The data leakage prevention (DLP) market has come a long way from protecting data loss as a result of a stray email message. Vendors are now focused on automating data classification, protecting data at rest and device management.
Websense Inc. garnered the top spot in a new report from Cambridge Mass.-based Forrester Research Inc. that tracks the DLP market and ranks the vendors based on market strategy and features. In all, 11 vendors were evaluated between December 2007 and February 2008.
Forrester said Websense did a good job integrating its PortAuthority acquisition and had the best overall market strategy. The merger increased its features beyond Web threats to include safeguard customer data and intellectual property leaving the network perimeter. Forrester said that while Websense offers strong features to identify structured and unstructured data in hundreds of file formats, it needs to be more advanced so data can be classified and categorized properly. It also lacks an endpoint agent, and needs to be interoperable with other knowledge management systems.
"Websense clearly shines on the strategy side," said Thomas Raschke, a senior analyst at Forrester. "Their product is decent, but they're lacking an endpoint piece."
Data leak prevention tools are being coupled with encryption and endpoint security technologies to gain control and lock down data, Raschke said.
Raschke said implementation of DLP has been difficult for companies. Many enterprises are starting to take steps to protect intellectual property data at rest in various parts of the network, such as manufacturing documents or CAD drawings. Implementing the technology is fairly easy, but classifying data and defining policies around the data can be difficult because it involves multiple people, such as business managers and IT.
"DLP vendors need to sell their technologies to customers based on what their pain points are, because not everybody needs a complete DLP solution," Raschke said.
Reconnex Inc. also scored high marks, and is on Websense's heels, Raschke said. Forrester was impressed with the vendor's automated data classification and analysis engine, he said. The engine stood out because it could do the job without prior knowledge of what needs to be protected, according to Forrester.
"Their automated discovery features and forensics features are really strong," Raschke said. "They're helping people to automatically put the different data pieces together, and understand the most important parts of the puzzle that need protection."
According to Raschke, Reconnex has an uphill battle to climb. It hasn't been good at differentiating itself and explaining why its features are so compelling, he said. Websense has the advantage since it's a bigger company with more money and talent to build out a richer feature set, he said.
Other vendors that scored well were Verdasys, RSA, a division of EMC, and Vericept for their balanced DLP coverage and strong analysis features, according to the report. Verdasys scored high marks for its use of software agents to protect data in use at the endpoint, and RSA, which acquired Tablus in 2007, was the first major vendor to step into the market. Forrester said it has the strongest discovery features in the market.
Symantec, which declined to participate in the study, also has a very strong offering, Raschke said. It was the second major vendor to jump into the DLP market by acquiring Vontu last year for $350 million. Symantec is also partnering with GuardianEdge for full-disk and removable storage encryption to go with Vontu's gateway products.
McAfee also recently entered the market. It acquired Onigma and SafeBoot and in January, it repackaged SafeBoot's endpoint encryption and encrypted USB tokens with its existing data loss prevention products. Forrester said it needs to continue to integrate SafeBoot and build out a data analysis engine.