Data Leak Prevention
Introduction
Champion
The current stress in the worldwide economy
has manifested itself in many ways. As well
as macro economic upheaval and the
challenges it presents the public and
private sector, more practical and Vericept
localised issues are appearing,
including the increase risk to Symantec TrendMicro
Fidelis Security Systems
RSA
businesses of data loss. Cisco
McAfee Sophos (Utimaco)
CA (Orchestria) Microsoft
Previous work at Bloor Workshare
Research has underpinned Websense
Adobe Tumbleweed Comms.
the significance of the inside GTB Technologies Safend
3BView Code Green Networks
threat to data loss. Whilst Lumension Security
PGP
this problem has often been Clearswift
attributed to the “incompetent FrontRange Solutions Verdasys
and non-malicious” user
Cha
releasing data by mistake
or
the increasing numbers
vat
of disaffected white-collar
ll
en
knowledge workers being made
no
redundant is seeing an increase
ge
In
in “competent and malicious” data
r
loss incidents.
Publicity surrounding significant data loss
incidents over the past year has brought
the issue to the fore. Senior politicians have Figure 1: The highest scoring companies are nearest the centre. The analyst
become embroiled in public sector episodes then defines a benchmark score for a domain leading company from their overall
ratings and all those above that are in the champions segment. Those that re-
as much as private sector company directors. main are placed in the Innovator segment if their innovation rating is over 2.5 and
Challenger if it is less than 2.5. The exact position in each segment is calculated
Clearly data loss can be summarised in based on their combined innovation and overall score.
one word—risk—and it is up to security
Market Update
professionals to work with the business to
mitigate this risk, be it to shareholder value, and encryption is referred to as Enterprise Data
reputation or personal embarrassment. Protection and is the subject of another Market
Update from Bloor Research.
Data protection often starts with the creation of
IT security policies through to user education Data leak prevention and data loss prevention
and the deployment of supporting technology. are generally synonymous terms but data loss
prevention has also been used to describe data
Data leak prevention can play a significant encryption. The term ‘extrusion prevention is
part in this data protection as it prevents also used by some vendors to describe data leak
unauthorised data leaving an organisation’s prevention.
endpoints. It does this using a variety of
techniques, including key word matching, Data leak prevention technologies can be quite
traffic pattern analysis, network monitoring advanced as they need to determine the validity
and file tracking. Although no data leak of a piece of data being moved from one place
prevention vendor would ever guarantee 100% to another without stopping legitimate business
of all leaks would be prevented, a solution access to the data.
such as this can form a major part of an
organisation’s security strategy. In some systems analysis is undertaken of the
data traffic pattern over a period of time to
Many organisations are combining data leak determine where data tends to originate and
prevention with data encryption so that if any terminate and which users are involved in the
significant data does leave the organisation it process. It will also look at the mechanism used
will remain encrypted and therefore unusable to transfer the data such as email, USB, CD/DVD
to anyone other than an authorised recipient. or any one of the many other data transmission
This combined approach of leak prevention mechanisms. Data leak prevention systems
will often detect the use of keywords during There is also considerable discussion about
the attempted data transmission, picking the viability of data leak prevention solutions
up on obvious candidate terms such as in general as a number of customers are
“confidential” and “executive” to indicate a reporting they have been oversold on a
potential leak. particular solution. Data leak prevention
has been referred to as shelfware by some
Some solutions act at the network packet detractors.
level reviewing data as it passes through
the network. These systems will analyse a For the purposes of this market update the
particular file or set of data and determine if following product areas have been covered:
its use is appropriate rather than examining
explicit user behaviour. Over time a data • Data leak prevention
leak prevention solution will often build up
a comprehensive map of data movements • Endpoint level data leak prevention
and be able to flag potential violations.
