In Brief
Security Analyst to DLP Vendors: Watch Your Language
It seems most security vendors sell DLP products these days. But look under the hood and you'll find the technology doesn't exactly perform as advertised, former Gartner analyst and Securosis founder Rich Mogull warns.
By Bill Brenner, Senior Editor
Of course, like any technology, the perception of what is truly DLP depends on who you ask.
Imran Minhas, information security officer at the National Bank of Kuwait, said in his personal opinion DLP means prevention of confidential, restricted or internal-use data being leaked. User access to public/personal e-mail such as Hotmail and Yahoo are major concerns in this area.
"I haven't seen every single product out there but so far Symantec seems to be the best for DLP, mainly because of the ease of use," Minhas said.
Wayne Proctor, CISO at First Data USA, said the major trend he has observed in the DLP marketplace is for the vendors to extend from monitoring content only in outgoing traffic to monitoring other sources of data (primarily data at rest and data on endpoints).
"I don't view this as twisting the meaning of DLP but just leveraging their content evaluation engines to offer additional services," he said.
Proctor added that some of the DLP vendors offer services that are not leakage related, such as identifying potential disgruntled employees and persons who are downloading software that is not approved for usage on a company network.
"These types of additional services are certainly beyond the core focus of DLP but these are also value-added services that are fine to offer as long as the performance and effectiveness of the core DLP offerings are not negatively impacted," he said.
So how can an IT security practitioner avoid confusion when exploring DLP options? Mogull offers this parting advice:
"I don't care what someone calls what they are putting in front of me. Words can mean almost anything. I force the vendor to tell me in specific terms how their product does what it does. You say it prevents data loss? Great. Tell me exactly how. Oh, you encrypt. Oh, you monitor incoming content. Great."
The problem, he said, is that vendors often don't want the customer to know exactly how the product works. Therefore, it's the customer's responsibility to ask the probing questions.
Other stories by Bill Brenner
Data Loss Prevention
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
