惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
Recorded Future
Recorded Future
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The GitHub Blog
The GitHub Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
Y
Y Combinator Blog
N
News | PayPal Newsroom
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Help Net Security
Help Net Security
博客园 - Franky
SecWiki News
SecWiki News
Recent Announcements
Recent Announcements
T
Troy Hunt's Blog
The Register - Security
The Register - Security
The Last Watchdog
The Last Watchdog
Webroot Blog
Webroot Blog
S
Security Affairs
博客园 - 司徒正美
S
Schneier on Security
I
InfoQ
博客园_首页
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Threat Research - Cisco Blogs
Forbes - Security
Forbes - Security
腾讯CDC
N
Netflix TechBlog - Medium
N
News and Events Feed by Topic
Cloudbric
Cloudbric
T
The Exploit Database - CXSecurity.com
P
Proofpoint News Feed
A
About on SuperTechFans
Engineering at Meta
Engineering at Meta
Recent Commits to openclaw:main
Recent Commits to openclaw:main
B
Blog
V
Vulnerabilities – Threatpost
C
Check Point Blog
Google DeepMind News
Google DeepMind News
Google Online Security Blog
Google Online Security Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cisco Blogs
Schneier on Security
Schneier on Security
O
OpenAI News
K
Kaspersky official blog

SECURITY.COM

Daxin Returns: Stealthy Malware Resurfaces in Taiwan Alongside a New Backdoor The Detection Gap: MITRE ATT&CK T1140 and T1105 Humble Brag: Symantec® Data Center Security Achieves Common Criteria Certification GodDamn Ransomware: Latest Beast Rebrand Uses Malicious Driver to Disable Defenses Tips to Harden Your Air Gapped Environments The Visibility Challenge Nobody Asked For AV-TEST Gives Symantec® Endpoint Security Complete a Perfect Score The BYOVD Epidemic: How Attackers Are Weaponizing Trusted Windows Drivers to Kill Security 🎙️SECURITY.COM The Podcast: The Parasite in the Machine: Unmasking the Speagle Infostealer Backdoor.Mistic: New Backdoor May be Linked to Ransomware Access Broker 5 Reasons Symantec® CBX Delivers Total Endpoint Visibility 8 XDR Questions From the Show Floor Another Year, Another Win: SE Labs® Recognizes Symantec® Endpoint Security Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden Locking Down the Server 🎙️SECURITY.COM The Podcast: The Death of SIEM Threats Rise on a Tide of Global Unrest When Nation-States Stop Caring About Size Espionage Campaign Targeted Stock Exchange Executive for Five Months Data Security Is Having A Moment 5 Ways XDR Helps SOCs Act Faster 🎙️SECURITY.COM The Podcast: The Evolution of Cybersecurity PR with W2 Communications The Maximalism Trap: When More Becomes Too Much Symantec DLP Cloud and DPSM are the Power Couple Security Strategists Need Symantec DLP Cloud and DSPM are the Power Couple Security Strategists Need The Future of the Partnership: AI, Automation, and Ecosystems Fast16: Pre-Stuxnet Sabotage Tool Was Built to Subvert Nuclear Weapons Simulations 🎙️SECURITY.COM The Podcast: Iran’s Cyber Warfare Playbook: What Defenders Need to Know Right Now 5 Ways To Keep AI in Check Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign Doing More with Less: How Government Agencies are Rethinking Cybersecurity Navigating Compliance and Insurance as a Competitive Edge Is SIEM Trying to Do Too Much? Every Defender Deserves Frontier AI The New Partner-Vendor Relationship DLP Made Easier on the Teams Running It The EU Digital Wallet: Why Waiting is Not an Option Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft Stopping Data Leaks at the Speed of AI Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor How AI Increases the Load on Security Teams Web Traffic Visibility is the New Non-Negotiable The Agentic AI Tsunami is Here: Is Your Legacy IAM Sinking or Swimming? Technical Enablement vs. Marketing Noise Enterprise-Grade Security for All in 2026 Architecting for Margin Beyond the Initial Sale 🎙️SECURITY.COM The Podcast: A Brief History of Data Loss Prevention Symantec CBX Through the Paparazzi Lens The U.S. Navy’s Playbook for Cost-Controlled, Reliable Cybersecurity The Modern Threat Landscape and The Partner’s New Burden Symantec CBX Rocked RSAC 2026 Conference For Financial Services, a Wake-Up Call for Reclaiming IAM Control The Next Identity Shift Cyber Legends: Behind the Scenes of CBX Built for This Moment (and All Those to Come)
Your DLP Incident Backlog Owes You Closure
About the Author · 2026-06-25 · via SECURITY.COM
  • DLP incidents can outlive the data, policies, or conditions that first triggered them.
  • Automatic Remediation Tracking helps File System High Speed Discovery incidents reflect what is still relevant today.
  • Enable ART and get the incident closure your SOC deserves.

DLP is the detect-or-die friend of every SOC worth their salt. It’s that hypervigilant, head-on-a-swivel partner, monitoring sensitive data and exposing potential compliance violations that threaten its security. Without solid DLP, sensitive data would flow freely into unauthorized hands. 

In many cases, organizations devote a whole team of humans to ensure even the best DLP keeps running smoothly. Tasked with monitoring how many violations (DLP incidents) have been detected and resolved, this team works tirelessly to ensure compliance business processes are in place and enforcement stays consistent. 

But this model isn’t always sustainable, especially for smaller or resource-strapped SOCs. ART changes that.

It ain’t over till it’s over

We all love DLP (I’m wearing my “I Heart DLP” shirt right now), so what’s the problem? 

