Product Group Tests
Data leakage prevention (DLP)October 03, 2011
DLP no longer is an option, it’s a necessity. It is now common wisdom that you should consider your network infected. The only questions are, with what is it infected and when will the infection try to exfiltrate data?
The truth is that there are a lot of folks who would like to remove sensitive data from its protected home on our networks - from legitimate users who make errors to bad guys who scam their way in and then steal whatever they can. But, if we're doing such a good job of keeping these crooks from launching a successful attack against us, how do they get in? Simple. We invite them.
Responding to phishing schemes, clicking on unknown attachments, and a raft of other user errors open our network doors wide and roll out the red carpet for attackers. Once those adversaries are inside the network, they must send something back to a safe haven so that they can use the purloined booty that their bots have harvested and sent home. That is where this month's group of products step up, identify the efforts and interdict to keep this sensitive information home, where it belongs.
This area is so important that we have broken our usual mold this month and, rather than presenting six to a dozen product to chew on, we have identified just three that we think are the best of breed. Then, we looked more deeply than we usually have room to do and expanded our coverage to a full page for each product. This gave us the space to take a more comprehensive look at these three offerings, and what we found was very interesting.
My early sense was that this category is still new enough that we would see massive differences in approach, capability and the way the vendors view data leakage prevention. That didn't happen. In fact, although the product we chose for Best Buy had some unique approaches to DLP, they all are quite similar and first-rate.
This time, we had the luxury of looking at how these products are set up in a structured, step-by-step manner, and we really got the chance to do some testing that we don't normally have time to do when we have products to look at. For example, besides setting up the test bed, we were able to create a full suite of policies instead of trying the policy manager once and then moving on to the next tests. As a result, we found some neat, but hidden, capabilities in each of this month's products.
DLP no longer is an option, it's a necessity. It is now common wisdom that you should consider your network infected. The only questions are, with what is it infected and when will the infection try to exfiltrate data? Even if you are not infected it is likely that you have users who will attempt to take data off of the network.
We saw a particular situation where an employee left the organization and came back later as a contractor in another area of the company. The person took all of the email that was in his company email folders and forwarded it to his personal Gmail account. He then planned to save all of the messages to a CD or thumb drive to return to the organization and ensure that the email was preserved.
The problem was that the emails were full of credit card numbers. These numbers hit the public mail server. As it happened, the organization was, at that moment, testing a DLP product and saw the exfiltration, caught it and stopped it. Fortuitous, for sure, but one cannot depend on that kind of luck unless DLP is actually deployed. And that is what this set of reviews is about. Here are three superb products to consider. You will, naturally, pick the one that fits your application best but, no matter what that actually means in your context, don't balk at cost, deployment and more. This is important not just for security, but also for privacy, liability and regulatory compliance. Just do it!
Sign up to our newsletters
SC Magazine Articles
- Malware on Lime Crime website, payment cards compromised
- State breakdowns: Anthem breach by the numbers
- Florida law enforcement docs show widespread stingray use, secrecy
- After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware
- Older vulnerabilities a top enabler of breaches, according to report
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- NIST requests final comments on ICS security guide
- State breakdowns: Anthem breach by the numbers
- Microsoft phishing emails target corporate users, deliver malware that evades sandboxes
- Researchers investigate link between Axiom spy group, Anthem breach
- Top Android tablets for children riddled with security lapses, study finds
- Bulk Reef Supply website compromised, credit cards at risk
- Medical identity theft up 22 percent in 2014, annual report says
- Report: Majority of health-related websites leak data to third parties