In 2026, the question isn’t whether organizations need data security—but what data security tools should actually do to reduce risk without slowing the business. With sensitive data spread across cloud platforms, endpoints, SaaS applications, collaboration tools, and AI workflows, traditional perimeter‑based controls are no longer sufficient.
At a minimum, modern data security tools must discover sensitive data, govern how it’s accessed and shared, prevent data loss, and enable faster response to risky behavior across the data lifecycle.
As a result, many organizations now start with integrated, cloud‑first platforms like Microsoft Purview, while also comparing them against purpose‑built enterprise DLP solutions such as Symantec DLP by Broadcom for broader or deeper coverage needs.
Microsoft Purview and Symantec DLP by Broadcom are both mature data loss prevention platforms, but they are designed for very different enterprise operating models. Understanding these differences is critical for choosing the right approach to data protection.
| Microsoft Purview | Broadcom |
|
|
Before any data protection tool and process is put in place, executives, IT, and business units must agree on a data classification and acceptable use policy. These will serve as the written foundation any tool will seek to automate. After all, a DLP’s purpose is to change people’s behavior and lower the overall organizational risk of data loss.
The first step in building a great data protection program is to identify the sensitive data that needs to be protected. That includes the location, format, and content itself. Here’s where you can find your data within Microsoft Purview or Symantec.
Data at rest is information that is not being accessed, used, or moved from device to device or network to network. This could include any data stored on a hard drive, laptop, or flash drive or archived in another way.
Microsoft Purview and Broadcom each offer different levels for viewing and knowing your data:
| Microsoft Purview (E5) | Broadcom: Can see everything on the left, plus the following: |
| Network servers (CIFS, SMB), on-premises | Linux shares (NFS, SSHFS) |
| On-premises SQL Server and SharePoint | SQL databases (Oracle, MySQL, etc.) |
| SharePoint Online/OneDrive | Cloud storage scanned by API (Securlets): GCP Suite, AWS, Azure, Box, Salesforce, ServiceNow |
| Teams chat and channel messages | Local storage of machines with the Endpoint DLP agent running |
Data in motion—also known as data in transit—is data that is actively moving from one location to another. For example, it could be traveling from network to network or to a cloud storage device. This data is often considered less secure than data at rest.
Here’s how Microsoft Purview and Broadcom provide extra data protection for data in motion:
| Microsoft Purview (E5) | Broadocm |
| Purview DLP on Exchange Online | Email security through the cloud or through Email Prevent for on-premises infrastructure |
| Protected at the endpoint but not at the network level | Web Security Service or ProxySG |
| Web traffic to specific destinations (Microsoft Defender for Cloud Apps) | CloudSOC gatelets |
| Power BI |
Endpoint DLP extends the monitoring and protection capabilities of DLP to sensitive items that are physically stored on devices. Here are the features provided by Microsoft in comparison to Broadcom:
| Microsoft Purview (E5) | Broadcom |
| Same agent acting for network protection and DLP | Different agents acting for network protection and DLP |
| Windows 10/11, Server, and MacOS | Windows 10/11, Server, MacOS, and Linux |
| Scan local drive(s) on Windows, Mac, and Linux |
DLP systems can also enable you to audit and manage user activities on sensitive endpoint items. Here’s how these two systems compare when it comes to endpoint monitoring:
| Activity | Windows 10/11 | macOS (3-4 latest) |
| Upload to cloud service or access by Edge, Chrome*, and Firefox* | Supported | Supported |
| Upload to cloud service, or access by Safari | Symantec only | Symantec only |
| Copy to another app | Supported | Supported |
| Copy to USB removable media | Supported | Supported |
| Copy to CD/DVD | Symantec only | Not supported |
| Copy to local drive | Symantec only | Not supported |
| Copy to a network share | Supported | Supported |
| Copy network share to local drive | Symantec only | Not supported |
| Print a document | Supported | Supported |
| Copy to a remote session | Supported | Not supported |
| Copy to a Bluetooth device | Supported | Supported (preview) |
| Create an item | Supported | Supported |
| Rename an item | Supported | Supported |
| Copy to clipboard | Supported | Supported |
| Access by unallowed apps | Supported | Supported |
| Location-based monitoring | Symantec only | Symantec only |
| Application file access | Supported | Supported |
| Cloud storage | Supported | Supported |
| Outlook | Supported | Supported |
| Lotus Notes | Symantec only | N/A |
Optical character recognition (OCR) allows you to extract text from images like posters, product labels, articles, reports, and more – including materials you create through services that help you print posters. Microsoft Purview and Broadcom support the following file types for text extraction, with Broadcom specifically supporting over 100 file types:
| Microsoft Purview (E5) | Broadcom |
| MS Access, Email, HTML, Excel, OneNote, PowerPoint, Project, Publisher, Visio, Word, Open Document, JSON, TXT, PDF, WordPerfect, and OCR supported images | Encapsulated files like Zip, Jar, Gzip, 7-Zip, Tar, cpio, PGP, Pkzip, Rar, SMTP document, and Winzip |
| No subfile extraction support | Offers subfile extraction, such as ZIP, RAR, and TAR (e.g., Zip within a Zip) |
| Supports Zip, 7-Zip, Tar, and Rar (1 level) | Can scan local drive(s) on Windows, Mac, and Linux |
On top of the capabilities we’ve already discussed, a DLP also offers data-detection features that make it easier to know the ins and outs of your data. When your organization knows what data you have and how it’s used, you can identify unauthorized access and protect data from misuse.
