Skip Links

Data loss prevention comes of age

McAfee, Sophos shine in test of data loss prevention tools that can do it all

By Benjamin Blakely, Mark Rabe, and Justin Duffy, Network World
April 19, 2010 12:09 AM ET

Page 2 of 6

Installation of the Sophos Enterprise Console was also quite easy (though it too requires an Internet connection for activation and updating). The only issue here was that the update manager, which must be run before the software can be deployed to clients, does not yet support Windows Server 2008 R2. We sidestepped this issue by running it in Windows XP compatibility mode, and Sophos has advised us that the next version of the software will support 2008 R2.

Rollout of the client to endpoints is eased by the ability to synchronize the client list with Active Directory, and automatically deploy the software to new computers. One issue we ran into was that the updater uses a Windows file share to fetch updates, so firewall rulesets and share permissions will need to be configured accordingly.

Existing Sophos customers will be pleased to know that the DLP software makes use of the existing Sophos client software, so adding DLP is only a matter of rolling out additional rules. Sophos uses the same engine for both antivirus and DLP.

Configuration and functionality

The bulk of our testing consisted of test driving the management interfaces. The configuration of both products turned out to be very easy – a real pleasure after some of the more Spartan interfaces we've experienced in previous reviews. Both products also proved to be feature-rich and each had its own unique innovations.

In the current version of its DLP products, McAfee has a separate management interface for host DLP and network DLP. We found the pre-generated rules, dictionaries, and policies to be the same between them, but it was necessary to create the policies in both places, and thus monitor it in both places. Thankfully, the upcoming Version 9 will integrate these both into the ePolicy Orchestrator console (though leaving the option to manage them separately if desired), so that policies can be deployed to all levels of the network from a single interface.

One of the biggest things we were looking for was an "out-of-the-box" start to policies for compliance. We were happy to find templates for HIPAA and PCI, and also for identifying personally identifiable information (PII) that we were able to use for our rules.

In addition to a number of other compliance templates (FISMA, GLBA, SOX, and FERPA), McAfee also provided a number of intellectual property templates for finance, legal, pharmaceutical, entertainment, and high-tech organizations, and more general templates, such as acceptable use, disgruntled employees, and competitive information. Granted these would all need a great deal of tweaking to meet the needs of a specific organization, but they provided a solid starting point for a security or compliance administrator.

The biggest difference between these two vendors was found in the methods available to detect policy violations. McAfee offered the ability to fingerprint (register) documents, including automatically scanning a network share on our file server for documents to register. This way, the onus for document protection can be on the end-users. If the accounting department has a document they need to protect, they need only to copy it to this shared volume and it will automatically be registered for detection.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News