I love this saying that this DLP vendor invented. In my writing I am not going to suggest my favorite vendors because my integration company has assessed and integrateed a variety of them. What I can tell you is that when choosing which product is correct for you do some reading first about the support costs of supporting them. It is super important to assess your needs first. The vast majority of DLP solutions are ripped out and replaced due to the excessive management overhead….CXO and IDG Group.
To help you determine assessment criteris, David Strom writes:
“There are more than a dozen different DLP vendors. We show you three typical products, how they work, and what kinds of information they track.
1) Global Velocity’s GV-2010 security appliance,
2) BlueCoat Networks DLP appliance, and
3) Sendmail’s Sentrion email server.
4) SonicWall (Bill Murphy note: I added them in because of my experience with them and success with easy to implement and manage email and DLP solutions)
5) ZIX (Bill Murphy note: this is a great way to leverage your network based DLP and encrypt the data to a recipient. It also has very lightweight DLP functionality as well)
David Strom’s article is here: SUMMARY LINK AT ITWORLD
Each is designed for somewhat different situations, which is why we have collected them together. Before you dive into these products, you might want to address the following questions:
Who will own the DLP process in your organization: Will it be the general IT staff, the infrastructure management group, the desktop security group, or some other combination? Depending on this ownership might compel a particular collection of DLP products. Where does DLP presently touch your existing IT security infrastructure? Most firewalls and email servers have some DLP capabilities; the tricky part is being consistent across your enterprise and getting a specialized DLP product that can complement and in some cases work with these legacy devices. Are you looking at total DLP protection, for endpoints, data in motion and file server data? No single product can handle all of these situations; so how each vendor partners and integrates with others for complete coverage is critical. Do you want something to decrypt emails and https traffic? Not all products can see inside these protocols without some additional work…….)
I also love the blogs that follow David’s article HERE. It is a great way to learn about how people are responding to well written security articles.
One final note, make sure that when you are chosing a Cloud Email solution. There is a particular type of routing (smarthost) that we found works with USA.net when it comes to leveraging your DLP infrastructure into the Cloud. BPOS will not work, or Google, or Blue Lock or Intermedia, or Rackspace. When you start to develop your on-prem versus off-prem solution pay attention to this for sure.