August 13, 2012, 11:42 AM — With serious data breaches occurring on almost a daily basis, concerns about data protection have skyrocketed. While some experts believe endpoint breaches may no longer comprise the majority of data leaks, the intentional or unintentional release of sensitive data from endpoints within an organization, whether by employees, contractors or guests, remains a serious problem that data loss prevention (DLP) products seek to address.
We tested broad-based DLP products from four vendors: Sophos, Trend Micro, Verdasys and Websense, plus we tested Cisco's Ironport Email Security Appliance (see sidebar). (Symantec, TrustWave, McAfee, Code Green Networks, RSA and Computer Associates were invited to participate, but declined.)
Our overall conclusion is that these products work well in blocking unintended releases of sensitive information, and also work just fine in an environment where the IT department has control over the types of email systems and browsers that are being deployed by end users. In a scenario where an end user is determined to find holes in the DLP system, IT needs to be extra vigilant.
For example, we found that we could thwart some of the DLP systems by using Mozilla Thunderbird for email. The vendors told us the workaround was simple enough: block the use of non-Outlook email. But this example points to the fact that a successful DLP deployment requires constant attention. (See how we conducted our test.)
All five products tested were easy to install and we experienced no difficulty getting each product up and running on our test LAN, usually within an hour. DLP policies and enforcement rules were easy to create and deploy in our test environment, once any applicable endpoint agents were in place, although some server consoles, notably Websense and Verdasys, seemed more intuitive than others. As we expected, policies were enforced regardless of our status as Windows users - i.e. being a system administrator in Windows did not allow us to bypass rules.