Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Vendors Revamp Desktop Suites: Page 4 of 10

So how do incumbent vendors plan to hold their ground? With open checkbooks. Check Point, Cisco, McAfee, and Symantec have invested heavily in data leak prevention (DLP) over the past two years and are working feverishly to integrate the technology into their threat management portfolios. With good reason: More than 216 million personally identifiable data records have been exposed in the United States since 2005, according to the Privacy Rights Clearinghouse.

Symantec's $350 million purchase of Vontu brought network- and endpoint-based DLP technology into its portfolio. McAfee's $20 million purchase of Onigma and its endpoint DLP protection complements its internally developed network DLP product.

Both Symantec's and McAfee's network and host DLP products create fingerprints of sensitive data. The products then monitor outbound traffic for content that matches the fingerprint database and apply administrator-defined policies, such as quarantining. The endpoint products provide the same function and can be used to enforce leak policies even when the machine isn't connected to the company network.

These fingerprint-based DLP products aren't specifically mandated by regulations, but vendors are positioning them as compliance-friendly. Symantec also hints that DLP should be part of an information life-cycle management system, the domain of its Veritas storage products. Indeed, organizations face just as many requirements for information storage and archiving as they do for protecting live data. In Symantec's vision, administrators will be able to set policies on information as it's created and used by employees and partners, as well as policies that follow the same data through to its final disposition in an archive, where it will be stored according to requirements for e-discovery and record retention.

Like holistic risk management, global data life-cycle management is a grand vision and an ideal goal, but one whose implementation will require massive integration among myriad products.