Trustwave DLP Suite
Strengths: Solid performance and covers a variety of network DLP scenarios.
Weaknesses: Interface feels unpolished. Each protection module is a separate license and cost.
Verdict: Overall a decent network DLP solution which suffers due to a bit higher price.
Trustwave's DLP solution is actually a series of modules that help form an overall DLP solution that analyzes content and performs a series of actions against it. The overall main components of the solution are software modules which are typically pre-loaded on Dell rack-mounted server hardware running Red Hat Linux v4. The heart of Trustwave's solution is actually four modules: Monitor, Protect-Email, Protect-Web and Discover.
As their names reveal, the modules help with passive network monitoring, SMTP or Exchange integration, web proxy via ICAP, and a separate standalone module which can scan data at rest. However, for the purposes of this network DLP review, we did not test the Discover module.
Installation of the product was very easy in our test environment. The solution itself can be implemented using a variety of configurations - which are predicated on performance and how distributed the environment will be. Appliances are configured using various roles and can act as collectors or consoles. Collectors are placed at various network points and perform network analysis on the data flows. Consoles are where the aggregation, processing and reporting takes place. All of the configuration types are driven by policies and workflows, which ultimately tell the solution what to look for and how to act on the particular finding.
Protect-Email can integrate with Microsoft Exchange or other SMTP architectures and helps scan email and attachments. Protect-Web integrates with a proxy using ICAP to scan text on the page, blog, webmail and more. Ultimately, the device performs well and is able to detect, quarantine and block offensive data according to its rule base. Our only complaint is that the overall ease of use, and operating within the various sections of the web-based interface, is not as intuitive as we would have hoped.
The documentation available on the appliance itself could be a bit more explanatory. Although it helps with the basic tasks and outlines most of the tabs and configuration options, it's more of a dictionary of terms and a high-level overview help file.
Basic email and phone support during normal business hours is available for 20 percent of the purchase price, and 24/7 support is available for 25 percent. The pricing of the solution varies and is different for each protection module (monitoring, email, web). Contact the vendor for more information.