windows, macOS, and Linux. These agents also perform network monitoring.

The central service gets your system in shape by assessing and reorganizing the user accounts and permissions in your access rights management system. You also need to set up security policies that dictate which types of users can perform actions on which data classification. Next, the service sweeps all of your devices and services, looking for data stores, and classifies each item that it finds by sensitivity ranking.

The endpoint agents do all of the work of the DLP system by monitoring user activity and tracking down data stores. This system doesn’t just focus on PII; it also identifies intellectual property that needs to be protected. In addition, the service monitors activity on exit points for data, such as USB ports, printers, and emails, and it can control the types of actions that specific user accounts can perform on files.

As well as protecting data, this service constantly monitors system activity, looking for threats. You can try the platform through a demo account.


  • Managed from the cloud but active on devices running Windows, Linux, and macOS
  • Controls file access permissions
  • Watches over exit points for data


  • The price is not published

4. Teramind DLP


Teramind DLP is a cloud-based service that requires an agent to be installed on your site. This agent then scours your system for instances for data, and it then classifies them by sensitivity ranking. It is even able to scan document images and PDFs with OCR. This service is suitable for businesses that must comply with GDPR, HIPAA, ISO 27001, and PCI DSS.

Teramind can be tailored for different industries. The type of data that you need to protect depends on which sector your business operates in. The adjustments occur when setting security policies, which can be organized by selecting templates from the Teramind DLP library. The discovery and classification service is ongoing, not a one-off process.

Rather than just looking a data exit points, the Teramind system tracks user activity concerning data stores. This spots insider threats and account takeover as well as intruder activity. Data locations aren’t just files and databases. Teramind DLP also watches over the system clipboard and other temporary stores.

Other services in the Teramind dashboard include a Risk Assessor and data analysis features. In addition, you can assess the Teramind DLP system with a 14-day free trial.


  • Adaptable behavior for different types of data
  • Offers threat detection as well as data protection
  • Suitable for data privacy standards compliance


  • It offers a lot of functions to learn in one package

5. Azure Information Protection

Azure Information Protection

Azure Information Protector is available on the Azure platform. However, it doesn’t just protect data help on Azure servers. You can use the service to monitor all of your data stores on your site and other cloud platforms, even if you don’t hold any data on Azure servers.

As with most data loss prevention systems, this service is based on the security policies you set. It can also interact with your on-site access rights manager. If you don’t have one set up already, you could take out a subscription to Azure Active Directory.

The service scans your system for data and grades each instance by sensitivity. According to your security policies, this starts the data protection service with different degrees of protection for other data instances. In addition, the system can track copies of files by placing an identifier in metadata and watermark electronic documents.


  • Discovery and classification of sensitive data
  • Document watermarking and copy tracking, and access blocking
  • File transfer and printing controls


  • No activity monitoring for general system security

Leave a Reply