Above: Farouk Al-Shorafa (Broadcom) and Bob Schwartz (RMT) discuss the pairing of Automic and DLP.
Data Loss Prevention (DLP) from Broadcom’s Symantec division spots the leaks. The trouble starts right after that, when the humans get handed the mop.
Let’s be honest, most teams still juggle monitoring, alerts, tickets, evidence collection, email quarantines, and a constant drizzle of policy tweaks. Those steps create bottlenecks, slow incident response, and bury already overloaded security and IT teams in yet another high-wire act of “just one more alert queue.”
That is where Broadcom and Robert Mark Technologies step in. We pair Symantec DLP with the Automic automation platform, so you can stop treating every incident like a one-off fire drill.
Automic hooks into Symantec DLP, turns detections into consistent, automated workflows that run in the background solving incidents, and it feeds your dashboards with clear visibility and audit-ready trails.
Stay with me to walk through three Broadcom demos: automated email quarantines, self-service policy update requests, and scheduled policy backups, and I’ll show you how they speed incident response, strengthen audit readiness, and cut costs for public institutions.
Why Automic Is the Right Engine Behind Symantec DLP
Automic is the automation engine sitting behind Symantec DLP, quietly running all the messy follow‑up work that happens after DLP spots something it doesn’t like in Enforce, the central “control room” where all the DLP alerts and incidents live.
Symantec nails detection, protection, and analysis; Automic grabs those findings and drives what happens next, so operators escape permanent cleanup duty.
Think of Symantec DLP as the security camera, Enforce as the control room, and Automic as the robot team that runs around doing the work after an alert goes off.
That robot team isn’t just running around, it’s reading incident details, updating policies, and triggering Smart Responses through Job APIs and Enforce API calls, all without anyone babysitting the console or copy‑pasting data between screens.
What I’m saying is that instead of handing your team a 17‑step runbook every time an incident pops up, you can wire Automic straight into Enforce’s APIs, so the systems talk to each other and handle it themselves.
Calendar schedules quietly take care of policy exports and backups, while web forms and email notifications handle quarantined message approvals and sender exceptions, all from one place where you can build, track, and tweak workflows across security and ops.
The result is consistent actions and smoother handling every time: teams share the same workflow views, audit trails stay locked tight, and Automic kills the repetitive grind, so you can milk maximum value from Symantec.
I like it because everything happens automatically in the background, and nobody has to babysit DLP flags. (The only thing that should be burning out is the CPU, not your team’s last three brain cells.)
Three Workflow Patterns that Transform DLP Operations
Here are three simple moves that show the magic of pairing Symantec DLP with Automic: Email Quarantine Release Approval, Sender/Recipient Exception requests and updates, and scheduled Policy backups.
Same enterprise-grade automation muscle, now pointed at day-to-day DLP grind, so public institutions get consistent enforcement and compliance.
Pattern 1: Automated Email Quarantine and Release
This one starts where the chaos usually begins: a quarantined email and someone asking, “Can I please get my message back?” Instead of tossing that into another ticket queue, an incident lookup script calls the Automic Job API with the Incident ID and lets automation take the first swing.
From there, Automic runs Enforce API lookups to pull the subject and recipient, then a second call to grab the sender and their manager. No swivel-chair copy-paste. No “which window was that in again?” Just clean data pulled straight from the source.
With that context, Automic spins up a user approval form and emails the sender a link. They click, choose Yes or No, and the workflow waits. A No fires an Enforce API call that runs the Delete from Quarantine Smart Response. Done. Gone. No human mop-up.
A Yes bumps things up a level to the manager.
Same deal: a manager form with Yes/No.
Manager No? Another Delete from Quarantine Smart Response.
Manager Yes? Automic triggers Release from Quarantine and sends a confirmation email back to the user, so nobody is left wondering what happened.
Pattern 2: Self-Service Policy Exceptions via Sender Pattern Updates
Sender exceptions start in one sane place: a Sender Exception Request web form that grabs first name, last name, email, and why this sender deserves a hall pass.
That form calls the Automic Job API, spins up an approval request form, and emails the approver a link.
The approver sees two options: Approve Request or Deny Request. A denial fires a polite “no” back to the requester and wipes the form so nothing lingers in limbo.
An approval sends a confirmation email and kicks off Enforce API calls: Automic pulls the current sender pattern, adds the new email to the list, and updates the configuration.
Pattern 3: Policy Export and Backup as a Scheduled Job
For policy backups, Automic does what calendars and humans never quite manage together: it actually runs on time.
A calendar-based Job Schedule kicks things off, calls the Enforce API to grab all policy IDs, calls Enforce again to export every policy from that list, then parks the resulting ZIP safely in a backup location.
The Automic Process Monitor and Scheduled Job view keep score on each run and the calendar condition that decides when it fires.
If you want to see these three patterns without squinting at text, the Broadcom DLP + Automic live demo walks through the whole set: automated email quarantine and approvals, the self-service policy update request form, and the automated policy backup, plus the API triggers and escalation workflows tuned for public-sector environments.
Watch it here now.
Turning DLP Automation Wins into a Broader Strategy
When we sit down with clients and walk through these three DLP workflows, the lightbulb usually goes on fast. They see the manual grind of monitoring, alerts, tickets, evidence and endless “did anyone close that?” followups dissolving into predictable automation.
The room changes. The A-ha is almost always the same: “Okay, we’re bought in. Where else can we use this to drain the manual swamp and get more automation across the environment?”
That question isn’t theoretical. It points straight at faster incident response, cleaner audit readiness, and real cost savings for public institutions.
Automic delivers automation for the enterprise as an Automation Center of Excellence: you get an automation-first culture, better enablement, higher adoption, and an ecosystem of actions, add-ons, and templates instead of one-off scripts.
These workflows are more than demos. They show how Symantec’s detection, protection, and analysis paired with Automic’s orchestration gives teams a reusable pattern they can apply across the rest of security and IT operations. If you want it, it’s only the beginning of where your operational efficiency can go.
Explore Your Own Blueprint with RMT
Automic and Symantec DLP team up to strip the grunt work out of incident handling. You get real-time automated responses, up to 90% fewer manual steps, and audit-ready trails that support SLA tracking.
Once these workflows live in Automic, ops teams manage-by-exception instead of chasing quarantines and policy tweaks by hand. As a 20+ year Broadcom partner with Automic-certified resources, RMT can help you plug this blueprint into your own environment.
To see the flows step-by-step, watch our on-demand webinar, or use the form below to schedule a DLP automation review with RMT.
