Heightened data-loss prevention needs fuel arms race between vendors

Heightened data-loss prevention needs fuel arms race between vendors

Major security players have snapped up DLP specialists as enterprise adoption rises

In January, CA acquired start-up Orchestria and has renamed the gateway and desktop monitoring product CA DLP. CA DLP is integrated with encryption products from Voltage, PGP and BitArmor so data tagged as sensitive can be automatically handed off to be scrambled before transmission, if it's not blocked.

"CA is very big in identity and access management," says Mathew, noting DLP can be tied to CA's identity management product or anything LDAP enable such as Microsoft Active Directory to set DLP policy. If there's a weak point in DLP today, says Mathew, it's that DLP can't read encrypted documents. "If it can't read it, it can't analyze it to block it."

Hundreds of customers use CA DLP, including Bloomberg, which includes it with their terminals, says Matthew, and even competitor Symantec in the past OEMed Orchestria for content-filtering in Symantec Enterprise Vault.

Symantec acknowledges that's the case but prefers not to discuss that, and instead points toward the security firm's own future plans for Symantec DLP, based on its Vontu acquisition.

What was once Vontu is now called Symantec DLP Discover, Monitor, Prevent and Management with about 300 corporate and government customers using it, says Rob Greer, Symantec's senior director product management for data-loss prevention products.

Symantec has integrated DLP into its BrightMail e-mail security gateway. There's also been integration with the Symantec Altiris management software. Altiris v. 7 can be used to deploy and troubleshoot endpoint DLP Prevent and Discover agents.

"Today with the workflow capabilities of Altiris, we can communicate between an endpoint DLP agent and Symantec Endpoint Protection agent," says Greer.

This capability can be used to solve problems, he notes.

"Say an end user on a laptop is about to check out for the day and copy the crown jewels of the business," Greer says. "We could today identify that action is occurring, block it with the endpoint DLP, the incident gets recorded in the DLP system, and a message sent to Altiris to lock down that USB drive and doesn't let anything leave that laptop until the issue is resolved."

Although today Symantec isn't at liberty to discuss specific future plans, Greer said work to integrate DLP into Symantec storage systems can be expected. Symantec DLP Discover, for example, has already been integrated into Backup Exec System Recovery. And Symantec intends to introduce some open APIs for DLP.

Arch-rival McAfee is also out on the DLP battlefield, having acquired start-up Reconnex at the end of last year and now has about 500 DLP corporate customers, according to Mike Siegel, McAfee's senior director of product management.

McAfee's Host Data Loss Prevention and Network DLP Prevent and Monitor all work with McAfee's flagship ePolicy orchestrator console, and the host DLP is integrated with McAfee's SafeBoot encryption software to invoke encryption of sensitive data.

McAfee's host DLP software can be used alone or as an add-on to the flagship endpoint anti-malware security software that's part of McAfee's Total Protection for Data Endpoint suite. But there's still much more to be done, Siegel says.

McAfee is looking at taking the DLP engine and adding it to its Web gateway, e-mail gateway, firewall and intrusion-protection gear, something likely to occur next year, Siegel says.

The DLP battle for the enterprise is under way.

RSA, which has its own Data Loss Prevention Suite based on the Tablus acquisition but has also chosen to strategically partner with Microsoft and Cisco in a DLP technology-sharing arrangement, says DLP is going to end up as the "eyes and ears in many places," says Tom Corn, vice president of product strategy at RSA.

DLP can be viewed as a standalone product or as a feature in other products, Corn points out. RSA, as part of storage giant EMC which also owns VMware, will be putting DLP capabilities into products in all those realms -- though that may take time.

"Our DLP today can see inside Solaris file systems today and in our eRoom product line, and over time, there are reasons why classification technology should get built with back-up solutions," Corn says. While a lot of the work is still to be done, the vision at EMC/RSA calls for DLP to play a role in eDiscovery and life-cycle management."

What's not widely known about DLP is how much work from experts in language and library sciences is required to make content-monitoring work, says Corn. DLP is going to be used not just by speakers of English or other European languages, but by speakers of Chinese and Japanese, and RSA will soon come out with DLP products for that.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags DLP

Show Comments