Visiting Nurses is considering this such interaction between its Websense Security Gateway and Cisco IronPort appliance. (Cisco, by the way, says its IronPort C-Series appliance will gain DLP functionality based on RSA technology by this fall.
Where to put your DLP
Whether to install DLP at the gateway or host level -- or buy a multipurpose security gateway with DLP or a stand-alone device -- is a topic for debate among IT and security managers.
Installing a DLP gateway is "a no-brainer," Forrester's Jacquith says, noting it's the least expensive and easiest way to get started.
But some vendors say there's been too much emphasis on the gateway when you take into account the mobility of employees.Trend Micro's global product marketing manager, Mark Bloom, voiced some dismay that his company (which acquired Provilla's LeakProof) is considered a niche player in DLP by Gartner because "we're focused on the endpoint." (See how Trend Micro and others fared in our recent endpoint DLP test.)
Trend Micro expects to offer DLP for the gateway in the near future. While LeakProof is a stand-alone DLP agent, the DLP functionality will be moving into Trend Micro's OfficeScan products in the early 2010 timeframe. "We're seeing a big push to have a content-aware endpoint," Bloom says. "We should have a single agent."
In fact, there's a broad march underway by IT vendors to integrate DLP functionality into existing security host and gateway products. These include:
* McAfee's host DLP software can be used alone or as an add-on to its flagship antimalware security software that's part of its Total Protection for Data Endpoint suite. McAfee is looking at integrating the DLP engine into its Web gateway, e-mail gateway, firewall and intrusion-protection gear in the coming year.
* Microsoft and VMware anticipate integrating RSA DLP technology into future products, though this is still in the early stages. RSA is the security division of EMC, which is the majority owner of VMware.
* Symantec, which integrated DLP into its Brightmail e-mail security gateway, has also begun integration with its Altiris management software. Altiris 7 can be used to deploy and troubleshoot endpoint DLP Prevent and Discover agents so that there's communication between the DLP endpoint and the Symantec Endpoint Protection agent, its flagship security software. Integrating DLP into Symantec storage systems can be expected in the future. Symantec DLP Discover, for instance, has already been integrated into Backup Exec System Recovery, and Symantec intends to introduce some open APIs for DLP.