Product section: Data leakage prevention and firewalls

Share this article:
Peter Stephenson, technology editor, SC Magazine
Peter Stephenson, technology editor, SC Magazine
This month we are concentrating on the data that should not enter your network and the data that should not leave your network.

Of course, data that should not enter the enterprise generally is stopped by the firewall — at least in the good old days. Today we are seeing a lot of perimeter systems converging into a single appliance. But there still are a few firewalls plain and simple.

Click here for the Data Leakage Prevention 2007 Group Test.
Click here for the Firewalls 2007 Group Test.

Data that should not leave the enterprise is data that is proprietary or would be damaging to the organization if it escaped. That process — the protection part — has various monikers, including data leakage protection/prevention, exfiltration protection/prevention, and my favorite, extrusion protection/prevention. I went into the lab to tinker with a fist full of these products and, boy, was I surprised.

The definition of extrusion prevention tools must be pretty fuzzy because we received a lot of products that approached the problem in several different ways. There were a few products that worked the old fashioned way: they monitor the data stream for dirty (sensitive) words and phrases, and then they either stop the violation and report it, or simply report it. There were some that work at the endpoint, and I like those because they stop the problem before it gets onto the network.

Back in Justin's lab we experienced an interesting phenomenon. Judy, our intrepid editorial assistant, summoned 20 firewall vendors to the party. Five showed up and one of those decided to drop out pending a new release. The firewall market is undergoing significant change and the vendors are keen to get on board. That means that there are a bunch of firewalls in transition from plain vanilla to something more.

Look for a significantly different breakdown by product families in our Group Tests next year. In fact, even the plain Jane firewalls we looked at were not ugly ducklings at all. Most are evolving into swans with lots of features that will, eventually, morph firewalls into something that looks a bit like a super-UTM. We look forward to that with some trepidation. As I have written on my blog, that strikes at the notion of defense-in-depth and provides a single point of failure.

The bottom line this month, though, is that you need to keep the bad guys out and the secrets in. Our Group Tests offer products to do exactly that.
— Peter Stephenson, technology editor
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in Features

Game theory: Cyber preparedness

Game theory: Cyber preparedness

Business leaders are beginning to fathom the importance of cyber war game simulation exercises, reports James Hale.

Forward progress: How the Denver Broncos really play defense

Forward progress: How the Denver Broncos really play ...

Off the field, demand for bandwidth and protection from network threats set the ball in motion for the Denver Broncos. Greg Masters reports.

Smart defense: A talk with industry veteran Gene Fredriksen

Smart defense: A talk with industry veteran Gene ...

Today's CISO must stay ahead of attackers, says Gene Fredriksen, CISO at PSCU. Teri Robinson talks one on one with the industry veteran.