We found that setting up DLP was easy. We had set up the BigFix platform in the past and everything went in smoothly and worked exactly as we expected. When we began setting up policies, we were concerned about the complexity of the policy creation process in general. Building data leakage policies requires an intimate understanding of the data flowing on the enterprise, and that can be a big requirement on a large system.
Documentation is a bit thin, but, nonetheless, complete. Since you need the BigFix platform installed to use DLP, you also will have the core documentation for that as well.
In this case, however, we needn’t have been concerned. The DLP policy wizard makes setting up policies and ascribing actions to violations a snap. DLP recognizes over 300 file types, so there is a pretty good chance that whatever you are trying to protect will be protected. Additionally, the DLP can look for specific content, such as Social Security numbers or credit card numbers. Finally, keyword recognition policies are part of the DLP’s capabilities.
The BigFix DLP also tracks common protocols, such as HTTP, POP3, etc., as well as webmail. The product behaved well in our analysis and we were pleased with its overall performance. One unique capability of the DLP is its scan for sensitive information at the desktop. Once policies are created, you can run the scan wizard and identify sensitive files as defined by your policy.
BigFix has an excellent web site with lots of information, documentation and a first-rate, searchable knowledge base. Support is available both as a standard offering at no additional cost and as a premium, extra cost package.
Once you have the BigFix platform installed, DLP adds just $18/endpoint, making it a real bargain.