DLP tools deliver strong endpoint protection

Sophos registers perfect test score; Trend Micro, Verdasys and Websense get high marks as well

1 2 Page 2
Page 2 of 2

Websense offers mobile endpoint protection through its Triton Mobile Security. This is a cloud-based solution provided via VPN so any registered devices, BYODs or company owned, can be registered and all traffic is routed through the VPN. This allows Triton to block access to websites and apps as well as provide full email DLP protection. We tested the mobile email protection with our lab iPhone and confirmed that we were not able to send or receive emails containing information in violation of the PCI-DSS and HIPAA policies that were set up for use in our tests.

The Websense Triton server comes with a rich DLP report catalog including numerous pre-defined reports and the ability to drill down to various detail levels. The reporting feature also allows the admin to take action on items that need to be resolved. Some customization is available and reports and data can be exported to several formats including PDF and CSV.


• 1,600+ predefined policies

• Optional configuration for geographical, logical or operational units

• Powerful, intuitive and comprehensive system console

• Ability to launch corrective action from inside the reporting module


• Doesn't natively support all popular browsers (namely Chrome) - the vendor is looking into this for a future release

How to choose a DLP Product

The DLP market is starting to mature, and products are becoming more stable, hence the very consistent 'passing' grades across products on our endpoint tests. With more similarities than differences in product features, choosing a DLP vendor is likely to hinge on considerations other than feature-by-feature comparisons. Factors such as market share, vendor strength and reputation, and TCO (total cost of ownership) should be taken into account. Organizations new to DLP may wish to deploy DLP solutions as a gradual process, starting out with easily implemented solutions such as a single-channel or hosted solution. Organizations who seek to immediately protect all channels and all network layers will more likely be drawn to full suite products they can install and maintain directly. (All of the vendors in our test offer DLP products beyond endpoint in one form or another.)

TCO is comprised of many elements, but in addition to product cost, organizations should expect a fairly significant learning curve if they have no prior experience with DLP and expect to jump right into a full DLP suite. The learning curve has less to do with plugging the vendor's product into the corporate network (which we found to be quite straightforward with all products tested), than going through the business process of deciding which data needs protection, what actions to take if policies are violated, and determining where the buck stops and who is allowed to 'override' the system. This gets into the area of usability and user productivity vs. data protection, a topic beyond the scope of this review, but not an area that should get short shrift. More than one vendor told us that DLP administrators who went about locking the network down without going through the proper management channels reduced their DLP product to 'shelfware' in rather short order.

It was nonetheless quite empowering to view the capabilities of each DLP tool we tested in real time as a mechanism for gaining control over what is becoming a battle that can no longer be waged by passive methods, such as viewing and analyzing server logs. While such data is useful, it is largely academic, since it cannot predict where the next data leak will come from, and log analyzers can't prevent loss, only report it after the fact. Whether an organization's data protection needs center around regulatory compliance, or protecting intellectual property or other sensitive corporate data, a good, centrally-managed DLP solution can greatly reduce attack risks (both from within and without). DLP products are becoming an essential component in the increasingly complex challenge of protecting digital assets.

Perschke is CSO for Arc Seven Technology. She is also an experienced technical writer, and has written numerous white papers for a number of organizations, including Fortune 500 companies. Susan can be reached at susan@arcseven.com.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
SD-WAN buyers guide: Key questions to ask vendors (and yourself)