Symantec DLP has excellent content-aware detection capabilities, both on the endpoint and in the cloud, and this is a strength that cannot be overemphasized. It does not matter whether an application is using encryption or certificate pinning, because the DLP endpoint agent can comprehensively inspect the content before it is handed over to the application. It can monitor all activities and it knows the context and content of the file. Symantec DLP provides comprehensive coverage from a single control point. Without an endpoint presence to augment inspections, however, some options are unavailable to SASE. In SASE architectures a lot of that enforcement and scanning is performed in transit as data moves from one location to another. While Symantec technologies support this workflow, we also believe it’s important to have an option to perform deep content inspection of all network communications to capture, analyze and if necessary block sensitive content at network egress points. Discovery can happen in several ways, but cloud services that implement certificate pinning prevent that discovery from occurring while data is in transit.ĭLP enforcement often happens with data in motion-passing through a proxy or another network component, which sends it to DLP for scanning. No doubt the cloud is now the most important data loss vector. In past years, the rapid shift of enterprise apps from on-premises systems to cloud-based services has caused more sensitive data to become vulnerable to misplacement or accidental exposure by inexperienced cloud users.