Scalable, policy-based monitoring oversees e-mail, IM, devices for potential leaks
Companies often ascribe success to “doing one thing and doing it right.” That philosophy is working for Orchestria and its ECC (electronic communication control) solution, which concentrates on preventing sensitive data from leaving organizations through e-mail, Web mail, and related channels, including blogs.
Other data-leak prevention solutions grapple with contrasting technologies, such as in-line appliances and file crawlers (see “A closer look at the insider threat detection playing field”). Orchestria protects with intelligent agents deployed to desktops and e-mail servers (Exchange and IBM Domino).
Moreover, Orchestria extracts messages and conversations from Lotus Notes.nsf, Exchange.pst, and instant message.msg files and integrates with EMC, Zantas, IBM, and Symantec storage management applications for historical investigation of unstructured data.
My test bed mirrored a typical enterprise: a network with Microsoft Active Directory and Exchange servers. I added the Orchestria central management server and a second server that handled policy enforcement.
In practice, you would likely install multiple policy engines at different points on your network for scalability, which is the best I’ve seen to date. Typical performance is 300 messages per second; Orchestria’s largest production implementation monitors 275,000 users and processes 9 million messages per day (3,000 messages per second) with this distributed architecture.
Besides the agent approach, Orchestria touts its easy, ongoing maintenance and highly customized, accurate polices. I checked these statements using the Administration Console and Policy Editor. The claims held up, due to two things: First, policies adhere to an organizational hierarchy, which can be as complex as you need. Orchestria automatically synchronized Active Directory groups (LDAP import is also supported) with my policy hierarchy. This is especially important in large organizations where there can be hundreds of personnel changes each day; when a user moves from one group to another, his or her policies change automatically.
Second, Orchestria offers Policypaks covering violations involving regulatory noncompliance, corporate governance, and confidential security leakage. I was disappointed to find no Web front end to the server’s policy administration management console or wizards, something most other solutions provide.
Still, after a little learning, I was traversing quickly through nodes within my hierarchy and changing policy definitions. For example, I selected a top-level group and used various menus to define new triggers within policies, as well as the action I wanted taken when the trigger criteria were satisfied. You can apply the same process all the way down to a specific person.
Policies, of course, are only good when accurately interpreted. Orchestria does this behind the scenes with a combination of various real-time message analysis tools, ranging from document classifiers (statistical analysis that looks for, say, dollar figures or dates) to semistructured analysis (looking for character patterns, such as Social Security numbers). The system extracts text from more than 200 file types.
Orchestria also applies contextual analysis to data found in file and message archives. Rather than just looking at e-mail attachments in a Notes database, Orchestria will consider other factors, such as number of message recipients, to determine whether it should be flagged as suspicious.
I ran Orchestria through approximately a dozen scenarios, sending messages through Outlook, Outlook Web Access, and Hotmail, and making blogger.com posts. All suspect messages were trapped successfully.
I was impressed with the system’s flexibility. For instance, I tried to send a message externally that did not have the proper disclaimer; Orchestria provided instant feedback about the specific violation and gave me the opportunity to correct the problem. This feedback helps educate users about acceptable use, while providing a chance to correct the problem -- a process that should reduce the number of violations that must be reviewed.
Besides blocking with notification, the software can also warn users about a potential problem. For serious infractions, messages are quarantined for action by compliance officers.
Reviewing and reporting
Audits are performed through the iConsole Web application. Security supervisors can easily create precise custom searches, such as all items sitting in quarantine, but can bypass messages that would be a waste of time reviewing -- meeting requests, for example.
Equally important was the single-screen reviewing panel: I could review the actual message, see which policies were violated, and take action, such as releasing the message or extending the workflow (perhaps sending it along for legal review) without changing windows. Intelligent Review, another valuable search feature, lets you evaluate messages (including IM, which isn’t handled in real-time) from different perspectives after they have been sent. In my test, Orchestria helped me find all problem messages sent by the same person, which could help uncover a pattern of questionable activity by an employee.
Along with the deferred reviews, a small Executive Console displays instant alerts based on various thresholds. I could quickly click on a blocked event, view details, and push it along for further action without opening iConsole.
Orchestria has some common reports that will help in proving compliance to outside auditors (Proof of Supervision) and be useful for internal reviews (Repeat Offender). It does not have a formal report writer, but Orchestria will work with clients to develop custom reports. Still, I missed automated features, such as generating and e-mailing reports on set schedules.
While I’ve tested more policy-friendly and complete solutions for general business, I still believe Orchestria is up to ensuring regulatory compliance, protecting intellectual property, and securing against confidential data leaks. One gap it does have lies in protecting data at rest, a feature planned for the forthcoming Version 4.8 with agents for file servers and databases.
Aside from those small shortcomings, this version of the software is a good addition to your data security strategy. A number of Orchestria’s largest clients are in the financial sector, where regulatory compliance is especially rigorous. For these firms and those in similarly strict lines of work, Orchestria 4.7 is a smart, proven solution that handles unique requirements, such as blocking communications between different departments.
Ease of use (20.0%)
Overall Score (100%)
ARM's Mbed OS will be free for use on ARM chips when it's released next year
Google fires back at Microsoft, which last week cut prices of some Azure services
The software you'll install on your PC is an early stage version of the OS that'll have bugs and...
The larger design is very welcome, but there's much more to the iPhone 6 than a bigger screen
Get the scoop on the security threat billed as the biggest since Heartbleed
The company is expected to unveil a preview of the Windows 8 successor on Tuesday
Modularity, JSON, smart compilation -- Java's future offers compelling features to look forward to
Remember that incredibly stupid thing you did a decade or two ago? You wouldn't want to live it down
The reality distortion field wasn’t merely clever PR: Jobs used the three tools of classic rhetoric to
Brick 2.0 creates customizable Web UI elements via features in HTML5