eSecurityPlanet: How to choose a DLP provider

Posted on by

Every day, data is leaking out of your network. You may not know it; you may even pretend to ignore it. But doing so carries high risk: a batch of stolen credit card numbers can be instantly published on a hacking Web site, and more targeted attacks can compromise your employees’ banking information or other identity thefts. Disgruntled terminated employees may decide to leave the premises with your customer or confidential data on their last day. And the threat of potential lawsuits has never been higher, especially with the economy in free-fall in the past year.

Luckily, there are more than ten different data loss prevention (DLP) products that are available, some from the major security vendors like McAfee, Symantec, and Trend Micro.

To help you in your quest, here are some questions to ask before you start evaluating your next DLP product:

  • Where does the product sniff out your data across your network? Does it find sensitive data just traversing your network, on your database and file servers, or does it inspect local desktops for stored Word documents on personal hard drives as well?  Can it look inside encrypted data streams too?
  • Can the product search for data without any endpoint agents installed, or can it be as thorough as it can with these agents installed? Some of the solutions can scan a lot of different file systems and a lot of different endpoint sources.
  • Can the DLP agents accomplish other security-related things on the endpoints? Some of the vendors offer port-blocking or can turn off USB connectors to block someone with a thumb drive removing all of your customer data in their pocket. Others can control which applications can and can’t be run on your endpoints.
  • What protocols can be blocked or analyzed? Certainly the ones involving email (SMTP, POP and IMAP), but what about Web and file transfers and Instant Messaging too?
  • How hard is it to create – and then change – protection rules?  Some products have wizards for easy creation, but then fall down when it comes time to change them outside the wizard. Others have more intuitive and graphical rules creation screens to make it easy to zero in on what you are trying to protect.
  • What happens when a rule is violated? Can you figure out who did the deed, where the offending information is stored, and what kinds of automated responses can be kicked off? Does the product come with lots of pre-set templates to make all of this easier?
  • Is the content analysis portion a separate or integrated piece of the product? In some cases, such as McAfee’s DLP solution, you are going to need several different products to be installed to enable a complete solution.
  • How fast can data pass through the appliance? Typically, you trade off effectiveness for performance. Some of the products can scale to fairly large networks, some can’t.
  • What kinds of reports are available, and how easy are they to interpret or import into your existing reporting systems? Does the product offer any real-time reporting capabilities and how flexible are these reports anyway?
  • How is the DLP solution integrated with endpoint security and proxying solutions? Some of the products in this list, such as Safend, began their lives as primarily endpoint protection solutions and have added DLP features to their protective measures. Others work hand-in-hand with the vendor’s endpoint products or proxies. Some will even integrate with third-party security products to varying degrees, such as Code Green which works with Blue Coat’s Web proxy products.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.