Comparison of DLP systems
What is a DLP system? In the original, it is called Data Leak Prevention. This is specialized software that serves to protect an organization from leakage of classified and other information through various channels. Also, this tool performs the function of overseeing the work of employees and makes it possible to find a weak point in protection before a leak occurs.
How to choose a DLP system
Opinions on choosing the right DLP system are based solely on practical experience. For example, the creators of an antivirus program called anti-malware and the official site "Habr" published comparisons of systems and emphasized that they are basic, as a result, they got an ordinary table of comparisons.
The analysis was carried out by a group of experts for six months, the results showed the advantages and disadvantages of the three analyzed systems.
Any user, even those who do not have special skills in working with a personal computer, can carry out the installation and configuration of the system. Also, if this option is used, there is no difference in whether the components are installed on the same operating system or on different ones. There are a large number of working models here, including full-fledged data interception, protection, auditing and blocking.
- wide-format coverage of channels, division of settings into groups and logical blocks;
- reaction to the content of text files and the ability to work with its content;
- availability of a software package for proxy server protection on an agent solution.
The disadvantages of Zecurion include the following:
- An illogical procedure for dividing the system into a number of internally connected modules.
- Working with archived data. When the staff began to work with the previously intercepted information, the opinion about Zecurion changed significantly. Working with the archive has many difficulties, these include: fetching information, reviewing the violations found. Viewing this data is very inconvenient.
- Working with an agent. Here you can face the following problem: when the computer finds an agent, it starts to freeze. The cause of this problem remains unclear.
Summarizing. The experts were upset after identifying the unfinished tools that are needed to work with archived data. The disadvantages are significant, and the presence of the advantages does not change the opinion about this DLP system.
Experts have tested the fifth version of this system. She is responsible for controlling the basic list of channels - e-mail, Internet connection, messenger, archive device, printing. The DLP solution uses a number of specific analytical methods.
- elaboration and comfortable use of the user interface;
- there are few channels responsible for control, but the operation of the system is quite simple, does not require additional manual;
- structured submission of intercepted data, protection; everything is divided into groups, the presence of step-by-step instructions, the consistency of building the structure and ease of use.
- Multiple agents. For example, Skype is under the control of one agent, and Viber is under the supervision of another. Their work is not connected in any way, which creates technical difficulties.
- System architecture. Often the system runs in either win or unix. But here two platforms are needed at once, it is not clear why. Two separate products: traffic monitor and device monitor. They are on different platforms, but they belong to the same system.
- Functionality. While the specialists were working with traffic-monitor, everything was fine, the system worked at incredible speed. However, as soon as we switched to another task, everything began to slow down very much. The system allows blocking user actions, but the file shadow copy function is implemented inconveniently - the created copies are difficult to find.
As a result, experts decided that the price of a DLP system on the market is much higher than its quality and functionality.
It represents a large number of programs for both clients and servers. After installing it, a lot of shortcuts appear on the desktop, which at first confuses the user. All system components run on Windows OS.
What the experts liked here:
- a large number of different channels and ways to intercept the necessary information; many functions not from data loss prevention, but no less useful, similar to device auditing, encryption, blocking of various objects of file systems;
- the search box in the archive is comfortably equipped; many different options, types of search, filters, selections and groupings;
- no restrictions when creating a security policy; in one setting, it can combine different points, for example, a passport scanner, a digital fingerprint of documents, a translator, morphological errors, categories, checking typos, searching for similar meanings, ensuring system security, etc.
- stable work is a system that does not glitch or slow down during operation, at least it was during testing.
Negative sides of the system:
- Not every intercepted channel can be blocked.
- Sophisticated control panel. Getting started is not an easy process due to the large number of consoles in which you need to set the desired system settings. To figure out how to do this, you need to use the instructions.
Summarizing. After testing and analyzing this system, many were not satisfied with the functionality of blocking by content and the number of consoles (by the way, there are nine of them here). It is also worth noting that some small bugs appeared during the work, but they were quickly resolved after contacting technical support. That is why, comparing this system with others, we can say that it is considered one of the most modernized and convenient to use.
