Data Leak Prevention Tools
September 22, 2006
In most enterprises, there are several access-control mechanisms--firewalls, encryption, and clearly defined permissions and access-control lists. Yet these defenses aren't working. Thefts keep occurring. If you have the time to read all the news reports (don't worry, no one else does, either), you know that many of these breaches occur despite the usual controls, because the usual controls are pointed at invaders from the outside but ignore the inside jobs. That is, users caught with 10,000 customer identification records are users who were allowed access to the records. If no electronic access policy is violated, no alarm is ever set off.
A surprising amount of enterprise data leaks, whether from malicious origins or not, happen because of authorized users. Forty-nine percent of companies reported they experienced an internal security breach in the past year, according to Deloitte's 2006 Global Security Survey. Of those, 31 percent experienced a breach from a virus/worm incident, 28 percent through insider fraud and 18 percent by means of data leakage (19 percent experienced the breach through other means). It's also somewhat significant that fully 96 percent of respondents reported that they are "concerned about employee misconduct involving their information systems." Wow.
We invited three vendors--PortAuthority Technologies, Tizor Systems and Vontu--to our Neohapsis partner labs so we could examine products designed to help stop data leaks from a corporate network. The three offer different types of products, but they are used for similar functions. Tizor's Mantra is a database-transaction-monitoring tool that can be used for transaction auditing. Vontu's and PortAuthority's products are similar in that they sit at the edge of the network and monitor all outgoing traffic. But Vontu's eponymously named software suite is designed around incident response, and PortAuthority's appliances lean more toward standalone enforcement.