Data is now at the center of everything digital—and protecting it is a growing headache for organizations large and small. One of the keys to addressing this challenge is data loss prevention (DLP). It relies on software algorithms to detect potential anomalies, ex-filtration transmissions and data breaches. DLP protects against misuse and abuse—as well as unauthorized access—by analyzing content and examining the contextual composition of files, messages and applications running on premises or in the cloud. DLP can spot problems for data at rest and in motion.
DLP encompasses an array of tasks. These include: rule-based expressions that examine credit card or Social Security numbers, database fingerprinting, exact file matching, partial document matching, lexicon analysis and statistical analysis. It may also include rules for pre-built categories, such as PCI or HIPAA. Of course, different vendors have adopted markedly different approaches to identifying potential issues, problems and breaches. As a result, it’s vital for any organization looking to purchase a DLP product to understand how it matches an actual corpus of sensitive data to determine its accuracy and value for the enterprise.
This is a fast-growing sector of IT: Gartner estimates that 90 percent of organizations use DLP in one form or another, up from about 50 percent in 2016. Although many solutions are designed for general data loss prevention, the space continues to evolve. Some products now focus on specific industry sectors, such as aerospace, defense and intelligence, banking, financial services and Insurance (BFSI), government, health care, manufacturing, retail and logistics and telecommunications. Many solutions also address specific requirements, including regulatory and compliance issues, for services such as AWS, Azure, Box and Office 365.
eWEEK has surveyed the marketplace in order to identify 10 of the top vendors in the DLP space. The accompanying profiles and information come from a number of prominent sources, including vendor websites, Radicati Market Quadrant, Gartner Peer Insights, G2 Crowd and Capterra.
Headquarters: Cluj-Napoca, Romania
Endpoint Protector is designed to serve as an all-in-one platform that delivers DLP and related features, including eDiscovery and enforced encryption—including for USB devices. The data-loss prevention capabilities include content and context scanning, file tracing and shadowing, and blacklists and whitelists. The application delivers logs, reports and analysis on data movement and file transfers. Endpoint Protector achieves all of this by scanning data in motion, including through exit points such as e-mails, applications and the cloud. It is available as a hardware appliance, virtual appliance or hosted solution. My Endpoint Protector is the cloud version of the DLP solution. Radicati describes the company as a “Trail Blazer” and cites several strengths: support across Windows, Mac, and Linux; powerful dashboard controls, and easy installations and flexible policy management. Weaknesses include a lack of DLP support for the company’s own mobile device management (MDM) and mobile application management (MAM) products. In addition, there is no integration with CASBs. Buyers give the solution high marks and cite easy implementation and use.
Headquarters: Waltham, Mass.
Digital Guardian has established itself as an innovator in the DLP space. The company offers solutions to fit different requirements, including traditional endpoints as well as network and cloud endpoints. The data protection platform aims to discover and protect sensitive data throughout its lifecycle through an integrated approach that focuses on the network layer and endpoint layer as well as through mobile devices and the cloud. The solution uses fingerprint-based classification techniques and incorporates user classification. The endpoint DLP solution enforces policies across various channels and supports Windows, Mac and Linux. The network DLP solution offers a physical or virtual appliance that discovers, classifies and regulates sensitive data. The cloud solution integrates with cloud storage providers and works with Microsoft, Citrix and Box. Digital Guardian is a “Top Player” in Radicati’s Market Quadrant. The vendor’s strengths include: high flexibility and support for a wide variety of integrations, including SIEM and CASB. Weaknesses include: limited DLP support for mobile devices, no native DRM for Azure and Office 365, and a lack of support for Salesforce, without a CASB. Buyers rate the company high and like the high level of flexibility and ease of use.
