Overall, the products passed our DLP tests by successfully blocking data transfers, quarantining or auditing sensitive data or warning the end user, depending how enforcement was configured. In some cases, tweaking and workarounds were needed to achieve a successful result. Only one product, Sophos Enterprise Console, passed all our endpoint tests without workarounds.
While there are many more similarities in the features of the products we tested than differences, a few things stood out. For example, Cisco's Ironport Email Security Appliance turned out to be even more flexible than expected. The Ironport ESA 'officially' supports Microsoft Exchange, but we got it to work just fine with our free hMailServer by setting up just a few simple SMTP rules to route mail to the ESA as the last hop out. It also protected data no matter which email client we used, which was not necessarily the case with the other DLP products, several of which failed tests when we used email clients such as Mozilla Thunderbird.
Surprisingly, we were able to wreak havoc across three products - Websense, Verdasys and Trend Micro - with Google's Chrome browser. While it seems a reasonable assumption that DLP products would support the most popular browsers (Chrome, IE, Firefox, and Safari), we quickly discovered this was not the case. In the products affected, we were initially able to freely upload and email sensitive data via Chrome without so much as a peep from the endpoint agent or DLP server, even when we had rules configured to prevent such transfers. All but one of the Chrome test failures were eventually resolved with workarounds.
Across the board we noted that the products could use better real-time synchronization of events between the server and endpoint agents. We did not delve into the causes -- our test network was a standard Ethernet wired LAN with gigabit connections and no network traffic except the server and the client, so we doubt that the latency issues related to the test environment. Since we were in test mode we were more impatient for real-time responsiveness, but maybe in a production environment if it takes a few moments more to synchronize endpoints, it might not be an issue.
Here are the individual product reviews:
Sophos: Content Control Management
We installed the Sophos Enterprise Console on a 32-bit Windows Server 2008 R2 Standard Edition Dell rack server. The installation utilizes a familiar wizard-type walkthrough and the install performs system checks to make sure the server meets minimum specifications.