DLP Rolling Review: RSA Takes Classification Up A Notch - InformationWeek
IT Leadership // IT Strategy
11:15 AM
Randy George
Randy George
Connect Directly
[Best Practices] Managing Multiple Clouds
Jul 26, 2017
Putting all your eggs in one cloud basket is risky, because clouds are not immune to denials of se ...Read More>>

DLP Rolling Review: RSA Takes Classification Up A Notch

Suite sports a stellar interface and an uncanny ability to sniff out sensitive data wherever it resides.

The big winners of our InformationWeek Rolling Review of enterprise-class data loss prevention suites will be companies desperate to stop the exodus of sensitive information. Symantec made an exceptionally strong first impression as the previous entry in our bake-off, and now RSA has wowed us with its DLP suite. There's real competition here, always a great thing for IT. And we aren't even done with our testing--Trend Micro and Sophos are still to come.

RSA gained its Data Loss Prevention Suite through its acquisition of Tablus in 2007, filling a major hole in its portfolio. In fact, the buy helped kick off a frenzy of acquisition activity that resulted in significant consolidation of early DLP innovators: A few months after RSA gobbled up Tablus, Symantec bought Vontu. McAfee followed suit about a year later, scooping up Reconnex.

RSA is throwing lots of resources at its DLP suite, with an emphasis on data classification. According to the company, a team of 12 full-time linguists and advanced semantics engineers are tasked with making RSA's data classification engine accurate across a wide range of languages and government and industry regulations. That investment appears to have paid early dividends: In December, Microsoft and RSA announced a joint venture to tightly integrate RSA's DLP suite into Active Directory Rights Management Services in Windows Server 2008. Earlier last year, Cisco announced a similar joint venture to include RSA data classification technology in various Cisco network, storage, and endpoint policy-enforcement products.

In a fashion similar to that of Symantec, RSA has componentized its DLP suite into three core areas--Datacenter, Network, and Endpoint--all centrally managed by the DLP Enterprise Manager server. The RSA suite, which starts at $50,000, is mostly software based and can be installed on modest server hardware, with the exception of the Network component, which is delivered as an appliance.

Our Take
RSA's data classification engine performed nearly flawlessly in all of our simulated leakage scenarios.
With its well-designed dashboard and management and reporting functions, RSA's DLP Suite takes top prize for interface usability ... so far.
RSA's strong showing in the lab puts it neck-and-neck with Symantec overall. Can Sophos, Trend Micro, or Vericept match our leaders?
We started our testing with the Datacenter module, which is responsible for enterprise data discovery and remediation. We found RSA's support for an array of structured and unstructured data sources and file systems on par with the other leaders in the DLP market, including Symantec. On an operational basis, we found RSA's overall data discovery capabilities the best we've tested thus far.

Motion Sensors

The Network DLP appliance did a similarly fine job discovering various data-in-motion events that we engineered in the lab. By mirroring all outbound Internet traffic to the Network DLP appliance, we gained visibility into the contents of packets passing through the firewall across all protocols. We were impressed that the RSA suite flagged all of our attempts to transmit Social Security and credit card data via e-mail, Web applications, FTP, and AOL IM. We did manage to trip up the HIPAA engine by e-mailing various Excel spreadsheets containing customer names and telephone numbers, but not Social Security numbers.

RSA's Endpoint DLP agent also performed well. Most aspects of endpoint enforcement worked as promised, both online and offline. Data that was fingerprinted and secured by the Datacenter DLP module was flagged when we tried to print, copy/paste, or copy it to USB or removable media. The main feature difference we discovered with RSA's Endpoint agent compared with Symantec's is that RSA's agent can't prevent leakage via instant messaging clients while off the corporate network.

Randy George (rgeorge@nwc.com) is an IT analyst covering security and infrastructure topics.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll