Feature

Data Loss Prevention Tools Offer Insight into Where Data Lives

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Does security make the grade in Windows Server 2008?."

Download it now to read this article plus other related content.

The content analysis technique will directly determine what products make the short list, but make sure to account for future needs. Although most of the market--90 percent by some estimates--is focused on protecting PII, about 30 to 40 percent of those organizations are also interested in protecting unstructured data. They start by using DLP to protect PII to reduce their compliance risk, and then slowly add other content, generally trade secrets and intellectual property, once they get comfortable with their tool.


The last major component of DLP solutions is endpoint agents to monitor use of data on the user's desktop. A "complete" agent theoretically monitors network, file and user activity such as cut and paste, but few real-world tools provide full coverage. Most products start with file monitoring for endpoint content discovery and to detect (and block) sensitive data transfers to portable storage. Rather than completely blocking USB thumb drives to protect data, an organization can use these tools to restrict file transfers based on content.

Endpoint DLP tools are starting to add more advanced protection, such as limiting cut and paste, detecting sensitive content in unapproved applications such as certain encryption tools, and automatic encryption based on content. Over time, they will increase the type and number of policies they can enforce

    Requires Free Membership to View

and integrate more deeply into common endpoint applications.

ARCHITECTURE & INTEGRATION
DLP architectures are defined by where they protect the content: data-in-motion network monitoring, data-at-rest file storage scanning, and data-in-use monitoring of the endpoint. Full-suite solutions include components for each of these areas, while partial suite tools cover only a portion, such as an endpoint DLP tool with an email-only gateway (see "DLP Vendors," below). There also are single-channel products and non-DLP tools that bundle some DLP features, like an email gateway that can block messages with credit card numbers. In the long run, most organizations--especially large enterprises--will prefer full-suite solutions, but partial-suite and DLP-as-a-feature tools often meet tactical needs where complete coverage isn't necessary.

DLP vendors
Here is a representative list of some vendors offering data loss prevention products.

Full-suite solutions
EMC/RSA (acquired Tablus, Aug. '07) www.emc.com
Orchestria www.orchestria.com
Reconnex www.reconnex.net
Symantec(acquired Vontu, Nov. '07) www.symantec.com
Vericept www.vericept.com
Websense www.websense.com

Partial-suite solutions
Code Green Networks www.codegreennetworks.com
GTB Technologies www.gttb.com
McAfee www.mcafee.com
Workshare www.workshare.com

Network-only tools
Clearswift www.clearswift.com
Fidelis Security Systems www.fidelissecurity.com
Palisade Systems www.palisadesys.com
Proofpoint www.proofpoint.com

Endpoint-only tools
NextSentry www.nextsentry.com
Trend Micro (acquired Provilla, Oct. '07) http://us.trendmicro.com
Verdasys www.verdasys.com

--Compiled by Rich Mogull


This was first published in February 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: