Not all the DLP Solutions are Equally Useful: How to Choose the System and not be Disappointed
29.09.2023
Back to blog listDLP solution is one of most crucial tool in terms of protection against data leaks and other insider related risks. However, for numerous users the experience of working with a DLP system turns out to be quite negative. In this article we'll examine, which DLP class systems reproaches are fair and which ones are unfair and reveal, which limitations are typical for all DLP systems and which ones are, in fact, disadvantages of some specific products.
1. THERE IS NOT ENOUGH FUNCTIONALITY FOR EFFICIENT DEALING WITH TASKS
The DLP class systems’ functionality has long ago evolved from simple protection against data leaks. Now they are used for a dealing with a wide range of information, economical and even HR security tasks. Basically, today an advanced DLP solution is a real mega-tool.
However, customers are often not satisfied with the solutions’ functionality. Often, some unexpected nuances are detected only after the implementation of the tool, because customers do not conduct a thorough testing of the solutions, relying on marketing descriptions and comparative tables. Undoubtedly, testing requires some time at the initial stage; but in fact, it helps to save time after full-scale implementation. We recommend to create your own comparative table, test several solutions one by one and examine the results of their work on the most important tasks for your organization.
For instance, one our client had to deal with the following task – to configure blocking of file transmitting basing on file metadata. Before purchasing our DLP system, the company tested several other solutions and found that they were not able to perform this task, even though the functionality was stated in the brochures of these products.
Limited capabilities may also stem from the fact that DLP systems vendors implement third parties’ developments. Sometimes these are search engines, modules or platforms; what’s more, there are cases of third parties’ products whitelabeling. Thus, the vendor is limited with the third parties solutions’ capabilities and their development plans. This is, in fact, quite widely spread problem, typical for numerous DLP class solutions.
Once we’ve decided to implement our self-written search engine, and we use it not only in our DLP, but in other our solutions as well. All other elements of our systems are self-written too. If a client requires technical support or wants the solution to be fine-tuned, his/her requirements will be met.
Quite often, customers require some extremely specific functionality, and if a DLP system doesn’t offer such functionality, it’s considered as a system’s limitations. If this is some crucial functionality, which is required by many customers, vendors tend to add development of his functionality into their plans. For instance, we had developed the following functionality and added it to our solution:
- Integration with Physical Access Control System (PACS), BI systems
- Task-manager
- Elements of phrasal search and numerous others as well.
However, quite often, in order to meet clients’ tasks, it’s enough to simply combine existing software capabilities and there is no need to add some extra specific functionality. Clients aren’t always acknowledged about such practices, thus, vendors should share their expertise and experience. However, most vendors fail to deal with this task appropriately. Often, vendors only have the customer support department, and its employees accompany clients. At SearchInform, besides the technical support department, we also have the implementation department (which others vendors usually don’t have). Employees of our implementation department are involved in the process of working with customers right from the beginning of the test, they instruct customer representatives on how to work with the DLP system, reveal peculiarities of solutions’ work processes, help to configure the system in the most efficient way to meet the needs of customers. Implementation department specialists then accompany clients during regular work.
One more issue, which is important to take into consideration – does the vendor offer other solutions as well? Today, DLP system is the core element of protection against internal risks, thus, when choosing a solution, the customer, in fact, chooses the ecosystem of other solutions as well. If a vendor doesn’t have the full range of protective solutions, a client may face problems of integration with other systems. Quite often, this is a complicated or even unsolvable task, it’s important to bear this in mind.
2. DEPLOYMENT OF A DLP SYSTEM IS A DIFFICULT TASK, AS DLP OVERLOADS INFRASTRUCTURE
This is one of the most serious problem tasks. Developers choose different approach to the process of DLP systems work process optimization. As a result, the solutions’ technical requirements vary significantly. Despite the fact that vendors tend to precisely describe minimal technical requirements, there is quite high probability that an unexpected surprise will happen during the implementation process. The more work is to be done with the implementation, the higher the opportunity that a problem will occur.
