Beta testers of a data-loss prevention add-on to Cisco's IronPort security appliances say DLP is looking like a fine complement to existing anti-virus and anti-spam filtering capabilities.
"We turned on the full range of filters to put it through its paces," says Simon Rainey, principal Internet consultant for RM Education, the United Kingdom's largest supplier of information technology products and services to schools there. While he says there have been a few false positives, the beta test, into its sixth week, has been largely successful.
The Oxford, England firm wants to see how well IronPort with DLP (based on RSA technology) will detect content related to intellectual property, credit cards and financial information. RM Education now has its IronPort gateway, which it has been using for two years, monitoring for unauthorized transmission between employees and business partners.
He says there is a process of "tuning" the DLP filters to monitor and block specific types of material between employees at RM Education and business partners. Some people, for instance, are allowed to send and/or receive CAD or Microsoft Project files, whereas others aren't.
That DLP control is typically configured based on an e-mail address or a domain name. The process undertaken so far with DLP at RM Education is to notify the business line manager of possible content-transmission violations.
Another DLP tester
Another IronPort DLP beta-tester, Dublin, Ireland-based financial-services firm EBS Building Society, has used IronPort gear for about 18 months for e-mail security. While the DLP option includes pre-defined categories of content to watch for, EBS is testing the DLP add-on to protect information of particular importance to its 400,000 customers and 100 offices."Regulatory compliance is important for us, so we're looking at [Payment Card Industry] data automatically. We're also watching for suspicious transmission of spreadsheets," says David Cahill, information security officer at EBS.
Some types of data should not be sent out unless it's encrypted, so in this DLP evaluation period, EBS is quarantining e-mail and sending a notification to the sender about the policy violation.Cahill says the company is intercepting certain material but that there is relatively little of it and it's usually sent accidentally. "It's my job to make sure people are aware of the security requirements. The system is giving us the capability to enforce those rules," he says.
Both Rainey and Cahill regard DLP filtering at the e-mail gateway as a fairly low-cost and simple way to get started with DLP in their organizations. (While the official product release is yet to come, Cisco earlier this year spoke of about $10 per user as a price point for IronPort DLP). Full-fledged DLP systems, which encompass desktops and gateways, are still expensive, starting in the six figures.
Desktop DLP at this point would be a "huge initiative," says Cahill, and it would be hard to get management buy-in for an enterprise-wide deployment.