McAfee Retools Data Loss Prevention (DLP) Offering
It’s been a long time coming, but McAfee has finally announced a more complete integration of its data loss prevention offering. This lack of integration had caused many DLP buyers to exclude McAfee from competition. The concern? DLP is complex enough without having to manage the endpoint and gateway coverage in multiple interfaces.
McAfee’s DLP offering is a combination of two separate products acquisitions: Onigma for endpoint DLP in 2006 and Reconnex for gateway coverage in 2008. Since that time, many have lamented the “passing” of such an interesting approach to gateway DLP solution in Reconnex. With luck, the Reconnex gateway approach combined with decent endpoint coverage in an ePO-integrated management console will put Reconne—er, I mean McAfee—back in the leaders quadrant (see the 2008 Gartner DLP MQ).
The question still remains as to what the ePO integration will actually look like, but sources say the long-awaited common policy interface will allow users to create a single policy and have that pushed out across both the endpoint and gateway. So, McAfee will finally be on a par with its top DLP competitors and ahead of the game in accounts where ePO is already the de facto security management platform.
Hearkening back to early 2008, I was at a Reconnex event during RSA where I was able to meet with and hear from a number of high-profile Reconnex users. Across the board, these users loved the unique capability of the Reconnex box to apply new policies against historical data, providing forensic reporting of sorts and allowing them to see the impact of new policies before they were applied in production. Just imagine being able to see all the false positives a new policy or change might generate, even before applying that policy! Pretty cool!
McAfee’s approach to DLP (adopted thru the Reconnex acquisition) is decidedly appliance-focused. This pits McAfee against the many software-focused solutions (Symantec/Vontu echos faintly in my ear) and allows them to position the solution as one that “…can occur within days as opposed to the typical six to nine month period…” (see McAfee DLP press release dated March 22, 2010). Solution complexity is one of the general complaints about DLP and McAfee looks positioned to make that case in a big way against key DLP rival, Symantec.
McAfee may be seen by some smaller organizations as hardware-heavy with a full DLP deployment requiring no less than four appliances: manager, monitor, prevent and discover. Most of these boxes will also be required at each egress point. But this is no less a worry than just as many severs (and probably a few more) required for a comparable SYMC DLP deployment.
McAfee will have their work cut out for them trying to catch up to the competition after being manhandled for the past 18 months by Symantec and RSA. They also face some new and aggressive competition in companies such as Code Green Networks, an appliance-only DLP threat providing monitoring, prevention and discovery in a single appliance.