Symantec 1

Symantec plans to have an updated version of its data-loss prevention suite out by mid-2011 that will add advanced machine-learning capability to simplify data classification and keyword definitions of documents to ease administrative chores associated with properly setting up DLP controls.

Symantec DLP v. 11 will include what's called "vector machine learning," described as a machine-based learning method to examine documents and classify and remember them, knowing where the documents may be held electronically in a variety of places. The science of vector machine learning is used in other industries for knowledge-based analysis of content and Symantec says it developed its own version for use in DLP classifications about data expected to be protected as confidential or sensitive.

"This takes the administration out of generating keywords," says Rich Dandliker, Symantec director of product management. Symantec DLP v.11 is expected to simplify DLP set-up by establishing profiles of documents fed into it, understanding similarities in documents after they undergo changes, and establishing data classifications regarding sensitivity, providing feedback on choices.

The technology helps appropriate DLP detection and blocking to occur even as a document undergoes some changes. This is expected to help reduce DLP-related false positives.

In addition to the vector-machine learning capability, DLP v.11 will also add a way to do risk scoring concerning confidential data throughout the organisation. Sometimes there are "hot spots" revealing a concentration of exposed confidential data, Dandliker says. "With v. 11, you'll very quickly be able to find where the risks are," he says, noting some corrective measures might involve simply changing access controls.

A third new capability in DLP v. 11 is expected to be a so-called "data-owner remediation" feature that allows the IT group to provide notification to data owners to fix their exposed sensitive data.

"This builds on what we've done with Data Insight in v.10.5," Dandliker says. "Sometimes it's difficult to find out who the data owner is."

DLP v.11 will provide a clear look at the history of who is accessing files and will track the assets in terms of where they're stored. The idea is to make sure data-loss prevention is the goal not only of the IT department armed with a DLP tool to catch and block unauthorized transition of sensitive information, but to make sure the business management side is kept informed about what's going on and takes appropriate steps on that end.

Symantec DLP v.11, expected to ship the first half of 2011.