Headquarters: Bethesda, MD
Security Solution: Fidelis Elevate
The unified platform is designed to deliver fast detection and automated response. DLP is incorporated into a portfolio of products that incorporate deep visibility, threat intelligence and contextual analysis across complex environments. The company, through acquisitions, has added to its feature list over the last few years. Elevate includes automated threat hunting, DLP in motion, and network analysis through the monitoring of direct, internal, cloud, e-mail, and web activity. The network web component integrates with standards-based Web Proxy and CASB solutions and Fidelis Network Sensors supports virtual network TAP that allows it work with Azure. The vendor also offers streaming policy updates for customers based on machine learning. Radicati describes the vendor as a “Specialist” in its MQ. Strengths include: high flexibility and adaptability to different IT models and strong out-of-the-box support for policies and rules. A drawback is that Elevate does not support DLP for data-at-rest, it doesn’t provide endpoint DLP and it lacks support for EMM/UEM mobile solutions. Users give the company high marks for usability and support.
Headquarters: Austin, Texas
The vendor offers three different DLP solutions: DLP for Compliance, DLP for IP Protection and Dynamic Data Protection. Depending on the module, Forcepoint delivers structured and unstructured data fingerprinting, machine learning classifiers, behavioral analytics, and monitoring and enforcement controls. The latter uses a risk calculator to determine how to best protect data. This helps reduce false positive alerts and incidents requiring investigation. Forcepoint packages its solution into different components. These revolve around endpoints, cloud applications, network infrastructure and discovery. The endpoint solution encompasses Windows, Mac and Linux. The cloud solution works with Office 365, Google G Suite, Box, ServiceNow and Salesforce. Forcepoint is ranked as a “Top Player” on Radicati’s MQ and it received a Customers’ Choice 2018 award at Gartner Peer Insights. Positives include strong integration with AWS and Azure, support for Mac OS, and powerful security analytics. Drawbacks include OCR functionality that’s limited to network discovery and data in motion, weak Linux support, and limited encryption capabilities. Buyers like the features and support the company offers. They find the solution powerful and particularly like policy enforcement features.
Headquarters: Newport Beach, Calif.
GTB aims to protect assets in real time by inspecting and blocking structured, semi-structured or unstructured data, regardless of file type, port or channel. GTB offers products for on-premises, cloud, or hybrid environments. This includes DLP as a Service and Discovery as a Service. The company’s products work with Windows, Mac and Linux—along with mobile operating systems. Among the top features: data in use functionality that accommodates full TCP Scanning on all ports and protocols, enterprise data detection, USB and device controls; data in motion capabilities that support inbound and outbound protection for both text and binary data; and data at rest functionality that performs local scans on PCs, macOS and
Linux platforms. The latter also scans local and cloud-based applications such as Office 365, Box, Dropbox, AWS, Azure, Citrix and ShareFile. GTB also offers behavioral analytics data and handles administration functions through a central console. Radicati named the vendor a “Top Player” and cites GTB’s strengths as an ability to work across a variety of form factors, strong support for clouds and powerful DLP detection capabilities. Weaknesses include a lack of antivirus and anti-malware support in the Endpoint Agent and limited mobile support. Customers praise the vendor’s features and customer support.
Headquarters: Frankfurt am Main, Germany
Phone: +49 69667738220
Security Solution: Unified Endpoint Management
Matrix42 offers an array of cybersecurity and data security products for businesses. It delivers a modular framework called EgoSecure Corporate Data Protection. The Unified Endpoint Management component includes DLP that works with various types of encryption, including full disk, removable device, network share, cloud storage, and mobile device. The solution works on the Windows platform but includes support for VDI and terminal services, such as Citrix. The DLP function specifically protects data in motion, data in use and data at rest. It also incorporates policy templates—including pre-defined tools for PCI, SX, HIPAA and others—and directory integration for LDAP, Active Directory and Novell eDirectory. The solution supports cloud services such as DropBox, OneDrive, Google drive and Box. Matrix 42 is tagged a “Specialist” in the Radicati MQ. It cites high flexibility, hybrid options and a single agent and console as strengths but noted that there’s no support for Linux and MDM capabilities for iOS and Android are basic. Users say that the solution is relatively easy to setup and use.