Due to the presence of a wide range of tasks to be solved, a comparative characteristic will be made here without a final ranking.
DLP system name
|Consumers||Large firm, public sector||Large companies, small businesses||Business representatives regardless of segment||Services from DLP, for example, CAAS for a company, regardless of the size||Mid to large business||Large corporations, employees of small and medium businesses||Mega-corporation employing about 50-100 thousand employees||Public sector, large, medium and small company|
|Headquarters location||Moscow (RF)||Moscow (RF)||Newport (USA)||Moscow (RF)||Nizhny Novgorod (RF)||Moscow (RF)||Mountain View (USA)||Moscow (RF)|
|Provision of services||Availability of technical support, the opportunity to undergo partner and client training, consulting and outsourcing services||Technical support, assistance in implementation, training, as well as assistance in the formation of information security in the organization||Availability of technical support, training of employees both in their center and at the workplace||Consulting services in the information security system||The ability to conduct remote training, technical support||Implementation assistance, technical support, training in a training center, outsourcing||Staff training with the help of partners, implementation||Auditing, consulting services, technical support, training|
|Implementation period||Up to 7 calendar days||From a couple of hours to several days. It all depends on the architectural complexity of the company's local network||One to several days. Terms depend on the scale of implementation and configuration of the corporate network||From a couple of days to seven working days. Depends on how large the company is and what tasks it solves||From the moment the completed questionnaire was received, you need to wait seven days for the preparation of those. solutions, plus two days spent on installation||From one slave. day. It all depends on the preliminary preparation and the number of stations||From one day (considering the scale of implementation)||Like the previous one|
|Control Panel Language||Only Russian and English (languages included in each system)||Russian, English, French, Spanish, Italian, Korean, Turkish||English, Polish, Russian, Chinese, German, Portuguese||Ukrainian, international English, Russian, Belarusian||Exclusively Russian||Russian, English, Latin, Polish, Lithuanian||English, Russian, Japanese, Chinese, French||English Russian|
Comparing DLP systems: a basic approach
Choosing the right product for any enterprise grade product is not a trivial task for any technician who solves complex problems. Choosing a system to prevent leakage of confidential information is not a quick process. Due to the fact that there are no full-fledged comparative studies on the Web, and the products have different levels of complexity, consumers decide to order a pilot project in order to conduct testing on their own. The open comparison option, of course, cannot fully replace thorough testing, but it will give answers to standard questions that arise at the beginning of the search.
Working hours. DLP systems have two main operating modes: active and passive. The first option is considered the main one. Actions that violate the organization's security policy are blocked. For example, sending sensitive data to an external email address. The second option is used at the time of configuring the system in order to check and adjust the settings. Violations in the system are recorded, but no restrictions are imposed.
Technology. Thanks to detection technologies, it is possible to classify all data transmitted via an electronic channel, as well as to identify the transfer of confidential information. All manufacturers of DLP systems try to integrate the maximum number of technologies.
Controlled channel. The best modern DLPs have the function of controlling a large number of network channels.
These are the main points of concern for start-up organizations. While comparing DLP systems, we can conclude that products from Western companies, such as McAfee, Symantec and others, are equipped with fewer functions and are less popular than Russian versions.
How to choose the best DLP system?
There are several criteria that you should pay attention to when choosing protection systems:
- It is necessary to compare DLP systems in terms of the declared functionality.
- You need to make a draft of the technical task, use comparative methods to find out how honest the developer of the selected DLP system is.
- You will need to test all the functions of the software as much as possible. Don't get hung up on the services for which the company buys a DLP system.
- It is always important to pay attention to DLP protection. When choosing several programs, a mandatory comparison of these systems is carried out by creating a stress load. No need to refuse technical support assistance (a service that every manufacturer provides). It is precisely this service that should be given the solution of complex problems.