Security is about optimizing business performance
Symantec uses a variety of detection technologies to ensure accuracy and eliminate false positives when blocking, Roop said. "To register content, we make a secure hash of the actual data, so it can be identified by a precise match," he said. "For structured data, such as customer, patient or employee records in tabular format, we use our Exact Data Matching detection algorithm. For unstructured content ... we use Indexed Document Matching."When it comes to blocking, anti-data leak vendor GTB Technologies relies on proprietary algorithms that break the data into independent, invariant non-overlapping segments and then hashes them. CEO Uzi Yair said enterprises are looking for better accuracy, the ability to block based on a pre-defined severity level and the ability to combine content-based policies and encryption on the endpoint instead of just detection based on data patterns. In the end, security is about optimizing business performance, said Ogren Group analyst Eric Ogren. To speed DLP adoption, Ogren said vendors should focus on data discovery, as well as making the technology identity-based and simple to use. "Do the heavy lifting of classifying data and usage patterns for IT, produce concise reports [and] have detail available when needed," he said. "Most of all, support the drift in requirements that are inevitable in a dynamic business. Users will come and go, confidential information is created at a dizzying pace, and DLP has to be flexible enough to be as dynamic as the business."
In cases where it is not possible to register content, the company uses Described Content Matching, including a set of data identifiers that utilize fully configurable validation criteria that identify distinct data types, specific to a broad range of countries and regions, he said.