The CI appliance offers administrators an impressive array of data discovery capabilities. Using the pre-defined patterns supplied by Code Green, IT can centrally scan unstructured data and file systems, along with structured databases.
Discovery is a key feature because while administrators and business unit owners have a general idea of where critical information resides on the network, we all know that such information tends to end up in unexpected places, whether an old file server or a user's laptop. The discovery capability helps administrators sniff out these caches of sensitive information on the network and on endpoints.
The only glaring weakness we discovered was the need to have an endpoint agent intermediate the discovery process between the CI appliance and the data source being crawled.
In future revisions, we'd love to see Code Green implement truly streamlined enterprise data discovery, but what's available now is robust enough to meet the discovery needs of most environments.
Reporting is also well implemented on the CI appliance. Administrators can generate custom reports and apply them to a customizable reporting dashboard that can be used to quickly check the security state of the network. In addition, database administrators can hook into the CI appliance database via ODBC or JDBC drivers for integration with an enterprise network monitoring or incident management system.
The CI appliance's threat detection, alerting, and mitigation capabilities met most of our needs. The appliance won't block malicious peer-to-peer applications from running on your network, but it will protect your critical data from being absorbed by such applications, so we found that complete data discovery and data fingerprinting was vital to successfully protecting our data in the test lab.
The CI 1500 did a good job alerting us via e-mail and on the main dashboard when a particular policy violation was detected, and it also prevented data leakage via SMTP, FTP, and HTTP when used in conjunction with our Bluecoat Proxy SG via ICAP.
The only spot where the CI appliance fell short was its inability to prevent the leakage of sensitive data within the internal corporate network. The Packet Monitor can only report these leaks; it can't stop them. As a result, it's possible for someone to copy sensitive data to a workstation on the internal network or to a third-party laptop that's unprotected by the CI Agent, and from there leak sensitive data to a thumb drive or some other external device.
The CI appliance is a solid performer in the data discovery area, and aces complex pattern matching. We were a tad disappointed with Code Green's endpoint protection capabilities, but were satisfied with the range of threat detection, alerting, and mitigation features offered.
To build a truly comprehensive data loss capability, you'll need to add more robust third-party endpoint protection. However, there's no doubt that the CI Appliance can be an effective player as part of your overall DLP strategy.
The CI 1500 Appliance lists for $25,000 and includes protection for 200 users. Licenses for additional users are available. The company recommends a maximum of 5,000 users per CI 1500 Appliance. The CI Agent software is licensed separately and ranges from $7.50 per client to $24 per client based on license count.
Randy George is an industry analyst covering security and infrastructure topics.