New Add-On DLP Features Introduced… Again
Each day, my custom DLP news alert delivers a load of new and interesting DLP-related tidbits from around the globe. At it again this week, are a couple of non-DLP vendors touting exciting “new data loss prevention features” added to their product offering. But, are these solutions all they’re cracked up to be?
(Parenthetically, let me say that I do not begrudge this vendor its DLP functionality. I actually applaud it. Even being the DLP bigot that I am, I acknowledge the benefit of add-on DLP features and functionality. Our company promotes a layered approach to DLP in the same way we do security as a whole.)
In one case, according to the press release, the features are billed as more than just added DLP functionality. This vendor has apparently created a whole “data loss prevention (DLP) solution” – to run on their existing UTM platform. We rarely see so bold a statement in regards to a DLP approach that deploys as an add-on feature of a larger, non-DLP platform. The press release goes on to say that the solution’s “one-click configuration simplifies compliance with global regulatory standards.”
The vendor’s website promotes this new solution – available in September – front and center. Digging deeper into the details, we find the solution described as a “uniquely comprehensive service,” covering “all data in motion,” which includes email, web and FTP (not sure about other network protocols).
Perhaps the most unique aspect to the solution is the subscription-based service that updates rule sets on a monthly basis to “stay current with data definitions and compliance mandates around the world.” I can’t think of another vendor that charges a subscription for regular rule set updates. Do they change all that often to warrant a subscription? The one major DLP vendor that employs an annual subscription license doesn’t do it specifically for updated rule sets; they do it because that’s been their business model for over a decade.
So, let’s get down to the nitty-gritty. Does this new solution really compare with the leading full-suite DLP solutions on the market? Not really. Here’s what sets “real” DLP (aka Enterprise DLP or Full Suite DLP) apart from Channel DLP, DLP Lite, Add-on DLP, et al:
- Complete Coverage. There is a tremendously wide gulf between this new solution and Enterprise DLP, which includes coverage across Data-in-Motion (network), Data-in-Use (endpoint) and Data-at-Rest (discovery).
- Detection Methodologies. This is an area seldom addressed by add-on DLP vendors because it severely limits a DLP product’s effectiveness. The basic detection methods employed by most add-on DLP vendors is limited to pattern matching for social security numbers, credit card numbers or compliance dictionaries, resulting in high numbers of false positives. More advanced detection methods can effectively eliminate false positives by identifying sensitive data with an exact match of actual database entries (name + SSN of a single customer record) or exact or partial match of a known sensitive document.
In the end, these products do not stand up to dedicated DLP enforcement technologies. However, they certainly fill a need for organizations with limited resources or as an added layer of DLP visibility.