Product section: Data leakage prevention and firewalls

Share this article:
Peter Stephenson, technology editor, SC Magazine
Peter Stephenson, technology editor, SC Magazine
This month we are concentrating on the data that should not enter your network and the data that should not leave your network.

Of course, data that should not enter the enterprise generally is stopped by the firewall — at least in the good old days. Today we are seeing a lot of perimeter systems converging into a single appliance. But there still are a few firewalls plain and simple.

Click here for the Data Leakage Prevention 2007 Group Test.
Click here for the Firewalls 2007 Group Test.

Data that should not leave the enterprise is data that is proprietary or would be damaging to the organization if it escaped. That process — the protection part — has various monikers, including data leakage protection/prevention, exfiltration protection/prevention, and my favorite, extrusion protection/prevention. I went into the lab to tinker with a fist full of these products and, boy, was I surprised.

The definition of extrusion prevention tools must be pretty fuzzy because we received a lot of products that approached the problem in several different ways. There were a few products that worked the old fashioned way: they monitor the data stream for dirty (sensitive) words and phrases, and then they either stop the violation and report it, or simply report it. There were some that work at the endpoint, and I like those because they stop the problem before it gets onto the network.

Back in Justin's lab we experienced an interesting phenomenon. Judy, our intrepid editorial assistant, summoned 20 firewall vendors to the party. Five showed up and one of those decided to drop out pending a new release. The firewall market is undergoing significant change and the vendors are keen to get on board. That means that there are a bunch of firewalls in transition from plain vanilla to something more.

Look for a significantly different breakdown by product families in our Group Tests next year. In fact, even the plain Jane firewalls we looked at were not ugly ducklings at all. Most are evolving into swans with lots of features that will, eventually, morph firewalls into something that looks a bit like a super-UTM. We look forward to that with some trepidation. As I have written on my blog, that strikes at the notion of defense-in-depth and provides a single point of failure.

The bottom line this month, though, is that you need to keep the bad guys out and the secrets in. Our Group Tests offer products to do exactly that.
— Peter Stephenson, technology editor
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in Features

Case study: Big LAN on campus

Case study: Big LAN on campus

A university rolled out a wireless network, but was hampered with a user-support problem...until a solution was found. Greg Masters reports.

2014 Women in IT Security: Stacey Halota

2014 Women in IT Security: Stacey Halota

When she stepped into the job of vice president of information security and privacy at Graham Holdings Company in 2003, Stacey Halota had to carve out new territory because her ...

What's sex got to do with it?

What's sex got to do with it?

Harassment has no place in the security industry. Neither do sexism or discrimination. But, there they are. It's time for infosec to just say no, reports Teri Robinson.