This tool is available either as a hardware or software appliance. The hardware version has a nice twist on the installation challenges we have seen from appliances in the past: forcing the administrator to install into the network from the command line. With this product, one tells Trustwave about the IP addressing, and the appliance comes preconfigured. Once racked up, the admin connects the network cables and powers it up. The appliance does the rest. This was typical of the thoughtfulness we observed in the design and implementation of the solution.
Once in the network, the admin can move on to the web user interface. Where other DLP devices - as well as many other types of policy-driven tools - talk in terms of policies, the Trustwave product refers to these as "categories." Policies, in Trustwave-speak, are the actions that one can take when a category is violated.
There are more than 70 out-of-the-box categories ready to go as is, or one can edit them easily into new categories. Likewise, it is quite straightforward to create new categories. Categories are adjustable as well. That means that one can set the sensitivity and regulate, to some degree, such things as false positives. The types of characteristics that can be edited in a category include content, protocol, IP address range(s) and email. The whole create/edit process is simple point-and-click.
Violations of categories can be sent to either a Trustwave or Arcsight SIEM for further processing and correlation. The DLP monitors all ports and protocols by default, so if a violation occurs on a non-standard port - 8080 for the web, for example - it will be caught. When a violation is captured, a detailed analysis can ensue. Web events capture both the username and the machine name.
Administration is straightforward, and the administrator can change/add/delete users, roles and permissions quickly and easily. Most administration is conducted through simple mouse clicks in check boxes. An important feature of DLP products is workflow, and Trustwave doesn't skimp here either.
The workflow system is a full case management tool complete with unique assignments to individuals tasked with investigating and clearing the applicable type of violation. This allows a lot of flexibility.
One area that some DLP products have difficulty with is file attachments. It is not always intuitive as to what file type is attached to an email. Often, obscure file types surface, and some DLP tools cannot identify them.
The Trustwave DLP can decode about 700 file types. It also uses the actual computing algorithms for such things as credit card numbers. That means that a number that appears to be something innocuous - but, in reality is a credit card number - will be identified. There are, therefore, few false positives that surface when identifying numbers with a special calculation because the tools verifies the calculation, not just the format.
Another useful feature is the capability to understand foreign languages. Trustwave has linguists on its team, so if a language other than English or Spanish is required, the company likely has the support needed.
We were especially impressed by the neat arrangement of the dashboard. Drill-downs are intuitive, and there is a lot of summary information easily available. Reporting is comprehensive and covers most regulatory requirements. Graphics are clear and appropriate, and there are 30 to 40 premade reports available out of the box. However, creating new reports is simple, so the richness of functionality is a big plus. Because the product provides sound correlation capabilities, violations can be grouped and timelines established. Thus, Trustwave DLP becomes a first-rate investigative tool.
Support is available and, like other similar products, there is no free public assistance. However, the comprehensive documentation, ease of use, and intuitive setup and configuration make this a far less daunting problem than we have seen with other products.
With a price that starts at a mere $10,000, the Trustwave DLP is an excellent value, especially when the overall cost of ownership is considered.