Published: 01 Sep 2008
| DATA LOSS PREVENTION
Workshare Protect Premium 6.0 seeks to eliminate the malicious or accidental leakage of sensitive corporate data.
Workshare is client software that allows you to assess document risk, preserve content integrity and prevent disclosure of sensitive or confidential information. It installs several utilities and also integrates with products such as Microsoft Office and Lotus Notes.
The Policy Designer allows Workshare to be customized for your environment. Overall, it's well thought out, making it easy to create new policies. For example, we crafted a policy that searched for the word "confidential" in all text and HTML documents. You determine the files that are searched, such as Office, RTF, text, HTML, zip, XML and PDF. You can also create regular expressions (regex) to search for any standardized data such as account numbers. Several other criteria can be matched including looking in hidden data such as small text, hidden text, white text, etc.
Rules can be applied to Workshare "channels," the messaging protocol through which information is distributed--client email, Active Content Channel (in Office documents), removable devices and mail servers.
The actions and channels allow you to define how and where the information can be sent or stored. Our sample rule searched for "confidential," allowing it to be used in documents, but not allowing users to email it to anyone outside the corporation. The Workshare routing feature allows you to define who can and cannot be sent sensitive emails.
Workshare's greatest strength is its tight integration with Office. Workshare actively searches for policy violations in real time and tags violations.
Workshare allows the user to see what specific policy is violated, allows redaction of the violation or allows it to be ignored, depending on policy. For instance, when Workshare flagged our Social Security number violation, we redacted the number. Default policies search for profanity and other offensive terms.
Other tools, such as Trace Endpoint and Batch Clean, are run manually by the user.
Trace Endpoint runs all the current policy checks against files on the client system, and against email in the inbox. We used Trace Endpoint to scan a directory we made with files containing personal information. Trace Endpoint was able to identify all of the confidential information we defined in the rules.
After the scan is run, a report is available that details all of the violations and files in which they occur. The file can be saved to Excel or PDF format or printed. Data has to be removed manually from the offending files.
Batch Clean provides an easy way to clean multiple files of meta data such as usernames, comments, hidden data, macros, etc. Meta data can be useful to an attacker profiling your corporation for social engineering attacks. Batch Clean removed all the offending data from our test files but leaves no record of its action.
We would have liked to have seen centralized reporting and alerting for the various tools.
Workshare Protect Premium provides a cost-effective tool to contain data leakage. It's not too intrusive, and helps educate employees. Companies looking for a more comprehensive data loss prevention solution may want to investigate Workshare Protect Network as well.
Testing methodology: We ran Workshare Protect on Windows XP with Microsoft Office 2003. Both default policies and policies created by the reviewer were used during the test.