Product Group Tests
Data leakage prevention (DLP)
October 03, 2011
DLP no longer is an option, it’s a necessity. It is now common wisdom that you should consider your network infected. The only questions are, with what is it infected and when will the infection try to exfiltrate data?
We security practioners tend to focus our attention on keeping the bad guys out of our systems - and we are doing a fair job of that, at least from the perspective of fending off direct attacks against our gates. But, today, it is probably more important to keep the bad guys from shipping our sensitive information out - often under our noses. If we are keeping the bad guys out, though, who is it that is trying to steal our precious secrets?
The truth is that there are a lot of folks who would like to remove sensitive data from its protected home on our networks - from legitimate users who make errors to bad guys who scam their way in and then steal whatever they can. But, if we're doing such a good job of keeping these crooks from launching a successful attack against us, how do they get in? Simple. We invite them.
Responding to phishing schemes, clicking on unknown attachments, and a raft of other user errors open our network doors wide and roll out the red carpet for attackers. Once those adversaries are inside the network, they must send something back to a safe haven so that they can use the purloined booty that their bots have harvested and sent home. That is where this month's group of products step up, identify the efforts and interdict to keep this sensitive information home, where it belongs.
This area is so important that we have broken our usual mold this month and, rather than presenting six to a dozen product to chew on, we have identified just three that we think are the best of breed. Then, we looked more deeply than we usually have room to do and expanded our coverage to a full page for each product. This gave us the space to take a more comprehensive look at these three offerings, and what we found was very interesting.
My early sense was that this category is still new enough that we would see massive differences in approach, capability and the way the vendors view data leakage prevention. That didn't happen. In fact, although the product we chose for Best Buy had some unique approaches to DLP, they all are quite similar and first-rate.
This time, we had the luxury of looking at how these products are set up in a structured, step-by-step manner, and we really got the chance to do some testing that we don't normally have time to do when we have products to look at. For example, besides setting up the test bed, we were able to create a full suite of policies instead of trying the policy manager once and then moving on to the next tests. As a result, we found some neat, but hidden, capabilities in each of this month's products.
DLP no longer is an option, it's a necessity. It is now common wisdom that you should consider your network infected. The only questions are, with what is it infected and when will the infection try to exfiltrate data? Even if you are not infected it is likely that you have users who will attempt to take data off of the network.
We saw a particular situation where an employee left the organization and came back later as a contractor in another area of the company. The person took all of the email that was in his company email folders and forwarded it to his personal Gmail account. He then planned to save all of the messages to a CD or thumb drive to return to the organization and ensure that the email was preserved.
The problem was that the emails were full of credit card numbers. These numbers hit the public mail server. As it happened, the organization was, at that moment, testing a DLP product and saw the exfiltration, caught it and stopped it. Fortuitous, for sure, but one cannot depend on that kind of luck unless DLP is actually deployed. And that is what this set of reviews is about. Here are three superb products to consider. You will, naturally, pick the one that fits your application best but, no matter what that actually means in your context, don't balk at cost, deployment and more. This is important not just for security, but also for privacy, liability and regulatory compliance. Just do it!
All products in this group test