Today, in cooperation with SANS, Securosis is releasing Understanding and Selecting a Data Loss Prevention Solution. This is a compilation of my 7 part series on DLP, fully edited with expanded content, just like one of those DVD boxed sets!
The paper is sponsored by Websense, but all content was developed independently by me and reviewed by SANS. It is available here, and will soon be available in the SANS Reading Room or directly from Websebse.
It was a fair bit of work and I hope you like it. The content is copyrighted under a Creative Commons license, so feel free to share it and even cut out any helpful bits and pieces as long as you attribute the source.
As always, questions, comments, and complaints are welcome…
Reader interactions
5 Replies to “Whitepaper: Understanding and Selecting a DLP Solution”
Very comprehensive whitepaper Rich, thanks for posting!
At this point I think a single product is best, understanding that it won’‘t work as well as best of breed. The central management and workflow tend to be the most important factors in deployments, and splitting this creates some complications. I take part of that back- if you have a clear hole you need to plug that a suite won’‘t accomplish, then split the deployment.
The suites will improve over time. I tend to give preference to the network-first vendors since I think it’s easier for them to partner/integrate/create agents than the endpoint guys to move to the network, especially with some of the recent acquisitions.
I’‘m hoping we’‘ll see good combined solutions in the next 12 months, but the network guys are clearly weaker on the endpoint, and McAfee is the only endpoint play making any effort at all on the network.
And don’‘t forget Discovery- for some that’s more important than just about anything else anyway.
In reading this, it seems you are a big proponent of an integrated solution, as am I. However, today (and for the forseeable future) that means a single vendor solution.
My research, as a buyer, has caused me to believe that there is a real problem in making this ideal a reality. The vendors that started with network coverage (Port Authority, Vontu, etc) are strong in that space but their endpoint solutions are either non-existant of immature to the point of disregard.
The main vendor that started in the endpoint space (Verdasys) has no network offering, but a really nice, richly featured agent.
I’‘ve spoken to several existing customers of these vendors who are embracing best of breed over single source, and just dealing with the hassle of two consoles, two policies, etc.
In your opinion, are the synergies of a single product (better reporting, easier administration, etc) worth the trade off of a weakness WRT either network or endpoint?
Thanks, I really appreciate that.
You have a very clear picture of the DLP space. Very impressive.