McAfee Data Loss Prevention Appliance
Strengths: Extremely powerful, feature-rich extrusion prevention system that covers virtually all the bases.
Weaknesses: A bit pricey for the products and the support price tag is a shocker.
Verdict: An excellent product with a lot of capability if you can afford it. Best for larger implementations, especially as part of an overall McAfee implementation.
SummaryThis set of products is used with the McAfee ePolicy Orchestrator, which must be installed before you can install extrusion prevention. This is a feature-rich product suite and it covers just about all of the data leakage requirements for most organizations. The system consists of several components, including the policy manager, agents, event collector and monitor. These come together and are managed through the ePolicy Orchestrator, as are several other McAfee products. The product was provided as the DLP Gateway Appliance.
Setting up this suite took about five minutes and we got a set of default policies that could be adjusted if we needed. We could, additionally, add more policies, if needed, or we could disable some of the default capabilities. The policy manager lets you create policies and what McAfee calls tagging rules, along with the usual user groups and reaction rules (what to do when a policy is violated). Most of what you need is in the appliance and that speeds things along nicely.
The DLP is not just a gateway, however. It is one of those tools that addresses virtually all extrusion vectors if the entire system is in place. Agents on user computers prevent unauthorized copying and printing through peripherals, including those messy USB drives. In addition, DLP can tag data based on application, content or location. We found that it was, essentially, impossible to fool DLP once we had proper rules in place.
Documentation for the suite is extensive and comes in PDF files on an accompanying CD. The manuals are well organized.
McAfee’s web site is comprehensive, but direct support options are mostly available only to subscribers. However, there is a large knowledge base that is publicly available. If you purchase support it can be quite expensive.
The system can, as with most McAfee products, be a bit pricey. The host product starts at $29,800 for 501 seats, and the DLP Gateway 3300 has a basic price of $35,000. However, if you already are invested in the rest of the McAfee suite, this probably is typical of your overall implementation. Still, for smaller organizations it can be a bit of a lump to swallow.