For data at rest (Vontu Discover and Protect), I scanned Lotus Notes databases and looked at another new feature that discovered the ownership of information (who created the file). And for Endpoint Monitor, my exercises involved monitoring what was copied to removable media on a laptop and monitoring files downloaded at this end point.

The Bottom Line Vontu 7 Vontu, vontu.com Excellent  8.8 criteria score weight Ease-of-use 9 20% Features 8 20% Management 9 20% Performance 9 20% Scalability 9 10% Value 9 10% Cost: Starts at $25,000 Platforms: Microsoft Windows Server 2003 (32-bit Enterprise Edition) or Red Hat Enterprise Linux 4; Oracle 10g database Bottom Line: Vontu 7 remains adept at pinpointing potentially costly security breaches, providing thorough data-leak protection. Vontu Enforce provides a central spot for policy creation and management, incident workflow, and reporting. It integrates seamlessly Vontu's five modules, which collectively cover data at rest, data in motion, and now with the new Endpoint Monitor, data at end points. All that's missing is the capability of blocking at the end point, which will be possible with Version 8. About our Reviews and Scoring Methodology

The combination of multiple rules, detection technologies, severity levels, and exceptions resulted in no false positives in my evaluation, and all communications containing restricted information were found. I believe a large live implementation should mirror these results; representatives of one large Fortune 100 insurance company using Vontu related they hadn't seen a false positive in six months.

Responding appropriately
The second part of a strong information protection policy involves response rules. For most incidents, I instructed Vontu Enforce to handle these automatically, such as sending e-mail notifications to end-users, stating which policy was violated and how to follow company procedures. Additionally, Vontu Network Prevent successfully blocked FTP and HTTPS transmissions. Vontu 7, as in past versions, routes e-mail through standard encryption gateways.

Vontu integrates with several other third-party products, including Blue Coat's SG Proxy, Cisco Content Engine, and Network Appliance Netcache, but I did not have the opportunity to test these.

Vontu Protect worked properly in copying sensitive files found on a LAN file share to a secure area on the Vontu server. Importantly, the system left a marker in the file's original location so that users knew what happened and where the file currently resided.

Click for larger view.

In cases where security incidents required manual intervention, Vontu 7's workflows were quickly built and convenient for security staff. For example, I crafted an e-mail to an HR department first responder that provided all necessary context: the type of incident by protocol; the offending file, policy, and detection rule that was violated; and even information showing how the incident correlated to similar incidents by the sender. Clicking a link within the e-mail took the incident team member directly to the full incident report for appropriate action.

Besides these incident lists, Vontu provides an executive dashboard and incident summaries that identify security trends within an organization. Moreover, Vontu 7 includes more than 50 new system reports. These prebuilt templates include compliance reports, such as Sarbanes-Oxley, HIPAA, and PCI security standards. In addition to the breadth of reports, I liked the new multidimensional summaries. For instance, I displayed a report of all data-in-motion incidents and filtered it to see just high-severity incidents last month. I then summarized the results by business unit and policy violated to pinpoint the location of data loss risk and the precise type of risk.

On the technology side, Vontu continues to be very scalable and flexible. I really like the ability to deploy the software on existing Windows or Linux servers. Vontu 7 also adds database encryption to prevent anyone with database server administration privileges from directly accessing the Vontu database without a trace; this is especially important for overall system integrity and auditing because no one can make changes to records without the edits appearing in Vontu logs.

Vontu 7 maintains its accurate detection of security breaches, and it now handles 32 Western and Asian languages. With the exception of blocking at the end point, the various modules provide thorough data leak protection. Also important is how well Vontu integrates the modules (which were all developed in-house). The resulting centralized policy management makes the system easy to maintain while producing reports covering all possible data leak pathways.