June 1, 2018
Selecting the Right DLP Solution
The key to choosing correctly for your organization
At RSA this year, it was no surprise to see the most buzz-worthy topic was the General Data Protection Regulation, also known as GDPR, which took effect May 25, 2018. The European Union regulation is intended to strengthen data protection for all EU Citizens, and companies that compile or processes digital data of EU citizens are affected by the policy. The primary emphasis of the regulation is to give EU citizens the choice to opt into data collection versus the existing opt-out process and is intended to provide EU citizens more control of their personal data.
As a result, this affects any company that processes EU citizens’ data, including US-based companies. At its core, GDPR outlines what data these companies can keep, how it is stored and how long it can be retained. Because of this, companies are actively looking for solutions that can help them meet the requirements outlined by GDPR. In this DLP vendor review, we take a close look at several DLP solutions and offer suggestions for choosing the one that’s right for you. To find out more about GDPR, please check out our other resources: 6 Resources to Prepare You for GDPR Implementation
Why Do Organizations Need DLP Solutions?
From a technology stand point, there’s absolutely no better place to look than the Data Loss Prevention (DLP) space. Although DLP has been around for 20 years, the technology has recently matured significantly with new players and approaches to securing data and mitigating loss. As the name might suggest, one of the important goals of any DLP solution is to prevent the loss of sensitive or private data belonging to a company, whether the loss is due to a malicious act or an incidental exposure. As a result, there are a few things to consider:
1)Companies need to know precisely what types of data live within their environment.
2)Once that information is identified, companies must have an accurate inventory of the location of their data.
3)Finally, access policies to these data need to be established based on their specific use case and need-to- know.
Fortunately, all three of these points align with GDPR requirements. As a result, a data loss prevention solution will be one of the most instrumental tools companies can employ to comply with GDPR.
Which DLP Vendor Should I Choose?
RSA is one of the largest security conferences in the world, and it can be challenging to get a feel for all the different solutions available. To help you decide about what tool is right for your organization, we’ve put together a list of some “tried and true” DLP vendors that can accommodate your unique needs and budget.
These vendors were chosen based on their ability to fulfill and address GDPR requirements and provide additional layers of protection to prevent the loss of data.
Forcepoint was established in 2015 after Websense and Raytheon Cyber Products merged. One of the largest vendors, Forcepoint offers a multitude of DLP modules (Forcepoint DLP Discover, Gateway, Cloud Applications, and Endpoint) that span across network, endpoint and cloud environments. Additionally, these solutions can be integrated with other Forcepoint products to enhance analytics and defend against internal and external threats.
Located in Mountain View, CA, Symantec became a major DLP player with its acquisition of Vontu in 2007. Like Forcepoint, Symantec also offers a wide coverage of DLP from endpoints, network, cloud applications and API. In 2017, Symantec was chosen by Gartner and other top research firms as a top DLP leader with its proven technologies and advanced detections.
Based out of Waltham, Massachusetts, Digital Guardian is well-regarded as one of the more DLP focused solutions. Digital Guardians began on the endpoint DLP side and didn’t branch out into network DLP until it acquired Code Green Networks for its Network DLP solution. Along with Forcepoint and Symantec, The Gartner Magic Quadrant has ranked Digital Guardian as a 2017 leader.
Quadriga DLP is a young company that was founded in Newport Beach in 2016. Their core product solution utilizes GTB DLP technologies for its data discovery and classification and covers both on-premises and cloud environments. Because data discovery and classification are the primary focuses on this solution, there’s an overall lack of other DLP capabilities as often seen with other DLP products. As a result, Quadriga DLP is a great solution in assisting other companies in meeting their regulatory requirements at a competitive price point.
How do these Four Solutions Compare with One Another?
One thing all four of these vendors provide is data discovery. These solutions should be able to actively and passively scan for any at-rest structured and unstructured data that may contain PII, PCI, and PHI information and classify them with a list of inventory and location of where these data are stored. While Forcepoint, Symantec and Digital Guardian all require a separate module for these functionalities, Quadriga DLP can handle this task through its own instance. All four of these solutions are also capable of discovery of data residing within cloud applications. On the other hand, only Forcepoint, Symantec and Digital Guardian can perform OCR (Optical Character Recognition) scans across the environment. This is an advanced technology that allows these tools to discover sensitive data that is stored in a form of an image, pdf and scanned documents.
Finally, the main differentiator between these four solutions comes down to their approaches to storing and accessing data. Because Quadriga DLP isn’t necessarily designed for this purpose, the solution itself lacks most of the functionalities that other solutions may offer. For instance, Forcepoint, Symantec, and Digital Guardian allow for policy creations to determine whether data can leave a designated location. If the data is moved without authorization, the data itself will be encrypted and an alert can be sent to notify the administrator. An example test case of this is when a user attempts to copy files from a network drive into a personal removable storage device (USB). The DLP agents on the data endpoints will automatically encrypts the file before it’s copied into USB and will only decrypt it when the data is moved back to a device with the local DLP agent running. All of this is dependent on what’s defined within the solution’s policies.
Figure 1: Comparing and contrasting vendors
A Look at the Gartner Magic Quadrant
Still need help choosing? The Garner Magic Quadrant can also point you in the right direction. Gartner is a premier research and advisory firm that publishes a research report called the Magic Quadrant which identifies a select few companies and categorizes them as leaders, challengers, visionaries or niche players. It does so by analyzing and assessing the maturity and direction of the participants in various industries and markets, including Data Loss Prevention.
Below is the current assessment Gartner produced for the DLP space in 2017.
It is a popular report that can be used to gauge the effectiveness of a product compare companies in the same field, but it’s important the remember the process of evaluation is not based on the need and use-cases of an organization. Even if a company is recognized as an industry leader in the report, it may not always be the best- suited solution for a you.
In the end, your decision really comes down to scope, use cases and budget. For smaller enterprises with a small subset of use cases for advance DLP functionality, Quadriga DLP is recommended as it is very capable at discovering and classifying data while staying at low cost. However, larger organizations with complex use cases may want to bring in the “tried-and-true” solutions from Forcepoint, Digital Guardian or Symantec as it will not only allow them to properly classify the data, but also properly secure them.
About the Author
Tin Nguyen is an information security associate at Tevora.