Organizations testing the data loss prevention (DLP) waters typically ramp up with an extended learning period, creating, testing and refining rules to detect policy violations as they monitor traffic over an extended period. For some companies, this is often sufficient justification for DLP, as they test actual user behavior—usually inadvertent rather than malicious—against established policy and evaluate the effectiveness of their user awareness training programs.
"We want to use DLP to evaluate the maturation of our risk program and how effective our user training/awareness program is," said Andre Gold, lead for IT Risk management at financial services provider ING.
The DLP market is evolving as focus shifts from the network to the endpoint, and consolidating, as Symantec (Vontu), McAfee (Onigma), Trend Micro (Provilla), EMC/RSA (Tablus) and Websense (PortAuthority) all made acquisitions to incorporate DLP technology into their product suites Among other vendors vying for market share are Denver, Colo.-based Vericept and Mountain View, Calif.-based Reconnex, which OEMs Provilla/Trend Micro to provide endpoint DLP to supplement its network solution.
Reconnex's newest product, Data Profiler, is something of a DLP starter kit. Leveraging the information indexing technology introduced last fall in Reconnex 7.0, the appliance allows enterprises to learn who is doing what with sensitive data without heavy investment upfront.
"You can make an analogy to Google," said Faizel Lakhani, vice president of Reconnex products and marketing. "You never tell it in advance what you want to look for; it creates high performance index of data leaving the network."
Gold said that DLP can be an important tool as ING grows through acquisition and introduction of new products. "We don't want to take on residual risk"
The problem is that DLP has generally been regarded as expensive and difficult to implement, suggesting that the hype notwithstanding, the technology is not yet mature. That may be changing.
"The technology is getting more usable and less arduous to implement," said Gold. "The convergence of the need and the technology from a simplification perspective is coming together."
Gold said his first experience with DLP, at his previous company, Continental Airlines, proved too difficult to use, and he pulled the plug after a few weeks.
Reconnex says its Content Analytics Engine greatly simplifies policy creation. Users can query the indexed data and develop rules based on their findings, rather than create rules, test them, modify, test again, rinse and repeat. A Data Profiler appliance gets enterprises into DLP for about $20,000, rather than a six-figure DLP rollout.