DLP Rolling Review: RSA Takes Classification Up A Notch

Suite sports a stellar interface and an uncanny ability to sniff out sensitive data wherever it resides.

Randy George, Director, IT Operations, Boston Red Sox

August 27, 2009

4 Min Read
InformationWeek logo in a gray background | InformationWeek

The big winners of our InformationWeek Rolling Review of enterprise-class data loss prevention suites will be companies desperate to stop the exodus of sensitive information. Symantec made an exceptionally strong first impression as the previous entry in our bake-off, and now RSA has wowed us with its DLP suite. There's real competition here, always a great thing for IT. And we aren't even done with our testing--Trend Micro and Sophos are still to come.

RSA gained its Data Loss Prevention Suite through its acquisition of Tablus in 2007, filling a major hole in its portfolio. In fact, the buy helped kick off a frenzy of acquisition activity that resulted in significant consolidation of early DLP innovators: A few months after RSA gobbled up Tablus, Symantec bought Vontu. McAfee followed suit about a year later, scooping up Reconnex.

RSA is throwing lots of resources at its DLP suite, with an emphasis on data classification. According to the company, a team of 12 full-time linguists and advanced semantics engineers are tasked with making RSA's data classification engine accurate across a wide range of languages and government and industry regulations. That investment appears to have paid early dividends: In December, Microsoft and RSA announced a joint venture to tightly integrate RSA's DLP suite into Active Directory Rights Management Services in Windows Server 2008. Earlier last year, Cisco announced a similar joint venture to include RSA data classification technology in various Cisco network, storage, and endpoint policy-enforcement products.

In a fashion similar to that of Symantec, RSA has componentized its DLP suite into three core areas--Datacenter, Network, and Endpoint--all centrally managed by the DLP Enterprise Manager server. The RSA suite, which starts at $50,000, is mostly software based and can be installed on modest server hardware, with the exception of the Network component, which is delivered as an appliance.

Our Take

RSA DATA LOSS PREVENTION SUITE

RSA's data classification engine performed nearly flawlessly in all of our simulated leakage scenarios. With its well-designed dashboard and management and reporting functions, RSA's DLP Suite takes top prize for interface usability ... so far. RSA's strong showing in the lab puts it neck-and-neck with Symantec overall. Can Sophos, Trend Micro, or Vericept match our leaders?

Click here to read a longer version of this story.

We started our testing with the Datacenter module, which is responsible for enterprise data discovery and remediation. We found RSA's support for an array of structured and unstructured data sources and file systems on par with the other leaders in the DLP market, including Symantec. On an operational basis, we found RSA's overall data discovery capabilities the best we've tested thus far.

Motion Sensors

The Network DLP appliance did a similarly fine job discovering various data-in-motion events that we engineered in the lab. By mirroring all outbound Internet traffic to the Network DLP appliance, we gained visibility into the contents of packets passing through the firewall across all protocols. We were impressed that the RSA suite flagged all of our attempts to transmit Social Security and credit card data via e-mail, Web applications, FTP, and AOL IM. We did manage to trip up the HIPAA engine by e-mailing various Excel spreadsheets containing customer names and telephone numbers, but not Social Security numbers.

RSA's Endpoint DLP agent also performed well. Most aspects of endpoint enforcement worked as promised, both online and offline. Data that was fingerprinted and secured by the Datacenter DLP module was flagged when we tried to print, copy/paste, or copy it to USB or removable media. The main feature difference we discovered with RSA's Endpoint agent compared with Symantec's is that RSA's agent can't prevent leakage via instant messaging clients while off the corporate network.

Randy George ([email protected]) is an IT analyst covering security and infrastructure topics.

About the Author

Randy George

Director, IT Operations, Boston Red Sox

Randy George has covered a wide range of network infrastructure and information security topics in his 4 years as a regular InformationWeek and Network Computing contributor. He has 13 years of experience in enterprise IT, and has spent the last 8 years working as a senior-level systems analyst and network engineer in the professional sports industry. Randy holds various professional certifications from Microsoft, Cisco and Check Point, a BS in computer engineering from Wentworth Institute of Technology and an MBA from the University of Massachusetts Isenberg School of Management.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights