When the server is installed it creates a bootstrap location that can be shared on the network. This contains an executable that can be run on the client endpoints to install the agent. The agent install was straightforward, but on our endpoint it did not provide any notification to indicate that the install was complete. This could be intentional to streamline remote installation.
The web-based Enterprise Console provides a rich user interface with numerous management options.
However, this is a console that is capable of managing more than just DLP, so there are a lot of drop-downs and menus that are shown, but disabled until you are in the right section for these to become active. For example, intuitively we tried to open the 'Policies' menu at the top, but all the selections were grayed out. At first we thought we had the wrong license activated, but as it turned out we had to click on a different section below the menus to actually get to the DLP policies. A bit counterintuitive, but once we found it, everything proceeded smoothly.
We were able to easily create and edit rules, whether custom or based on predefined policies. This screenshot shows some of the many predefined options available just for managing credit card data.
After some minor tweaking all of the rules behaved as expected (blocked or warned) and Sophos was the only product that did not fail any of our DLP tests.
The Enterprise Console comes with about ten pre-defined reports and includes the capability to create custom reports with a variety of parameters. Reports can be output to multiple formats such as PDF, HTM, Excel and XML.
" Very comprehensive device and application control
" Supports Google Chrome browser
" Passed all tests without workarounds
" Endpoint took too long to retrieve latest policies from server
" Console menus could be more intuitive
Trend Micro System: Tested Trend Micro Data Loss Prevention for Endpoints
We chose to install the Trend Micro server as a bare-metal Linux server and it took less than 10 minutes to get the server up and running. The agent install was a bit more cumbersome as we needed to copy files to the endpoint and run a DOS prompt command in order to install, as the .msi executable did not succeed, even after re-imaging the Windows 7 client. A reboot was needed to activate the agent and obtain the latest policies from the server.