Organizations are creating and managing an overwhelming amount of data that has only increased exponentially in recent years. And on top of managing it, it has become vital for organizations to keep data control and management at the top of their minds. Safeguarding data is essential to satisfying privacy and compliance regulations—not to mention protecting their reputations.
For these reasons, leaders must balance data accessibility that helps them drive business growth while only keeping the data that they need—all while making sure that it is secure.
Of the several data loss prevention (DLP) tools on the market, two stand out:
- Symantec by Broadcom Software: This was the first DLP Created by Vontu in 2000, it was later acquired by Symantec in 2007, then by Broadcom in 2019.
- Microsoft Purview: Microsoft launched Security and Compliance Center for Office 365 in 2017. Today, this is known as Microsoft Purview.
Each system has its strengths and weaknesses. In this blog, we’ll explore what each can do, the differences between them, how to set yourself up for success, and how you can make a decision about which is the right choice for your organization.
Microsoft Purview vs. Symantec by Broadcom
Microsoft Purview and Symantec by Broadcom Software are two prominent DLP solutions that provide powerful data governance and cybersecurity capabilities. Here’s a breakdown of each solution’s strengths, requirements, and costs.
| Microsoft Purview | Broadcom |
| Great for organizations of less than 7,500 people that are using Microsoft 365 | Great for organizations of more than 5,000 people |
|
|
| Microsoft 365 E5 is required for DLP with EDM and auto-applied sensitivity labels. | Microsoft E3 or E5 can be used to include sensitivity labels. |
| $55/user/month for E5 | $75/user/year for DLP Core, plus hardware and staff to operate it |
Where to Find Your Data
Before any data protection tool and process is put in place, executives, IT, and business units must agree on a data classification and acceptable use policy. These will serve as the written foundation any tool will seek to automate. After all, a DLP’s purpose is to change people’s behavior and lower the overall organizational risk of data loss.
The first step in building a great data protection program is to identify the sensitive data that needs to be protected. That includes the location, format, and content itself. Here’s where you can find your data within Microsoft Purview or Symantec.
Data at Rest (DAR)
Data at rest is information that is not being accessed, used, or moved from device to device or network to network. This could include any data stored on a hard drive, laptop, or flash drive or archived in another way.
Microsoft Purview and Broadcom each offer different levels for viewing and knowing your data:
| Microsoft Purview (E5) |
Broadcom: Can see everything on the left, plus the following:
|
| Network servers (CIFS, SMB), on-premises | Linux shares (NFS, SSHFS) |
|
On-premises SQL Server and SharePoint |
SQL databases (Oracle, MySQL, etc.) |
| SharePoint Online/OneDrive |
Cloud storage scanned by API (Securlets): GCP Suite, AWS, Azure, Box, Salesforce, ServiceNow |
|
Teams chat and channel messages |
Local storage of machines with the Endpoint DLP agent running |
Data In Motion (DIM)
Data in motion—also known as data in transit—is data that is actively moving from one location to another. For example, it could be traveling from network to network or to a cloud storage device. This data is often considered less secure than data at rest.
Here’s how Microsoft Purview and Broadcom provide extra data protection for data in motion:
| Microsoft Purview (E5) |
Broadocm |
| Purview DLP on Exchange Online | Email security through the cloud or through Email Prevent for on-premises infrastructure |
|
Protected at the endpoint but not at the network level |
Web Security Service or ProxySG |
| Web traffic to specific destinations (Microsoft Defender for Cloud Apps) |
CloudSOC gatelets |
|
Power BI |
Endpoint DLP
Endpoint DLP extends the monitoring and protection capabilities of DLP to sensitive items that are physically stored on devices. Here are the features provided by Microsoft in comparison to Broadcom:
| Microsoft Purview (E5) |
Broadcom |
| Same agent acting for network protection and DLP | Different agents acting for network protection and DLP |
|
Windows 10/11, Server, and MacOS |
Windows 10/11, Server, MacOS, and Linux |
|
Scan local drive(s) on Windows, Mac, and Linux |
Locations on the Endpoint for Inspection and Action
DLP systems can also enable you to audit and manage user activities on sensitive endpoint items. Here’s how these two systems compare when it comes to endpoint monitoring:
|
Activity |
Windows 10/11 |
macOS (3-4 latest) |
|
Upload to cloud service or access by Edge, Chrome*, and Firefox* |
Supported |
Supported |
|
Upload to cloud service, or access by Safari |
Symantec only |
Symantec only |
|
Copy to another app |
Supported |
Supported |
|
Copy to USB removable media |
Supported |
Supported |
|
Copy to CD/DVD |
Symantec only |
Not supported |
|
Copy to local drive |
Symantec only |
Not supported |
|
Copy to a network share |
Supported |
Supported |
|
Copy network share to local drive |
Symantec only |
Not supported |
|
Print a document |
