The data loss prevention space is evolving to help enterprises discover, classify and monitor sensitive information, wherever it's stored or used, on and off of corporate networks. As some DLP vendors attempt to address endpoint, email and network security, more DLP functions are being added to email and Web security gateways as well as mobile and endpoint security suites.
"Over time, [even] two years from now, I think we can expect to see the DLP suite and DLP functionality vendors subsume a lot of the data classification capabilities, too," says Heidi Shey, an analyst with Cambridge, Mass.-based Forrester Research Inc.
This year, our survey respondents had high praise for two enterprise DLP systems that stood above the rest. We are pleased to honor them here as the winners of our 2014 Readers' Choice Awards.
Winner: RSA Data Loss Prevention, RSA, the security division of EMC Corp.
The RSA Data Loss Prevention suite is one of two winners in the DLP category, thanks to strong scores from readers for both the comprehensive and flexible reports the product offers, as well as its effectiveness when detecting and preventing unauthorized user activity. One reader also noted the ease of installing, configuring and managing the RSA Data Loss Prevention suite as a major plus for his organization.
The RSA offering attempts to be a complete DLP suite through threat modules: network, endpoint and data center. The various modules can locate data in numerous areas, including email, webmail, general Web traffic, desktops, mobile devices, social media accounts, file servers and USB devices, and then either enforce controls based on a customized policy or send an alert for an IT professional to investigate.
The RSA DLP Enterprise Manager, a browser-based management console, is used to monitor each of those modules. Administrators can drill down into individual incidents to determine the policy violation, the content compromised and the users responsible. End users can be notified of policy violations as they are occurring either at the endpoint or network level, and be given the option whether to continue with an action that may lead to compromised data. Enterprise Manager also allows customized policy responses for specific working groups.
RSA Data Loss Prevention promises more than 170 pre-built expert policies that cover a range of compliance regulations, as well as reporting capabilities aimed at various enterprise figures ranging from executives to administrators. The RSA suite can be integrated into a number of other platforms from Cisco, VMware, Symantec, Trend Micro, Blue Coat and more. The product also includes some of the data classification techniques mentioned by Shey, including content classification, machine-based fingerprinting and metadata analysis.
Winner: McAfee Total Protection for Data Loss Prevention, McAfee/Intel
Last year's bronze medal winner, McAfee Total Protection for Data Loss Protection landed in this year's top spot by offering users effective detection and prevention capabilities when dealing with unauthorized user activity. Readers also felt that the McAfee DLP product provided good bang for the buck thanks in part to consistently upper-tier scores across all categories.
"It is a good product and vendor support is immense," says one reader.
McAfee Total Protection for Data Loss Prevention is available through a series of physical and virtual appliances that enable various DLP capabilities. DLP Manager, for instance, provides a centralized management tool that allows IT teams to monitor and search incidents, create reports that can span a variety of DLP components and utilize pre-built policies for compliance regulations like HIPAA.
The McAfee DLP Discover appliance is used to identify sensitive data in an enterprise setting, and apply protections for data both at rest and in transit. Administrators can define the policies that will govern sensitive data in an organization, and then use DLP Discover to scan network resources and specific repositories for violations. Such scans can also be scheduled to run on a daily, weekly or monthly basis. The DLP Monitor appliance provides visibility into the real-time movement of sensitive data across an enterprise network. DLP Prevent can be used to lock down data so that it is either transmitted via an approved method, or it can be encrypted, quarantined or blocked automatically.
Total Protection for Data Loss Prevention appliances can be deployed through McAfee's own ePolicy Orchestrator security platform. One reader noted that his organization is already taking advantage of this integration, which promises a more complete view into an organization's security policies and protections.
Send comments on this article to firstname.lastname@example.org.
Learn how to identify and secure data egress points to prevent the loss of sensitive data.
Understand how SIEM can help identity unauthorized access attempts.