DLP systems test

 
Apply for SearchInform DLP TRY NOW

Any company, regardless of its type of activity, size, list of information, needs information security. A properly selected DLP system can help keep your organization's data safe.

But before you start choosing the best ones, you need to understand what DLP systems are and what they are for. These are software products designed to protect the company's information system from leaks of confidential information. The decryption of the abbreviation - Data Leak Prevention (prevention of data leaks) - confirms this.

DLP systems usually create a so-called protected area (information security circuit) within the company, which controls the procedure for outgoing information flows. With the correct system configuration, you can also set up control of incoming data.

Such software products should control:

  • internet space;
  • documents entered outside the network to external drives and other devices;
  • files sent to mail;
  • documents printed on a printer;
  • other data transmission channels.

How to choose the best DLP system?

Recently, the market for DLP systems has been greatly transformed and continues to actively develop. The creators of various programs were looking for new, more interesting solutions, and with all this, each developer determined the leading direction for himself in his own way. As a result, you can find several profitable competitive options.

That is why it is important to figure out which methods of protection against leakage can be considered the most effective. In this case, it is necessary to take into account the specifics of the enterprise, its characteristics and preferences in terms of protecting information from unauthorized access and use. This approach is the most correct when testing systems, and will help you make the right decision, which will be a profitable investment, and will also allow you to control information and ensure its effective protection.

If a company needs standard information protection, during testing it is necessary to pay attention to the following main criteria for choosing a good DLP system:

  • the demand for the product at the present time;
  • maximum productivity and power;
  • recommended by expert platforms;
  • the possibility of using the selected system in the future;
  • the ability to customize the system for specific user requests.

The first criterion is met by leading systems in terms of use and sales. As a rule, such DLP systems are also considered the most expensive. While collecting information, they are resource-demanding. They also need a full description of the company's assets, otherwise it is impossible to determine the fact of a leak. If a company is not afraid to risk the information of its organization, is ready to rely on the opinion of consumers of these products, you can safely give preference to market leaders.

The larger the enterprise, the more corporate clients and partners it cooperates with. In such situations, it is necessary to implement DLP systems that control the largest number of possible leakage channels. The use of such software products should protect the corporation from data loss using broader functionality.

If we talk about the most popular products, then it is worth considering the recommendations for choosing information systems. Experts advise paying the most attention to the opinion of the analytical agency Gartner. It is it that is currently considered one of the most popular and authoritative in assessing information security systems.

Touching upon the question of the purpose of the system and certain variations in its implementation, we can say that these are individual selection criteria, and they should be taken into account only if necessary.

Considering more differentiated criteria that should be selected in accordance with the direction of the company's activity, first of all, it is necessary to highlight the purpose of the DLP system. Typically, such a software product is used to prevent the leakage of information that is stored, used, transmitted through various channels.

Some programs also create a so-called archive of documents and data transfer processes. At individual workstations, compliance with the requirements for safety and protection against information leaks is an extremely important condition for the safety of the enterprise. Sometimes the management has a need for a certain investigation, and such an archive can solve the problem. Such functionality is available in systems from vendors SearchInform, InfoWatch, Garda Technologies.

Some systems help management assess the performance of each individual employee.

Also, when purchasing a DLP system, it is important to take into account the availability of employees who will carry out the process of managing their operation. You need to be prepared for the fact that, for example, Forcepoint and Symantec need daily management and support. To do this, first of all, special settings must be made, which not every employee can understand. Therefore, it is necessary to take care not only of the acquisition and implementation of a DLP system, but also of the preparation or introduction of a specialist into the staff who will deal with issues of its uninterrupted functioning.

Sometimes absolutely opposite situations can be observed. Such systems initially "catch" illegal information transfer, and only then an active investigation begins. This will significantly save time and not look for an employee who could configure the DLP system in accordance with the company's requests.

You should also pay special attention to the channels used for the transfer or exchange of information between users within the enterprise, between the company and its customers, partners, regulatory organizations and government agencies. Quite often, some of them start to need additional checks. If only one or two messengers are used on workstations, then it is important to block access to other programs of this type. They may not control the transfer of information, which will contribute to its leakage.

If it becomes necessary to block certain channels, it will be necessary to decide which processes should be completely interrupted, while the termination of their work should not affect the performance of the company or damage its activities. So, the company cannot refuse to send letters, because at present it is one of the most important communication areas of any company.

