Given the recent focus on data breaches, it’s no wonder that the data loss prevention (DLP) market is getting a lot of attention these days. In general, these products catalog data, assign security classification, and then monitor and protect data files at rest, in motion, and in use.
Knowing who accesses which data files, what they do with them, and where they go are all parts of preventing sensitive data from leaving your organization. There are plenty of vendors who provide a piece of DLP, but there are very few who provide complete solutions. And since DLP seems to be this year’s security buzzword, everyone who wants a piece of the pie claims to provide a DLP solution including anti-malware, firewall, endpoint security, encryption, and device control vendors.
Prominent vendors in the DLP market include GTB, NextLabs, EMC, Symantec (with it’s acqusition of Vontu), RSA (acquired Tablus), McAfee (acquired Reconnex), Websense (acquired PortAuthority Technologies), CA (acquired Orchestria), Vericept, Fidelis Security Systems and Code Green Networks.
In such a crowded and loosely defined marketplace, how can you decide which product to implement? The first step is to determine your data protection requirements. Then assess your current security solutions and look for gaps in protection. Find a product that fills in those gaps while not paying for functionality you don’t need but making sure that you are getting a true enterprise-class solution. And finally, test the products in a lab or a small pilot project before rolling them out to your entire organization.
What to Look For
When evaluating products, make sure that they are strong on centralized management features. A well-managed DLP solution should configure, deploy and manage the client software throughout the enterprise on a variety of server and workstation operating systems. You’ll also need to know who did what so look for integration with Active Directory (AD) and lightweight directory access protocol (LDAP) in order to write policy for and report on existing users and groups within your organization. Browser based management is usually a plus so that an administrator can access the console from anywhere.
In addition to management and reporting, typical features for enterprise DLP products boil down to what and how they protect. Most can protect Microsoft Office documents and Adobe .pdf’s. Many can force encryption of documents and stop them from being transferred via email or removable media. Some can also prevent copying, pasting or printing of documents and digitally watermark them. Most DLP products of this class are policy based and can combine multiple protection methods on a user or group level.
Here are a few examples of DLP offerings that should make your short list:
Symantec Data Loss Prevention
Symantec Data Loss Prevention is a multi-component system designed to discover, monitor and protect confidential data. The software finds confidential data wherever it is stored and creates and maintains an inventory of it. It tracks how data is being used or created on a user-by-user basis. The solution works whether the users is on or off the enterprise network. Reports show who violates security policy with real-time notification for administrators and on screen pop ups alerting users that their actions are being monitored and blocked. Different modules provide network and endpoint coverage for email, web, instant messaging, FTP, P2P, and removable media.