Data loss prevention comes of age

McAfee, Sophos shine in test of data loss prevention tools that can do it all

By Benjamin Blakely, Mark Rabe and Justin Duffy, Network World |  Software, Data Loss Prevention

This wizard was one of the best we've seen. It was well designed, provided helpful information at each step, and did a number of checks to verify proper configuration (even testing to make sure its network connections weren't cross-wired). The only issue we ran into was that, in our isolated environment, we didn't have a connection to the Internet. The product needs to be able to connect back to Sophos to test its connectivity and download a large (200MB) license file. We were able to get around this using a proxy server.

Sophos also gives the administrator the option to relay status information about the ES1100's health back to Sophos. The administrator can elect to receive notifications if a critical or non-critical error (or both) is detected. This proactive support could stave off a major service interruption, but the exact criteria for these alerts are not defined so it's hard to say for sure.

Installation of the Sophos Enterprise Console was also quite easy (though it too requires an Internet connection for activation and updating). The only issue here was that the update manager, which must be run before the software can be deployed to clients, does not yet support Windows Server 2008 R2. We sidestepped this issue by running it in Windows XP compatibility mode, and Sophos has advised us that the next version of the software will support 2008 R2.

Rollout of the client to endpoints is eased by the ability to synchronize the client list with Active Directory, and automatically deploy the software to new computers. One issue we ran into was that the updater uses a Windows file share to fetch updates, so firewall rulesets and share permissions will need to be configured accordingly.

Existing Sophos customers will be pleased to know that the DLP software makes use of the existing Sophos client software, so adding DLP is only a matter of rolling out additional rules. Sophos uses the same engine for both antivirus and DLP.

Configuration and functionality

The bulk of our testing consisted of test driving the management interfaces. The configuration of both products turned out to be very easy -- a real pleasure after some of the more Spartan interfaces we've experienced in previous reviews. Both products also proved to be feature-rich and each had its own unique innovations.

In the current version of its DLP products, McAfee has a separate management interface for host DLP and network DLP. We found the pre-generated rules, dictionaries, and policies to be the same between them, but it was necessary to create the policies in both places, and thus monitor it in both places. Thankfully, the upcoming Version 9 will integrate these both into the ePolicy Orchestrator console (though leaving the option to manage them separately if desired), so that policies can be deployed to all levels of the network from a single interface.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness