Information leak prevention solutions have evolved predictably. First, they identified, and then blocked, sensitive data moving around your networks. Next, the cycle repeated with information resting in data repositories. The latest installment safeguards data at end points. This is especially important for mobile workforces with sensitive files residing on laptops and other portable devices; if the unit is stolen or otherwise compromised, data loss is clearly a major problem.

The Bottom Line Vontu 7 Vontu, vontu.com Excellent  8.8 criteria score weight Ease-of-use 9 20% Features 8 20% Management 9 20% Performance 9 20% Scalability 9 10% Value 9 10% Cost: Starts at $25,000 Platforms: Microsoft Windows Server 2003 (32-bit Enterprise Edition) or Red Hat Enterprise Linux 4; Oracle 10g database Bottom Line: Vontu 7 remains adept at pinpointing potentially costly security breaches, providing thorough data-leak protection. Vontu Enforce provides a central spot for policy creation and management, incident workflow, and reporting. It integrates seamlessly Vontu's five modules, which collectively cover data at rest, data in motion, and now with the new Endpoint Monitor, data at end points. All that's missing is the capability of blocking at the end point, which will be possible with Version 8. About our Reviews and Scoring Methodology

[ Vontuwas selected for an InfoWorld Technology of the Year award. See the slideshow to view all winners in the security category. ]

When InfoWorld last reviewed Vontu, Version 5 was at the midpoint of this cycle, offering full network coverage and the capability of discovering sensitive information in file systems, database, and e-mail archives. Vontu 6 included data-at-rest protection for these repositories. Now, with the introduction of Vontu Endpoint Monitor (which checks for sensitive data on removable media, USB devices, iPods, external drives, and data downloads), Vontu 7 is a near-total solution for guarding confidential customer and company information.

Other leak-prevention products block at the end point, such as prohibiting files from being copied to external devices. Version 8 will include this feature, according to Vontu. Otherwise, there's enough solidity in Vontu 7 to make it a prime choice for financial institutions, manufacturers, technology companies, and retailers.

Eye on the data prize
Vontu Enforce is the glue of Vontu 7. This server provides centralized policy management, unified reporting of incidents from the five monitoring and prevention modules, automated policy enforcement, and remediation workflow.

Click for larger view.

Key to preventing data loss is accurately detecting confidential data -- the first half of a policy. (The second half is response rules, which I'll discuss further on.) Vontu 7 ships with more than 60 policies; these certainly provide you with an excellent starting point and best practices for setting up your own policies. However, what makes Vontu Enforce so strong is its three types of underlying detection technology and how they can be customized and combined for near-perfect detection performance.

I started testing Vontu 7 at the Vontu Enforce Web console by fingerprinting a text file with 1 million rows of customer names and associated Social Security numbers -- a process called EDM (Exact Data Matching), the first of the three underlying detection technologies. Additionally, I registered content from several SQL Server databases.

Next I uploaded 1,000 documents containing sensitive data to test IDM (Indexed Document Matching). The third technology, DCM (Described Content Matching) uses keyword lexicons, Boolean logic, and data identification patterns (for example, ABA routing numbers or credit card magnetic stripes) to look for information in nonindexable data (such as e-mail messages). Vontu states a single Enforce server can handle more than 500 million rows of data for EDM and upward of 2 million documents for IDM.

I especially like Vontu's granular detection capabilities. Using just a few forms, I added rules that employed the files previously registered -- for example, if an e-mail had "confidential" in the text, it was blocked from being sent to an external address. During this process, I also defined severity levels for various conditions, such as the number of complete or partial matches that must be found to trigger a response. Importantly, a single policy covers all three Vontu product lines, which in addition to Endpoint Monitor include Vontu Discover and Protect and Vontu Network Monitor and Protect.

In previous testing, I'd focused on Vontu Network Monitor and Vontu Network Prevent, which protect data in motion. In this round, I looked primarily at how well some new additions in these modules worked, including preventing leaks via FTP, HTTPS, and instant messaging over HTTP tunneled protocols.