• Network level data leak prevention
This flagging will often be in the form of a
message to the user telling them that the • Data loss protection
data movement they are attempting may
be in violation of the data leak rules for an • Digital rights management
organisation. The user may then be given an
opportunity to justify their action, sometimes • Data loss prevention
by typing into a suitable dialog box, which can
then be sent to a line manager for review. Of Vendor landscape
critical importance to users is that the system
does not become a burden and an obstruction In January 2009, CA announced that it was
to their normal work. In many cases the to acquire data loss prevention vendor
number of false positive or false negative Orchestria.
activations may change over a period of time
as the data leak prevention system learns In December 2008, Microsoft announced that
what is acceptable behaviour for particular it was integrating Data Loss Prevention (DLP)
users or data sets. technologies from RSA into its platform and
future information protection products. EMC
Digital rights management (DRM) is starting has engineered RSA DLP Suite 6.5 to integrate
to be used as a way of preventing data with Microsoft Active Directory Rights
leaks. Often with a DRM solution meta data Management Services.
is carried with a piece of data describing
who may or may not have access to it. Using In October 2008, Symantec announced it
this technique some vendors promote the was to purchase messaging security firm
notion of security travelling with a set of data MessageLabs for $695m in cash. The company
wherever it goes. An analysis of DRM vendors said it will merge MessageLabs with its own
is outside the scope of this Market Update but Symantec Protection Network for a software-
some have been included where they have a as-a-service offering. This will incorporate
complementary data leak prevention offering. Symantec technology in data loss prevention,
compliance, endpoint security and archiving.
A number of vendors also provide content
inspection appliances to monitor data In September 2008, Sophos announced that
as it passes through a network. Where it had purchased Utimaco, a data security
appropriate, these have also been included in company with a range of encryption and data
this report when complemented by a data leak loss prevention products that would become a
prevention offering. new business unit within Sophos responsible
for information and data protection
Key market issues
In August 2008, McAfee said it had agreed to
The data leak prevention market has a pay $46m to buy data loss prevention firm
number of vendors with different approaches Reconnex.
to preventing data leaks. Terminology will
often differ as vendors attempt to differentiate In June 2008, Symantec Corp. announced
their product set from others. Of interest is that an updated version of Vontu Data Loss
the move by both data leak prevention and Prevention was being released featuring
encryption vendors to form partnerships, or to enhanced management and support of native
become acquired, to provide a broader product SQL database scanning. This was the second
offering. This is probably in recognition of the DLP product release since Symantec’s
fact that data leak prevention will never be acquisition of Vontu in December 2007.
100% successful so it makes sense to protect
data using encryption as well.
Summary and conclusions
Data loss events have a higher profile now The future of data leak prevention appears to
than ever before. Coupled with widespread be more and more entwined with that of data
uncertainty about corporate stability and encryption as vendors form partnerships,
the consequential removal of data by staff alliances and make outright purchases. This
around a downsizing, organisations face more may indicate a general feeling that any data
challenges to their data than maybe ever on leak prevention deployment should be paired
the past. with complimentary technologies to help
ensure its success. Ultimately it is up to end
There is no doubt that a properly configured users to determine if data leak prevention
data leak prevention product can be a will work in their organisation and, if not,
significant part of an organisation’s security what alternative steps they see themselves
strategy. This Market Update has highlighted taking to prevent data escaping their control.
how vendors in this area are constantly In reality there are few options currently
striving to create new and innovative ways to available.
detect and prevent data leaks using some very
smart techniques. In the current uncertain times, not having a
data loss prevention strategy could be seen by
Some potential customers remain many as recklessness.
unconvinced as to the benefits of data leak
prevention and even describe it as shelfware. Nigel Stanley
This is an ill-considered judgement and Data Leak Prevention
demonstrates a lack of understanding of the March 2009
available technology and the benefits it can
bring to many organisations, even if it is found
unsuitable in their particular circumstances.
2nd Floor
145—157 St John Street
London, EC1V 4PY
United Kingdom
Tel: +44 (0)207 043 9750
Fax: +44 (0)207 043 9748
Web: www.BloorResearch.com
For additional information relating to this subject visit http://www.BloorResearch.com/update/1017 email: info@BloorResearch.com