RSA gained its Data Loss Prevention Suite through its acquisition of Tablus in 2007, filling a major hole in its portfolio. In fact, the buy helped kick off a frenzy of acquisition activity that resulted in significant consolidation of early DLP innovators: A few months after RSA gobbled up Tablus, Symantec bought Vontu. McAfee followed suit about a year later, scooping up Reconnex.
RSA is throwing lots of resources at its DLP suite, with an emphasis on data classification. According to the company, a team of 12 full-time linguists and advanced semantics engineers are tasked with making RSA's data classification engine accurate across a wide range of languages and government and industry regulations. That investment appears to have paid early dividends: In December, Microsoft and RSA announced a joint venture to tightly integrate RSA's DLP suite into Active Directory Rights Management Services in Windows Server 2008. Earlier last year, Cisco announced a similar joint venture to include RSA data classification technology in various Cisco network, storage, and endpoint policy-enforcement products.
In a fashion similar to that of Symantec, RSA has componentized its DLP suite into three core areas--Datacenter, Network, and Endpoint--all centrally managed by the DLP Enterprise Manager server. The RSA suite, which starts at $50,000, is mostly software based and can be installed on modest server hardware, with the exception of the Network component, which is delivered as an appliance.
The Network DLP appliance did a similarly fine job discovering various data-in-motion events that we engineered in the lab. By mirroring all outbound Internet traffic to the Network DLP appliance, we gained visibility into the contents of packets passing through the firewall across all protocols. We were impressed that the RSA suite flagged all of our attempts to transmit Social Security and credit card data via e-mail, Web applications, FTP, and AOL IM. We did manage to trip up the HIPAA engine by e-mailing various Excel spreadsheets containing customer names and telephone numbers, but not Social Security numbers.
RSA's Endpoint DLP agent also performed well. Most aspects of endpoint enforcement worked as promised, both online and offline. Data that was fingerprinted and secured by the Datacenter DLP module was flagged when we tried to print, copy/paste, or copy it to USB or removable media. The main feature difference we discovered with RSA's Endpoint agent compared with Symantec's is that RSA's agent can't prevent leakage via instant messaging clients while off the corporate network.
Randy George ([email protected]) is an IT analyst covering security and infrastructure topics.