Oakley Networks SureView appliance offers very complete extrusion prevention with a twist. Along with the usual event reports, the appliance can replay the actual event, including pre-encryption data. As an investigative tool, this capability is unsurpassed by any other product feature we’ve seen.
Because SureView uses agents at the endpoints (user workstations), virtually all data leakage policies can be monitored, including the use of peripherals such as thumb drives. The product comes with over 200 pre-made policies and making new ones is not difficult.
Installing the appliance was easy using the installation guide provided. We found that it installed like most other types of appliances with which we are familiar. The installation guide takes you through the installation, setup and configuration processes and other documentation takes over from that. The entire process is fairly intuitive.
SureView performed very well and it was easy to replay an entire incident. The replay feature behaves like a DVD player and every action by the offending user is recorded as a set of screen shots. As a forensic evidence tool this capability really shines. Using the replay feature, you can see exactly what the violator did to cause an alarm. Usually, this is enough to encourage the violator to admit their act. For accidental behavior, this function is an excellent teaching tool. For deliberate violators, this provides all of the forensic evidence you will need.
Documentation for the product is very good, but we found the web site a bit thin, mostly consisting of marketing materials. There are extra-cost support packages available and documentation is available online for those users with a support contract.
The product is very expensive with a price tag of $100,000. This, however, is for unlimited users, so for a large enterprise this product is a good value.
We liked this product for its forensic capability, but as a straightforward extrusion prevention product, it did quite nicely as well. However, at its high price it will most likely find its best application either in large organizations or in applications where extremely high control of internal information leakage is important.