Choose the right DLP tools to help execute your DLP strategy
A collection of articles that takes you from defining technology needs to purchasing options
Like many major infosec vendors, Intel Security has a data loss prevention software offering for enterprises concerned about potential exposures or leaks of corporate information.
[Editor's note: Intel sold a majority stake in its security business to private equity firm TPG in September for $3.1 billion. The sale is expected to close in April, after which Intel Security will be renamed McAfee.]
Intel Security's McAfee Total Protection for Data Loss Prevention is a complex suite consisting of four distinct data loss prevention (DLP) tools that can be deployed on hardware and virtual appliances. The DLP suite includes McAfee DLP Monitor, McAfee DLP Discover, McAfee DLP Endpoint and McAfee DLP Manager. Endpoint agents for McAfee Total Protection for Data Loss Prevention are deployed and managed through the McAfee ePolicy Orchestrator, while the McAfee DLP Manager appliance acts as the central control hub for the full suite.
McAfee DLP Monitor
McAfee DLP Monitor is a network appliance-based tool for monitoring and controlling sensitive information that can be deployed using either Switched Port Analyzer ports or network taps.
This DLP product, which can track and report on sensitive data in motion in real time, is a network appliance capable of detecting over 300 content types transiting over any TCP-based port and protocol. It can classify content at up to 200 Mbps.
The appliance is available as either the hardware-based McAfee DLP 5500 appliance or as a VMware virtual machine.
McAfee DLP Discover
McAfee DLP Discover is a data at rest discovery tool capable of scanning and detecting over 300 content types in many different kinds of file repositories. Supported file types include Microsoft Office documents, multimedia files, source code, design files, archive files and encrypted files.
It is capable of scanning common file repositories, including Common Internet File System, Network File System, FTP/FTP Secure, HTTP/HTTPS, Microsoft SharePoint and EMC Documentum. It's also capable of scanning Microsoft SQL, Oracle, DB2 and MySQL databases for sensitive information.
This appliance-based tool is available as either the hardware-based McAfee DLP 5500 appliance or as a VMware virtual machine.
McAfee DLP Endpoint
McAfee DLP Endpoint is a data in use monitoring and control data loss prevention tool supporting Windows 7 SP1 and 8.x and Mac OS X 10.8.5 to 10.10 endpoints.
This product is deployed and managed using McAfee ePolicy Orchestrator (ePO). It can be purchased separately from the McAfee DLP suite, thereby allowing smaller organizations already using McAfee ePO to field endpoint-only data loss prevention.
McAfee DLP Endpoint has a variety of rules and policies to help protect sensitive data in use. Cloud-aware cloud protection rules block sensitive files from being synced to cloud services, such as Box, Dropbox, Google Drive, Syncplicity and OneDrive. Application file access protection rules block access to sensitive files, through means such as Skype file transfer, Nero burning and iTunes syncs. Web protection rules now offer Google Chrome support, in addition to Mozilla Firefox and Internet Explorer (enhanced protected mode) support.
McAfee DLP Manager
The McAfee DLP Manager appliance is the central controller for the complete McAfee Total Protection for Data Loss Prevention suite, and it is the integration point for the McAfee ePolicy Orchestrator server.
While it can be used to manage select McAfee DLP tools, McAfee DLP Manager must be used with McAfee ePO to manage McAfee Endpoint.
The DLP Manager allows organizations to manage up to 39 McAfee DLP components and to view all incidents generated by McAfee DLP components. Searches and reports for all McAfee DLP components can be generated through the DLP Manager. It also comes with a number of preconfigured policies to help manage McAfee DLP components.
McAfee Total Protection for Data Loss Prevention is designed to cover the data protection needs of a variety of enterprises; those needs include controls and policies for corporate data standards, regulatory compliance and protection against both insider threats and external attackers.
The software suite is designed to scale easily from midsized organizations to large enterprises. It covers endpoint data in use, network data in transit and data at rest for several file types and databases. While McAfee Total Protection for Data Loss Prevention covers data generated and used by third-party cloud services, it does not cover mobile devices, like smartphones.
Organizations interested in the McAfee DLP suite should contact the vendor or an authorized reseller for more information on pricing and licensing.
The right DLP product depends on the type of job
See how DLP can help your company protect its data
Know these criteria before deciding on DLP