Most DLP systems are capable of blocking the ability to transfer data to external drives and other devices, as well as control documents that go to print.

It will not interfere with the management of the enterprise to decide in what form it is required to receive information. This is also very important when choosing the required system. Some need to provide a whole list of documents that have been forwarded via email or social media. Other corporate networks prefer to receive only statistics. InfoWatch and Garda Technologies work on this principle.

And these are not all the criteria for choosing systems to prevent leakage of confidential information.

Features of choosing a DLP system

According to the results of the experiments, the researchers who were involved in testing DLP systems formed a subjective opinion about each of the software products that were described in detail on Habré. Experts analyzed the capabilities and options of all these systems and described each of them in detail.

The following systems were deeply analyzed:

  • Zecurion;
  • InfoWatch;
  • SearchInform;
  • Falcongaze;
  • DeviceLock.

In the first system, the specialists really liked the large coverage of channels, as well as their division into separate blocks. Also Zecurion's advantage is its special reaction to a certain format of text messages in accordance with the topic. And, of course, for any DLP, it is very important to have proxy emulation on an agent solution.

Still, there were some aspects that the specialists did not like:

  • work with a huge archive;
  • illogical modularity;
  • recurring problems with the agent.

InfoWatch had its significant advantages and certain disadvantages. Among the advantages of working with such a system are:

  • pleasant and user-friendly interface;
  • well-structured presentation of information.

The disadvantages include a large number of agents, an incomprehensible system architecture, as well as insufficient functionality and a small number of interception channels.

If we talk about SearchInform, then in this case, much more positive characteristics were found than among its predecessors.

Among the main ones should be highlighted:

  • the presence of a large number of interception methods and versatile channels;
  • extensive search capabilities in the archive;
  • system stability;
  • no restrictions in the settings of security policies - they can be complex.

At the same time, experts noted that in order to use all the capabilities of the system, it would not hurt the company's employees to undergo special training. They also pointed to a larger number of working consoles in comparison with competitors.

Falcongaze is another DLP system known on the Russian market. It has a large number of control channels, in particular, it is possible to view work in Viber and screenshots taken in applications. Easy navigation through the archive makes it possible to find the necessary document in a matter of seconds.

Plus, a pleasant bonus for every manager will be the ability to control the implementation of business processes by employees. This will allow you to mark the most effective employees and calculate violations in the work of staff.

As for the shortcomings, the impression was that the Falcongaze was a bit "raw" and was not fully developed. The program works extremely slowly, and occasionally even "glitches". The data can be processed only after a certain time, and this can slow down the work of the company. This drawback is significant, so developers still need to work hard to elaborate and eliminate it.

Device Lock also surprised experts with both its advantages and some disadvantages. Particular attention should be paid to the usability of the system. It divides network devices into different types (personal computer, smartphone and other technical means), and also allows you to see from which gadget a particular procedure was carried out. In addition, the system is able to function even without connecting to a server, which is also very important in the systematic work of a large corporation.

But there was also something in this software product that the experts did not like at all: it was the absence of important tools, such as, for example, the technology of file verification. Experts also note that it is quite difficult to work with large archives in the Device Lock system.

Each system has both advantages and disadvantages. In order to determine the most suitable program, you need to consult with professionals and take into account the individual needs, capabilities and requests of a company that wants to implement the most suitable information security system for it.

Choosing a DLP system - Practical Experience

As practice has shown, if a company cannot make the final choice between several DLP solutions, certain recommendations must be followed.

The most important thing is to check the functionality declared in the description. Not all systems position themselves correctly, and sometimes situations arise when a company counts on one thing, but in the end gets something completely different.

It is imperative to prepare a detailed technical specification for the development and implementation of the system for the vendor.

During testing, you need to try to connect all or most of the software's capabilities, and not only those that you plan to use in the future. Sooner or later, even the least-demanded functions may be needed. Consider the product with future needs in mind.

It does not hurt to evaluate the effectiveness, stability of work, conflict with other systems, etc.

Any DLP system under test must be stressed. If it does not pass it, then it is undesirable to buy such a software product.

Before choosing and proceeding to testing this or that system, you should clearly define the goal and outline your capabilities. It must be remembered that it is unlikely that it will be possible to combine all the best in one solution. The functionality depends on the problem being solved.

Find a system that suits your interests and requirements. Knowing the final result, run it in test mode and get an answer to the question which DLP system is optimal for you.

14.12.2020