Best data loss prevention tools

Perimeter DLP tools require fine tuning to effectively block 'bad' data from escaping the network

1 2 Page 2
Page 2 of 2

Palisade's Packetsure tries to implement the functionality needed in report generation, but doesn't quite get there. The interface seems very clunky and there is an annoying wait of 3 to 5 seconds whenever you want to generate a report. However, Packetsure has a very useful protocol graphing tool that allows you to see, in real time, what kind of traffic is moving across your perimeter (even allowing an administrator to drill down to specific applications). It would be nice if this was tied to the blocking feature in some way, but it's not.

GTB's Inspector lagged behind the competition in terms of reporting. It provided acceptable, straightforward reports and even included the ability to generate graphs to help interpret the data. It doesn't miss the mark on reporting; it just wasn't nearly as impressive as the other three products.

Product summaries

Fidelis XPS: Overall winner

Fidelis XPS was the most developed product in overall features, general flexibility and its ability to block.

It has a "Command Post" server to handle management and configuration, a mail sensor server (provided via built-in Postfix SMTP proxy), and a Web sensor (implemented via a third-party BlueCoat Web proxy appliance).

Installation isn't simple, but it didn't take more than a few hours to get XPS set up and running. The built-in help links are very useful when writing rules and the XPS includes the ability to test rules that you write. The XPS does a great job of remaining flexible across all protocols yet still maintaining the ability to block on these protocols. The management interface allows you to easily create rules and see reports.

This product was the fastest we tested, blocking 80% of harmful files, while only taking a 10% performance hit. If you are looking for a product to block a variety of protocols and applications, in addition to the standard HTTP and SMTP, look no further.

Palisade's Packetsure: Two products in one

Palisade's Packetsure product seems to contain two products in one: a protocol analyzer and a content analyzer. Packetsure had a high detection rate, but the slowest speed, performing at 50% of maximum bandwidth. This product has some interesting features such as the ability to help set up the product via a VPN and a useful graph showing data passing in and out of the network.

Installation was simple and straightforward, accomplished in less then an hour. The initial setup was assisted greatly by the use of a wizard. However, altering rules after using the wizard is bothersome and reporting is more difficult and clunky than it could be.

Code Green's Content Inspector: Tops in detection

Content Inspector was the best product tested when it comes to detecting data leakage. However because it can only block a few protocols, the detection is not well used.

Installation was very simple and configuration was easy to understand without reading any manuals. This is the only product that allowed every rule to be implemented. This product was able to detect 90% of the data we threw at it, which is almost double some of the other competitors. The 10% they missed was because of lack of support for encrypted traffic streams (SSH sessions), which no product supports.

However it can only block files on four of the tested protocols: HTTP, HTTPS, FTP and SMTP, three of which are done using a third-party BlueCoat Proxy device and the last is done using a built in mail relay. When blocking using one of these methods, this product was flawless, blocking every file it could detect. However this lack of blocking ability across a wide variety of protocols was the largest drawback in Code Green's Content Inspector.

GTB Inspector: Consistently solid

GTB's Inspector was a very consistent product but is limited in rule generation. Installation was a headache, taking nearly eight hours to set up. However after the product was set up and configured it was extremely consistent. What it detected and blocked on one protocol it detected and blocked on every protocol it supported.

The problem was that it was only able to check based on certain rules and those rules were limited. About half of our detection tests failed on this product because the rule types are not supported. However, even with its lack of rule support, it still caught 62% of the illegal files. Across supported protocols, this was the only product to score a 100%, catching every single file we could send through the machine at the 80% network bandwidth it allowed.

Another redeeming quality is that GTB's Inspector has a very powerful and robust fingerprinting ability allowing all sorts of customization.

Evans manages the Internet-Scale Event and Attack Generation Environment (ISEAGE) at Iowa State University, a testing facility built to simulate any network architecture. This lab also performs disaster recovery tests and network penetration tests. He is also a doctoral candidate in Computer Engineering as Iowa State. He can be reached at nateevans@me.com.

Blakely is a concurrent graduate student in Information Assurance at the Iowa State University of Science and Technology. He is pursuing his Doctorate of Philosophy in Computer Engineering. He works as a research assistant at ISEAGE, and has 10 years of systems administration experience in the education, public, and private sectors. He can be reached at bablakely@gmail.com.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
IT Salary Survey 2021: The results are in