RSA Security Inc. has unveiled four data loss prevention (DLP) products, designed to look for sensitive information in electronic documents on servers, PCs and travelling over corporate networks.
The Bedford, Mass.-based company, which is owned by storage vendor EMC Corp. of Hopkinton, Mass., plans to release DLP suite next month. The products use technology, originally developed by Tablus, which RSA acquired last August. The software looks for keywords and the context in which key words appear in documents. It also uses templates based on various privacy regulations.
IT managers can also use DLP Suite to prevent users from printing, e-mailing or saving sensitive information to removable media such as CDs and USB keys, and this makes it different from other DLP products on the market, said James Quin, senior research analyst with London, Ont.-based Info-Tech Research Group.
“Most other the other data leakage protection suites on the market focus on electronic communications, blocking e-mail, blocking Web mail, blocking FTP, blocking IM, whereas the RSA solution has a way to address down to the end point device,” Quin said. “I think that’s a big differentiator.”
Although Web mail is probably the most common method by which malicious employees send sensitive data to people who are not authorized to have it, the No. 1 cause of leaking data by mistake is by copying it on to a USB drive and then losing it, Quin said.
Tom Corn, RSA’s vice-president of data security products, said accidents are a major cause of data leakage.
“Through the course of our work we often end up with highly sensitive information and storing that on our laptop is really not all that critical to our job, but then one day that laptop is stolen out of back of a car and now you’re in a pickle,” Corn said.
DLP Suite includes two appliances and two software agents, Corn said. DLP Enterprise Manager is a server loaded with software that contains templates with regulations, and IT managers can add their company’s own policies. It includes a management dashboard and it sends policies out to end points, data centres and the network. RSA has a team that reads regulations and various “best practices” documents, and then builds templates that IT managers can use to dictates how sensitive data should be handled once it’s discovered.
To find sensitive data travelling through e-mails or Web mail traffic, the suite also includes DLP Network, an appliance that can block, quarantine or encrypt data.
DLP Datacenter is designed to look for folders with files containing sensitive information, while DLP End point is a software agent that can be installed on a PC or laptop, which can prevent sensitive data from being printed or saved to CDs and memory sticks.
“We’re doing deep packet inspection on the documents and triggering the enforcement action based on the contents of the documents, as opposed to what kind of a document is this and who’s owner of the document and what folder it came from,” he said. “If it contains a pile of credit cards, A, it should probably not be here in the first place but should definitely not be written out to a USB memory stick.”
IT managers can program DLP Suite components to take certain actions upon discovery of sensitive data, such as warning the user it should be deleted, or by sending an e-mail to a manager. Pricing varies by the number of users and the needs of the organization, Corn said, adding it would typically start at US$40,000.
“The pricing is certainly in line with the market, what everyone else is charging,” Quin said.
Forrester Research Inc. of Cambridge, Mass. estimates DLP deployments typically cost between US$100,00 and US$500,000 for licensing and support, but each data breach costs between US$90 and US$305 per record lost. In a recent report, titled “Oops! Data Leaks Are Not Just an American Problem,” Forrester senior analyst Thomas Raschke writes: “DLP deployment costs pale into insignificance next to the damage that a breach of this magnitude could inflict on most organizations.”
Raschke was unavailable to comment for this story.
Quin said the decision to spend this much money on DLP depends on a company’s security priorities and its total budget.
“Would I put in DLP in before I had a firewall? No,” he said. “What I’d really like to see is these organizations come out with a lightweight tighter smaller solution that fits the small and medium business, the little guys that have 10 to 50 employees but also have valuable information they need to protect but simply can’t afford to spend 40 grand on one tool. 40 grand might be their entire security budget for the year.”
