This article can also be found in the Premium Editorial Download "Information Security magazine: Lessons learned from good and bad NAC implementations."
Download it now to read this article plus other related content.
Workshare's greatest strength is its tight integration with Office. Workshare actively searches for policy violations in real time and tags violations.
Workshare allows the user to see what specific policy is violated, allows redaction of the violation or allows it to be ignored, depending on policy. For instance, when Workshare flagged our Social Security number violation, we redacted the number. Default policies search for profanity and other offensive terms.
Other tools, such as Trace Endpoint and Batch Clean, are run manually by the user.
Trace Endpoint runs all the current policy checks against files on the client system, and against email in the inbox. We used Trace Endpoint to scan a directory we made with files containing personal information. Trace Endpoint was able to identify all of the confidential information we defined in the rules.
After the scan is run, a report is available that details all of the violations and files in which they occur. The file can be saved to Excel or PDF format or printed. Data has to be removed manually from the offending files.
Batch Clean provides an easy way to clean multiple
| files of meta data such as usernames, comments, hidden data, macros, etc. Meta data can be useful to an attacker profiling your corporation for social engineering attacks. Batch Clean removed all the offending data from our test files but leaves no record of its action.
We would have liked to have seen centralized reporting and alerting for the various tools.
Workshare Protect Premium provides a cost-effective tool to contain data leakage. It's not too intrusive, and helps educate employees. Companies looking for a more comprehensive data loss prevention solution may want to investigate Workshare Protect Network as well.
Testing methodology: We ran Workshare Protect on Windows XP with Microsoft Office 2003. Both default policies and policies created by the reviewer were used during the test.
This was first published in September 2008