We have characterized GTB Inspector as “email security,” but, really, that requires a bit of rethinking about what we mean by the term. There are, as everyone knows, a lot of aspects to email security and Inspector addresses one of the most important: data leak prevention. This is a multifaceted problem and we addressed one aspect of it with the MI5 product (elsewhere in this issue). MI5 addresses data leakage caused by, especially, botnets. Inspector, on the other hand, addresses the insider threat directly and uniquely.
First, Inspector addresses sensitive data through its fingerprinting approach, and it inspects all protocols with the aim of stopping leakage, not just reporting it. Second, the notion of fingerprinting essentially guarantees a very high catch rate (we experienced 100 percent in our tests). So, other than a unique approach, why does GTB, a relatively young company, fit into our innovators issue?
The vision of GTB's products is to offer an appliance that provides complete coverage for the problem without forcing a significant change of the enterprise's architecture. Additionally, GTB wants to provide full coverage, and that includes removable devices.
The goal is to provide proactive functionality and to cover all protocols, even those that may be unknown. The future vision is to provide full integration of policy and the content to which it relates. What that means in simple terms is: whatever the policy, the device will be able to enforce it with any kind of content, any kind of protocol or no protocol at all.
These visions require moving the fingerprinting function to the endpoint. GTB visionaries believe that 98 percent of the companies that have been investigating data leak prevention will implement it in 2008. That puts a pretty strong incentive on the table to implement other parts of the vision. Today, the device can be implemented in-line or not. That adds flexibility to how the product fits into the enterprise architecture.
At the end of the day, we were impressed by the way that Inspector takes the fingerprinting — normally a very resource-intensive function — and actually makes it work in a way that has negligible impact on performance. GTB is an innovator in large part because it recognizes that seeing data leakage is not enough. One must see it, identify it positively (regardless of steps taken to fool the monitor), and stop it before it leaves the barn.
AT A GLANCE
What it is: Extrusion prevention tool
Vendor: GTB Technologies, Inc. - www.gttb.com
Innovation: The fingerprinting approach that allows for 100 percent catch rate
What we liked: The product stops data leakage when it is fully implemented