McAfee takes a component-based approach to DLP. It’s possible to combine various products to create a more customized solution. McAfee device control oversees USB drives, Bluetooth devices and portable disk technologies. DLP Discover, Monitor and Prevent modules address data at rest, data in motion, endpoint storage, encryption, blocking and reporting functions. The vendor also offers protections at the DLP endpoint and it provides an administrative console to manage the various features. The vendor uses a DLP policy engine to ensure that data classification works consistently across systems, devices and environments. The company’s ePolicy Orchestrator delivers tight integration with the cloud and other components through a centralized console. McAfee is ranked a “Top Player” by Radicati and it received a Customers’ Choice 2018 award at Gartner Peer Insights. Strengths include high flexibility and powerful features within a centralized console. Weaknesses includes support for only VMware within virtualized environments and no agent support for Linux. Users report that the platform offers powerful controls and protection.
Headquarters: Moscow, Russian Federation
Phone: +7 495 721 84 06
Security Solution: SearchInform DLP
SearchInform DLP consists of five core components: SearchInform MailController, SearchInform IMController, SearchInform HTTPController, SearchInform FTPController, SearchInform and CloudController. This enables protection across numerous channels and delivers privileged user management, work efficiency control, user behavior monitoring and other key functions. The platform applies DLP to data in use, data in motion, data at rest, and cloud data. The product includes more than 300 pre-designed security policies that a buyer can apply to various use cases, across numerous vertical industries. The platform also includes Drip-DLP, which delivers content analysis and highly granular data leakage information, and it offers a forensic suite that can be used to reconstruct violations. Radicati ranks the company a “Specialist” and describes its strengths as providing a flexible and scalable solution across form factors, with strong forensic tools. The vendor’s weaknesses include lack of support for Mac, no CASB integration capabilities, and no mobile DLP support. Users praise the product for strong functionality and features.
Headquarters: Mountain View, Calif.
Security Solution: Symantec Data Loss Prevention
Symantec has established itself as a leader in the cyber-security space by offering a wide array of solutions aimed at different requirements. Data loss prevention is at the center of its enterprise solutions. Symantec Data Loss Prevention uses a central console for policy management, incident response, reporting and administration. The solution focuses on a four-pronged approach: endpoints, network, storage and cloud. Within this umbrella it addresses everything from web applications and e-mail to file servers, databases and cloud apps. The vendor’s network solution is available as software or as an appliance. Symantec offers a number of technologies within this framework. These include: image recognition, information-centric tagging, information-centric encryption and behavioral analytics. This helps pinpoint high risk and malicious users. Radicati ranks Symantec a “Top Player” and describes the vendor’s DLP solution as “comprehensive” and “advanced.” It is designed to meet the complex needs of enterprises across all key data repositories and channels. However, it is more expensive than other solutions and can be somewhat complex to manage. In addition, Gartner awarded Symantec a “Customer’s Choice 2018” designation at Peer Insights. Users describe the solution as powerful and highly effective.
Headquarters: Moscow, Russian Federation and New York, NY
Security Solution: Zecurion Data Loss Prevention
Zecurion takes a comprehensive and expansive approach to data loss prevention. More than 10 distinct technologies are included in the Zecurion DLP platform. These include: digital document and graphics fingerprinting, probabilistic analysis, filtering by attributes, linguistic analysis, signature analysis, transliteration and masked text analysis, and manual inspection tools. Any traffic that is intercepted by the software is flagged and archived for further investigation. The platform supports more than 500 file types, including Windows, Mac and Linux, and offers protection for USB and other types of devices. Various components address traffic control, device control, storage (data-at-rest), mobile and clouds. The vendor also includes robust discovery tools. The company is described as a “Specialist” at the Radicati MQ. Standout features include a single web console that delivers strong policy enforcement, and a Traffic Control function that controls more than 250 social media sites and services. Among its weaknesses: subpar IPS/IDS, poor integration with SIEM systems, mobile support for only Android devices, and no CASB capabilities. Buyers rate the company high for strong functionality and excellent customer support.
Solutions at a Glance