Attacks/Breaches
7/30/2009
11:30 AM
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Rolling Review: Symantec's DLP-9

Symantec's DLP software provides robust leak prevention for endpoints and on the network.

InformationWeek Green - August 3, 2009 InformationWeek Green
Download the entire August 3 issue of InformationWeek, distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree
for each of the first 5,000 downloads.

In the InformationWeek Labs, we take pride in exposing bugs, flaws and security holes in the products we test. Today, we bury our pride and tip our hats to Symantec for bringing to market almost everything we look for in a comprehensive data loss prevention suite via its DLP-9, formerly from Vontu.

We challenged vendors to submit products to satisfy a wide range of DLP needs for midsize and large organizations, including robust endpoint protection, agentless data discovery, quality reporting and alerting, threat detection, and mitigation, along with centralized management and policy distribution. Symantec DLP-9 delivers an impressive array of features in each category.

Starting At The End
Symantec DLP-9 has three core modules: Endpoint DLP, Network DLP, and Storage DLP. Policies can be defined, distributed, and reported on centrally via the Enforce Server, Symantec's Web-enabled management platform.

The DLP-9 Endpoint agent is a relatively small client, around 25 MB. When a user is off the corporate network but still online via a home or public Internet connection, or if you haven't deployed the network components of the DLP suite, the endpoint agent enforces policy so that users can't expose sensitive data through actions such as attaching a document with sensitive information to Web mail or copying and pasting protected content to a Web site.

The agent takes a different approach to enforcement compared with other products we've tested, and it's not necessarily better. Rather than wrapping policy around physical ports on an endpoint, policy is applied to the data you want to protect. For example, you can't shut down a USB port on a given endpoint completely, but you can prevent confidential data from being copied to removable media. This allows for greater flexibility for end users, because they can use their USB ports for legitimate business needs, while the policy engine stops unauthorized copying of sensitive information. However, this setup puts the onus on IT to identify and fingerprint sensitive files and documents and then ensure the appropriate polices are in place on all endpoints.

This is not a one-time operation and will require ongoing effort, particularly for large or distributed enterprises and those companies with a significant population of mobile workers. To help alleviate this issue, Symantec provides for broad policies to identify data types, such as Social Security numbers, that shouldn't be allowed to be copied to removable media.

DIG DEEPER
The Rise Of Data Loss Prevention
Our analysis of DLP tells you everything you need to know.
The endpoint agent is extremely configurable in terms of the amount of resources you can allocate to various tasks. For example, during an endpoint data discovery task, in which the agent scans the computer for sensitive information, you can set a bandwidth threshold in megabits per second. You can also throttle back the agent during periods of high CPU use or disk I/O, or low battery life.

The only weak link we see on the endpoint is that Symantec's ability to detect various peer-to-peer protocols is port based, so you'll need to rely on upstream security devices to detect and block P2P apps using a signature-based detection engine. We'd also like to see more physical-layer control, such as the ability to completely disable USB/Firewire ports and other removable media devices. Built-in encryption and robust application control capabilities would also be welcome. Those features can be had by licensing Symantec Endpoint Encryption separately, but we'd like to see them merged into the agent.

Our Take
SYMANTEC DLP-9
DLP-9 met every challenge in our Rolling Review of comprehensive data loss prevention suites
Symantec's componentized architecture lets IT shops license and deploy various DLP features on an à la carte basis.
Enterprises pick their own hardware, and the software maintains impressive scalability.
With a list price starting at $25,000, DLP-9 is aimed at midsize and large enterprises.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.