Content Alarm 1.1

Content Alarm 1.1
Tablus
Price: Starts at $30,000

Information is the fuel of enterprises, and nearly every bit of that information-sensitive, restrictive and unclassified-is passed over network pipes. The last things enterprises want are copies of their product designs, formulas, financial statements or marketing plans digitally leaked-intentionally or accidentally.

Tablus' Content Alarm doesn't seal data leaks, but it does let security managers know when someone, or something, is trying to pass restricted data through the network perimeter. Rather than just using keyword matching to find sensitive data in e-mails and attachments, Content Alarm's scanning engine and proprietary linguistics algorithm inspects all network traffic.

Tablus won't disclose the nuts and bolts of how Content Alarm works, but our tests found it quite effective at detecting portions of sensitive documents that had been "cut and pasted." Rewritten documents that still contained sensitive data weren't overlooked, either. Content Alarm scrutinizes numerous protocols and data transmissions, including HTTP and FTP.

More Information Learn how to secure the network perimeter Learn factors to consider when evaluating and selecting enterprise e-mail security products

Content Alarm is a reactive system. Even with its strong detection capabilities, it can't block unauthorized data transmissions. It merely reports data leaks after the fact. Real and suspected infractions instantly trigger notification via SNMP or e-mail.

Content Alarm is fairly easy to set up and administer and doesn't require extensive technical knowledge. Security managers will need a firm understanding of their enterprise's data security policies and classifications. Monitoring policies can be extremely detailed and can range from "detect all financial data" to "flag e-mails containing financial data not coming from the accounting department." Equally granular is Content Alarm's ability to determine exempted data based on destination, protocol, sender, etc. For instance, you can set a policy that flags the transmission of financial data and Social Security numbers, except for the CFO and certain members of the accounting group.

Content Alarm continually scans network traffic, updating itself when files are added or changed. Security managers can use the management console to audit logs for compliance and trend information.

With this seemingly intense inspection, you might expect a performance hit. Content Alarm is a passive, out-of-band solution that has no impact on network traffic throughput.

One drawback is that Content Alarm can't inspect encrypted traffic. Tablus acknowledges this limitation, but dismisses the issue, estimating that less than 2 percent of network traffic is encrypted. While this may be true, it provides a loophole that a knowledgeable insider could exploit. Further, most Web-based e-mail systems are accessible via SSL, and enterprises are expanding their use of SSL VPNs to access backend applications and databases.

For enterprises concerned about the security of proprietary and classified information, Content Alarm is excellent at spotting plaintext leaks, albeit it at a pretty steep price compared to competitors who offer blocking functionality as well.

About the Author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.

This review orginally appeared in Information Security magazine.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Security Buyer's Guide,   Enterprise Data Protection,   Enterprise Data Governance,   Application and Platform Security,   Email Protection,   Email Security Guidelines, Encryption and Appliances,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Security Buyer's Guide Keystroke dynamics makes BioPassword Internet Edition a viable authentication option Access security with KoolSpan's SecurEdge NetChk Protect 5.5 Biometrics: Best practices, future trends 2006 Products of the Year: Emerging Technologies Secure Sphere 2.0 Scan & Deliver: SLAs force service providers and outsources to hit the mark ... or hit the road Secure remote access: SSH Tectia Manager Spycatcher Enterprise 3.2 Configuresoft's Enterprise Configuration Manager v4.7 Enterprise Data Governance How to protect distributed information flows Interpreting 'risk' in the Massachusetts data protection law Creating an enterprise data protection framework Analyst DLP study finds maturity, ranks top DLP vendors Voltage, RSA spar over tokenization, data protection Twitter gets condemned by CISOs at Forrester forum PCI DSS compliance requirements: Ensuring data integrity Trustwave acquires data loss prevention vendor Vericept Data has become too distributed to secure, Forrester says Cloud-based security services should start private Email Security Guidelines, Encryption and Appliances How to confirm the receipt of an email with security protocols Best Email Security Products Can an IP spoofing tool be used to spam SPF servers? WatchGuard acquires email and Web security vendor BorderWare McAfee to acquire email SaaS vendor MX Logic What does 'invoked by uid 78' mean? How to configure firewall ports for webmail system implementation Fierce competition prompted new Cisco email security options Cisco brings email security appliances closer to SaaS Cisco offers more email security choices, but lacks vision RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cut-and-paste attack  (SearchSecurity.com) data masking  (SearchSecurity.com) data splitting  (SearchSecurity.com) deperimeterization  (SearchSecurity.com) Google hacking  (SearchSecurity.com) masquerade  (SearchSecurity.com) snooping  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.