This content is part of the Essential Guide: Evaluating data loss prevention tools and technology
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Data loss prevention market: DLP vendors (and the questions to ask them)

Learn more about the data loss prevention marketplace, DLP vendors and critical questions to ask when evaluating potential DLP products for your enterprise.

The data loss prevention market is quite a varying place, with vendors offering multiple different products with...

numerous features and capabilities.

Before just grabbing a product off the shelf, it is critical to evaluate data loss prevention (DLP) vendors and products against the features your business needs.

Performing a DLP evaluation

Below are 11 critical questions your organization should ask during a data loss prevention evaluation:

1. Do you support network, endpoint and storage DLP? If not, which ones do you offer?

2. Do you support multiple "channels" (network, storage, endpoint) using a single management console and a single policy definition interface? If not, how do these pieces break out?

3. For each "channel" (network, endpoint, storage), which content analysis techniques do you support? Please describe in detail (e.g., pattern matching, partial document matching, database fingerprinting).

4. Which endpoint operating systems do you support, and what are the performance requirements (memory/processor)? Are there content-aware policy limitations based on the operating system or system specifications?

5. What activities can you monitor, and what can you block on endpoints (without requiring an active connection to the server) using content-aware policies? At a minimum, please specify if you support scanning local storage, monitoring/blocking portable storage and monitoring network activity.

6. How do you monitor storage (data at rest) activity? Which network file access protocols and document management systems do you support (e.g., CIFS), and do you require or offer an endpoint agent?

7. Do you include an email MTA in the product for scanning, quarantining and filtering email? If not, how do you provide DLP for email?

8. Describe your network monitoring deployment models (e.g., passive sniffing on SPAN port).

9. Can you monitor and control SSL encrypted network traffic? If so, does this require integration with an external SSL proxy? Describe the technique used.

10. Can you monitor generic ports and protocols, or are you limited to only particular port/protocol combinations (and how does this affect performance)?

11. How many endpoints, storage repositories and network gateways can a single management appliance support?

Vendor list

Choosing a DLP vendor can be a tricky process. Below is a representative list of companies to keep in mind during the DLP vendor evaluation.

Full-suite DLP:

DLP lite:

SearchSecurity's Readers' Choice Awards

Best of DLP 2014

Best DLP of 2013

About the author:
Rich Mogull has nearly 20 years of experience in information security, physical security and risk management. Prior to founding independent information security consulting firm Securosis, he spent seven years at Gartner Inc., most recently as a vice president, where he advised thousands of clients, authored dozens of reports and was consistently rated as one of Gartner's top international speakers. He is one of the world's premier authorities on data security technologies, including DLP, and has covered issues ranging from vulnerabilities and threats to risk management frameworks and major application security.

Next Steps

Learn more about the maturing DLP marketplace and learn about some of today's top DLP vendors.

This was last published in November 2014

Dig Deeper on Data loss prevention technology