| Microsoft Purview (E5) | Broadcom |
| Keywords, RegEx, sender, recipients | Encapsulated files like Zip, Jar, Gzip, 7-Zip, Tar, cpio, PGP, Pkzip, Rar, SMTP document, and WinzipKeywords, RegEx, sender, recipients, file properties |
| Sensitive Info Type (SIT) | Data Identifier |
| Exact Data Match (EDM) Classifier | Exact Match Data Identifier (EMDI) |
| Does not offer Exact Data Match (EDM) index | Exact Data Match (EDM) index |
| Trainable classifiers | Vector Machine Learning (VML) |
| Does not offer Indexed Document Match (IDM) | Indexed Document Match (IDM) |
| Fingerprint-based SIT | Form recognition |
| Pay-as-you-go Optical Character Recognition (OCR) | Optical Character Recognition (OCR) |
| Insider risk management user risk scores (not available in other areas) | User risk score |
| Does not offer custom file types and custom content extraction | Custom file types and custom content extraction |
Now that we’ve compared Microsoft Purview and Symantec DLP by Broadcom Software, the next step is determining which approach best aligns with your organization’s data security needs. Rather than starting with features alone, organizations should first clarify:
In practice, the decision often comes down to the following considerations:
Optical Character Recognition (OCR):
OCR is essential for organizations that manage large volumes of scanned documents, images, or PDFs containing sensitive information.
Microsoft Purview offers OCR as a consumption‑based service, charging per item or page scanned. This model works well for cloud‑first organizations that want minimal infrastructure overhead and predictable operations, especially when OCR volumes are moderate or variable.
Symantec DLP does not charge per scan for OCR, but requires customers to provision and manage the supporting infrastructure. For organizations with consistently high OCR volumes—such as those processing scanned records or faxes at scale—this trade‑off may be worthwhile. Its OCR engine is mature and performs reliably even with skewed or low‑quality images.
Policy Agility and Management:
How quickly policies can be edited, tested, and enforced directly affects both risk exposure and operational efficiency.
Microsoft Purview emphasizes centralized, cloud‑managed policy administration that integrates tightly with Microsoft 365. While policy propagation may take longer in some scenarios, this approach reduces infrastructure management and simplifies governance across users, endpoints, and collaboration tools.
Symantec DLP is designed for environments that require near‑real‑time policy updates across network, endpoint, and storage controls. This flexibility can significantly reduce exposure windows but typically requires dedicated infrastructure and experienced teams to operate effectively.
For organizations heavily invested in Microsoft 365 and looking for faster time‑to‑value with lower operational complexity, Microsoft Purview is often the natural starting point.
Symantec DLP by Broadcom remains a strong option for large enterprises with complex, multi‑platform environments and advanced data protection requirements—particularly where deep network‑level DLP is essential.
No matter the choice, implementing a reliable and measurable data protection program is vital to any organization. ProArch can guide your organization through data loss protection implementation and ongoing management whether you’re deploying Purview from scratch, migrating from Symantec, or need help governing AI tools like Copilot.
ProArch’s Data Security Foundation starts with a one-month engagement to establish governance, classification, and retention policies on Microsoft Purview — followed by an Accelerator to deploy protection across Microsoft 365 and AI workloads.
Explore ProArch’s Data Security Services (Built on Microsoft Purview)
Not sure if you need Purview? Read: When Do You Need Microsoft Purview? 5 Key Signs.