dcsimg

Three DLP Offerings that Should be on Your Short List

By Matt Sarrel

(Back to article)

Given the recent focus on data breaches, it’s no wonder that the data loss prevention (DLP) market is getting a lot of attention these days. In general, these products catalog data, assign security classification, and then monitor and protect data files at rest, in motion, and in use.

Knowing who accesses which data files, what they do with them, and where they go are all parts of preventing sensitive data from leaving your organization. There are plenty of vendors who provide a piece of DLP, but there are very few who provide complete solutions. And since DLP seems to be this year’s security buzzword, everyone who wants a piece of the pie claims to provide a DLP solution including anti-malware, firewall, endpoint security, encryption, and device control vendors.

Prominent vendors in the DLP market include GTB, NextLabs, EMC, Symantec (with it's acqusition of Vontu), RSA (acquired Tablus), McAfee (acquired Reconnex), Websense (acquired PortAuthority Technologies), CA (acquired Orchestria), Vericept, Fidelis Security Systems and Code Green Networks

In such a crowded and loosely defined marketplace, how can you decide which product to implement? The first step is to determine your data protection requirements. Then assess your current security solutions and look for gaps in protection. Find a product that fills in those gaps while not paying for functionality you don’t need but making sure that you are getting a true enterprise-class solution. And finally, test the products in a lab or a small pilot project before rolling them out to your entire organization.

What to Look For

When evaluating products, make sure that they are strong on centralized management features. A well-managed DLP solution should configure, deploy and manage the client software throughout the enterprise on a variety of server and workstation operating systems. You’ll also need to know who did what so look for integration with Active Directory (AD) and lightweight directory access protocol (LDAP) in order to write policy for and report on existing users and groups within your organization. Browser based management is usually a plus so that an administrator can access the console from anywhere.

In addition to management and reporting, typical features for enterprise DLP products boil down to what and how they protect. Most can protect Microsoft Office documents and Adobe .pdf’s. Many can force encryption of documents and stop them from being transferred via email or removable media. Some can also prevent copying, pasting or printing of documents and digitally watermark them. Most DLP products of this class are policy based and can combine multiple protection methods on a user or group level.

Here are a few examples of DLP offerings that should make your short list:

Symantec Data Loss Prevention

Symantec Data Loss Prevention is a multi-component system designed to discover, monitor and protect confidential data. The software finds confidential data wherever it is stored and creates and maintains an inventory of it. It tracks how data is being used or created on a user-by-user basis. The solution works whether the users is on or off the enterprise network. Reports show who violates security policy with real-time notification for administrators and on screen pop ups alerting users that their actions are being monitored and blocked. Different modules provide network and endpoint coverage for email, web, instant messaging, FTP, P2P, and removable media.

EMC Documentum Information Rights Management (IRM)

EMC Documentum IRM encrypts and protects documents from unauthorized viewing, copying and printing. The solution works wherever the document needs to be viewed or saved. A central policy server holds encryption keys for content and the policies controlling its use. Policies can be changed on the fly and applied to documents after they are delivered to users within the enterprise. Users download a small client that allows them to access and work on the documents you’re protecting. Documents can be digitally watermarked for viewing and printing. Documentum IRM is a complete DLP solution with support for protecting just about any kind of content out there.

Lumension Application Control and Device Control

These two Lumension products combine to offer a powerful approach to DLP that is very different from Symantec and EMC. Device Control is a centrally managed client application that controls what users can do with removable media. All policies are stored centrally and pushed to the client app and can enforce a wide variety of granular rules such as only allowing a specific make and model of USB memory key to be used or allow a specific user to mount an iPod only outside working hours. Device Control can also enforce encryption policy when documents are copied to removable media.

Application Control supplements the solution by establishing a white list of accepted applications and then blocking anything else from executing. This prevents malware and malicious script from running and therefore protects data against theft from them. Solid, detailed reports are available in both products.

Matt Sarrel is executive director of Sarrel Group, a technology product test lab, editorial services and consulting practice specializing in competitive intelligence. He has over 20 years of experience in IT and focuses on high-speed large scale networking, information security, and enterprise storage. He can be reached at matt@sarrelgroup.com, Twitter: @msarrel.