Supported |
Supported |
|
Copy to a remote session |
Supported |
Not supported |
|
Copy to a Bluetooth device |
Supported |
Supported (preview) |
|
Create an item |
Supported |
Supported |
|
Rename an item |
Supported |
Supported |
|
Copy to clipboard |
Supported |
Supported |
|
Access by unallowed apps |
Supported |
Supported |
|
Location-based monitoring |
Symantec only |
Symantec only |
|
Application file access |
Supported |
Supported |
|
Cloud storage |
Supported |
Supported |
|
Outlook |
Supported |
Supported |
|
Lotus Notes |
Symantec only |
N/A |
Text Extraction for Viewable Files
Optical character recognition (OCR) allows you to extract text from images like posters, product labels, articles, reports, and more. Microsoft Purview and Broadcom support the following file types for text extraction, with Broadcom specifically supporting over 100 file types:
| Microsoft Purview (E5) |
Broadcom |
| MS Access, Email, HTML, Excel, OneNote, PowerPoint, Project, Publisher, Visio, Word, Open Document, JSON, TXT, PDF, WordPerfect, and OCR supported images | Encapsulated files like Zip, Jar, Gzip, 7-Zip, Tar, cpio, PGP, Pkzip, Rar, SMTP document, and Winzip |
|
No subfile extraction support |
Offers subfile extraction, such as ZIP, RAR, and TAR (e.g., Zip within a Zip) |
| Supports Zip, 7-Zip, Tar, and Rar (1 level) |
Can scan local drive(s) on Windows, Mac, and Linux |
Data Detection
On top of the capabilities we’ve already discussed, a DLP also offers data-detection features that make it easier to know the ins and outs of your data. When your organization knows what data you have and how it’s used, you can identify unauthorized access and protect data from misuse.
| Microsoft Purview (E5) |
Broadcom |
| Keywords, RegEx, sender, recipients | Encapsulated files like Zip, Jar, Gzip, 7-Zip, Tar, cpio, PGP, Pkzip, Rar, SMTP document, and WinzipKeywords, RegEx, sender, recipients, file properties |
|
Sensitive Info Type (SIT) |
Data Identifier |
| Exact Data Match (EDM) Classifier |
Exact Match Data Identifier (EMDI) |
| Does not offer Exact Data Match (EDM) index |
Exact Data Match (EDM) index |
| Trainable classifiers |
Vector Machine Learning (VML) |
| Does not offer Indexed Document Match (IDM) |
Indexed Document Match (IDM) |
| Fingerprint-based SIT |
Form recognition |
| Pay-as-you-go Optical Character Recognition (OCR) |
Optical Character Recognition (OCR) |
| Insider risk management user risk scores (not available in other areas) |
User risk score |
| Does not offer custom file types and custom content extraction |
Custom file types and custom content extraction |
How to Choose the Right DLP for Your Organization
Now that we’ve broken down the basic differences between Microsoft Purview and Symantec by Broadcom Software, we’re ready to discuss how to choose the right tool for your organization’s data security needs. Before you select the right tool, identify your primary goals, budget, and desired outcomes. Then you can make a well-informed decision. Here are two considerations to keep in mind.
OCR
First, we recommend considering your optical character resolution (OCR) needs. If your organization has many images that need to be inspected, this is a priority you’ll want to invest in. When it comes to OCR, Microsoft charges $1 per 1,000 items scanned. This means that stand-alone images (JPEG, JPG, PNG, BMP, or TIFF) each count as a single transaction. It also means that each page in a PDF file is charged separately. Because OCR is CPU-intensive and Purview is SaaS, this is not unreasonable.
In comparison, while Symantec does not have this incremental cost, they don’t provide the hardware either. If an organization has many faxes or other images to scan, this should be a consideration. However, its OCR is on its second iteration and is very reliable and accurate even when the image is skewed.
Policy Updates and Editing
Another thing to consider is how easy it is to edit a policy. For example, editing a policy is more difficult in Purview because it may stop saving midway due to name collisions of rules; on the other hand, in Symantec, names are just labels and not intrinsic to the structure of the policy.
Similarly, Symantec policies update within a few seconds (server) to a few minutes (endpoint), whereas Purview can take hours or days. This leaves the customer exposed longer and greatly expands policy tuning time. In Purview, an EDM can only be updated in the command line of a permitted workstation or VM five times per day as of July 2023. Prior to that, it was once every 12 hours.
Overall, if your organization can justify the cost of servers and the staff to operate them, then Broadcom is a great choice. However, Microsoft also offers a solid product that has gained in features and functionality over the last few years. Purview can work especially well for those already invested in the Microsoft cloud.
Relying on a DLP Partner
No matter the choice, implementing a reliable and measurable data protection program is vital to any organization. ProArch can guide your organization through data loss protection implementation and on-going management.
Are you ready to dive into your data protection program with a top Microsoft partner that will go above and beyond for your organization? Learn more about ProArch today.