Well, DLP can have a hard time letting go of the past. Organizations of all sizes face DLP’s historic inability to identify if and when an incident has been resolved. Unchecked DLP risks dragging SOCs back to old issues when it’s time to move on. 

How does this communication issue happen? In many cases, organizations align their resources to resolve the DLP violation, however, before they can even get to it, the file may have been deleted, or the owner removed the sensitive content, leaving the DLP incident hanging there unresolved. In some cases, the policy was re-tuned such that the same file no longer violates the organization's current policies. But when the incident that was generated still exists it can keep sounding the alarm by indicating that the compliance issue is ongoing, even if the original exposure story is over.

Reconciling past and present policy is ART

This is where the Symantec® feature, Automatic Remediation Tracking (ART), comes in as the perfect pairing for hard-working DLP. The latest release of Network Discover High Speed Discovery masters the ART of resolution. This new feature of Symantec DLP’s High Speed Discovery helps organizations distinguish active violations from past incidents that the scan has already resolved. ART enables High Speed Discovery File System scans to make sure past incident reports stay up to date, without losing valuable intel on the reason behind the original red flag. 

ART steps in with a time-and-truth reckoning that reconciles past incidents, preserves valuable insights, and lets SOC live in the present and strategize for the future

  • When ART is enabled, it evaluates whether the offending incident is still an issue in the subsequent scan.
  • These scans can determine that a file is no longer in violation of the policy that created the earlier incident.
  • Best of all, ART records why the incident is now cleared, enabling informed triage, dashboards, and governance aligned with present-day policy reality.

ART is recursive, constantly re-evaluating items that have already generated DLP incidents when the target is scanned again. As long as ART is enabled, when teams re-run DLP scans, ART steps in with a relevance comparison that reflects the relevance of the file that generated the incident. When the re-scan concludes that the same file no longer violates the relevant policy, ART updates the incident with a clear remediation classification. This classification leaves a helpful explanation of why the incident can be put to rest, and closes the loop between “what we saw then” and “what the scan sees now.” 

How does Automatic Remediation Tracking work?

Let’s break it down with some commonly asked questions about the ART feature:

How does ART for DLP work?

ART is Powered by High Speed Discovery (HSD), a system built for fast, large-scale inspection of data at rest. ART adds an incident lifecycle dimension to HSD, asking key questions about what sensitive info was found and whether that info still needs attention after file and policies have changed. 

Can ART for DLP replace human decision-making? 

ART does not replace human judgment on every alert just yet. However, it is crucial to triage. ART enables closure of past incidents or policy violations, helping organizations stay focused on real and existing concerns.

What kind of DLP incidents can ART mark as closed?

  • Item No Longer Exists. The file that generated the incident cannot be observed in the repository anymore at the boundaries your scan understands. For example, the sensitive file was removed, deleted, or is no longer present for DLP to report. In these cases, ART can mark the violation’s subject as gone, so effort isn’t spent on a now-irrelevant incident.
  • Item Modified. The file is still present but its content or attributes have changed such that it no longer violates the DLP policy the way it did when the incident was created. ART ties that story to the incident so analysts see self-healing or owner action, not a frozen snapshot of an old match.
  • Policy Modified. The file is effectively unchanged from the scan’s point of view, but the DLP policy configuration changed (or was disabled) so the same content no longer violates policy. ART records the resolution as policy-side, which matters for audit narratives as it clearly distinguishes “data changed” and “rules changed” resolutions.

Why does Automatic Remediation Tracking matter for operations and compliance? 

It’s hard to overstate the value of ART as an enabled feature of Symantec DLP. ART reevaluates past incidents on an ongoing basis so that SOC teams don’t have to. ART equips teams with—

  • Triage that matches reality. ART makes a clear distinction between incidents that still represent a live match and those whose underlying story belongs in the past.
  • Metrics that reflect SOC success. ART makes the SOC look good by eliminating backlog inflation caused by an excess of stale incidents.
  • Complete and expedient incident analysis. ART tells the whole story—in terms humans can grasp. And it tells it quickly, so that humans don’t waste valuable time.
  • Evidence-backed governance. ART shows not only that something was once sensitive, but also indicates whether the item and policy story still supports urgent action, clarifying human priorities quickly.

Bring your team into its ART era

Automatic Remediation Tracking helps teams answer a question that every security program eventually faces, and too often: does this finding still deserve our attention? 

ART completes the picture for File system High Speed Discovery incidents—not only detection, but whether the situation still holds after items and policies change. As they change, this  helps teams determine whether an earlier incident still reflects today’s risk. 

High Speed Discovery is built for fast, large-scale inspection of data at rest; ART adds an incident lifecycle dimension to it, such as what sensitive info was found, and whether it still matters after items and policies change. As long as ART is enabled, when you re-run the scans, the relevance comparison becomes possible.

And it does it all on your terms. ART doesn’t add extra work to the SOC because it uses the same reporting and API surfaces teams already use for remediation-style incident attributes, so filtering, export, and automation don’t require a parallel model. SOCs rejoice!

ART is not enabled by default, but administrators can enable it with ease. Simply use the Advanced tab on the File System High Speed Discovery scan target. This extra “opt-in” step ensures the behavior is aligned with deliberate program design.

For step-by-step configuration, version-specific behavior, and REST API details, check out the technical documentation.

For teams yet to start their data security journey, reach out to your in-region expert for a demo.

You might also enjoy

Your DLP Incident Backlog Owes You Closure

Namrata Shiggaon

Namrata Shiggaon

Product Manager, Information Security

Abhishek Sardana

Abhishek Sardana

R&D Software Engineer, Information Security

Bishnu Chaturvedi

Bishnu Chaturvedi

Sr. Principal Software Engineer, Information Security