Skip Links

DLP tools deliver strong endpoint protection

Sophos registers perfect test score; Trend Micro, Verdasys and Websense get high marks as well

By Susan Perschke, Network World
August 13, 2012 12:03 AM ET

Network World - With serious data breaches occurring on almost a daily basis, concerns about data protection have skyrocketed. While some experts believe endpoint breaches may no longer comprise the majority of data leaks, the intentional or unintentional release of sensitive data from endpoints within an organization, whether by employees, contractors or guests, remains a serious problem that data loss prevention (DLP) products seek to address.

We tested broad-based DLP products from four vendors: Sophos, Trend Micro, Verdasys and Websense, plus we tested Cisco's Ironport Email Security Appliance (see sidebar). (Symantec, TrustWave, McAfee, Code Green Networks, RSA and Computer Associates were invited to participate, but declined.)

Our overall conclusion is that these products work well in blocking unintended releases of sensitive information, and also work just fine in an environment where the IT department has control over the types of email systems and browsers that are being deployed by end users. In a scenario where an end user is determined to find holes in the DLP system, IT needs to be extra vigilant.

For example, we found that we could thwart some of the DLP systems by using Mozilla Thunderbird for email. The vendors told us the workaround was simple enough: block the use of non-Outlook email. But this example points to the fact that a successful DLP deployment requires constant attention. (See how we conducted our test.)

Next up for DLP: the cloud

All five products tested were easy to install and we experienced no difficulty getting each product up and running on our test LAN, usually within an hour. DLP policies and enforcement rules were easy to create and deploy in our test environment, once any applicable endpoint agents were in place, although some server consoles, notably Websense and Verdasys, seemed more intuitive than others. As we expected, policies were enforced regardless of our status as Windows users - i.e. being a system administrator in Windows did not allow us to bypass rules.

Overall, the products passed our DLP tests by successfully blocking data transfers, quarantining or auditing sensitive data or warning the end user, depending how enforcement was configured. In some cases, tweaking and workarounds were needed to achieve a successful result. Only one product, Sophos Enterprise Console, passed all our endpoint tests without workarounds.

While there are many more similarities in the features of the products we tested than differences, a few things stood out. For example, Cisco's Ironport Email Security Appliance turned out to be even more flexible than expected. The Ironport ESA 'officially' supports Microsoft Exchange, but we got it to work just fine with our free hMailServer by setting up just a few simple SMTP rules to route mail to the ESA as the last hop out. It also protected data no matter which email client we used, which was not necessarily the case with the other DLP products, several of which failed tests when we used email clients such as Mozilla Thunderbird.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News