Basically, there are two useful options for clients available. The first one – to organize the full scale stress test (deploy all the modules on the maximum number of workstations). However, it’s not always possible. The second option is to compare opinions of IS experts, who has similar number of PCs, controlled by the DLP systems. Ask them to reveal, which difficulties do they face.
At SearchInform, we permanently work on the task of reducing the hardware requirements for efficient functioning of the system. A few years ago, we improved the architecture, which led to a 30% increase in the performance of the DLP solution and allowed to expand the list of tasks solved with its help, for example, the solution successfully copes with the task of searching for data in very large networks. Previously, developers had to allocate additional capacities and new servers. After optimization, DLP requires 2-3 times less server resources than the solutions of many market competitors.
The speed of implementation is also important. If the implementation process requires weeks or months, this is unacceptable. The process may take longer if a client restricts access or if the client's company doesn’t have an onboard technical expert. In any case, the normal speed of a typical pilot implementation is a few hours. We are meeting this target because a technical support specialist and an employee from the implementation department (who helps administer the solution, configure policies and solve specific tasks) permanently accompany the customer.
3. PLENTY OF FALSE-POSITIVES
Experienced information security officers understand, that dealing with false-positives is inevitable: it’s better to deal with them, than to miss something really important. However, this doesn’t mean that the whole work process should be limited to the dealing with potential incidents. Advanced solutions enable to reduce significantly the number of false positives with the help of flexible configuration of security policies. It’s important to find the balance here.
The functionality, which enables to flexibly configure security policies is one of the main advantage of our DLP system. The solution offers a number of different types of search: by words, dictionaries, attributes, regular expressions, digital fingertips, complex search queries and combination of all types mentioned. By choosing the appropriate approach and with the help of implementation department specialist clients can precisely and efficiently configure the security policies.
4. THE SOLUTION SEEMS TO BE DIFFICULT TO ADMINISTRATE, THERE ARE NO SPECIALISTS, WHO CAN WORK WITH IT
It’s important to understand that DLP systems don’t work like antiviruses. In case with the last ones it’s often enough to install and activate the program and it begins to work immediately. The pre-configured settings for protection against data leaks in DLP are enough to perform monitoring and block resending operations according to the ready-made security policies. Of course, this ensures protection, however, in order to enhance it, it’s required to reconfigure security policies, business processes, perform investigations. If the customer lacks understanding of what to do with the data gathered, he/she will only use 10-20% of the solution's capabilities.
Another quite widely spread problem is that organizations lack onboard information security officers, who can work with the solution. If vendors don’t consider this risk, the solution can easily become totally useless for a client in a while. What also means, that the client will be inevitably disappointed with DLP systems as a class of software.
We’ve been working on this issue for a while. That’s why we established the implementation department, which helps our clients to deal with numerous tasks. As a result, we can deploy DLP solution and ensure its stable work in no regard to the IS specialists’ qualifications and whether the client has experienced onboard InfoSec officers or not.
However, there is also one more option – SearchInform MSSP. We also provide our clients with the outsourcing services, which eliminate the necessity for client’s employees to perform tasks, related to analysis and reporting. The outsourcing is helpful for companies, which don’t have an IS department. However, even companies, which have a dedicated IS department and onboard InfoSec experts can benefit from the service usage: experienced outsourcing specialists share their on-hands experience and best practices; deal with routine tasks; help in difficult cases etc.. We regularly receive feedback from our DLP system users. Those, who managed to choose the appropriate system and use its functionality 100% know that it provides nearly limitless capabilities for dealing with security, HR and business processes related issues. But in order to make sure that the system doesn’t disappoint you, and, vice versa, impress you with its functionality, it’s required to test the solution beforehand. You may request more details and a free trial of the DLP solution by SearchInform here.