Optimism and Cautions on OpenDLPBy Rich
I’m starting to think I shouldn’t take vacations. Aside from the Symantec acquisition of PGP and GuardianEdge last week, someone went off and released the first open source DLP tool.
It’s called OpenDLP, and version 0.1 is currently available over Google Code. People have asked me for a long time why there aren’t any FOSS DLP options out there, and it’s nice to finally see someone put in the non-trivial effort and release a tool. DLP isn’t easy to create, and Andrew Gavin deserves major credit for kicking off the project.
First, let’s classify OpenDLP. It is an agent-based content discovery/data-at-rest tool. You install an agent on endpoints, which then scans local storage and sends results to a central management server. The agent is a C program, and the management server runs on Apache/MySQL. The tool supports regular expressions and scanning of plain text files.
- You can customize the code.
- Communications are encrypted with SSL.
- Supports any version of Windows you are likely to run.
- Includes agent management, and the agent is designed to be non-intrusive.
- Supports full regular expressions for building policies.
- Scans stored data on endpoints only. Might be usable on Windows servers, but I would test very carefully first.
- Unable to scan non-plain-text or compressed files, including current versions of Office (the
- No advanced content analysis – regex only, which limits the types of content this will work for.
- Requires NetBIOS… which some environments ban.
- I have been told via email (not from a DLP vendor, for the record) that the code may be a bit messy… which I’d consider a security concern.
Thus this is a narrow implementation of DLP – that’s not a criticism, just a definition.
I don’t have a large enough environment to give this a real test, but considering that it is a 0.1 version I think we should give it a little breathing space to improve. The to-do list already includes adding
.zip file support, for example. I think it’s safe to say that (assuming the project gathers support) we will see it improve over time.
In summary, this is too soon to deploy in any production capacity, but definitely worth checking out and contributing to. I really hope the project succeeds and matures.