PortAuthority tightens its data security net

Version 5.0 tracks data in motion, at rest, and in use

I appreciate when a vendor succeeds at developing a very good application. But what I find more admirable is when a vendor recognizes the deficits in its solutions, makes no excuses, and quickly goes back to the drawing board to make that app excellent.

Such is the case with PortAuthority Technologies. Although no slouch as an ILP (information leak prevention) system, PortAuthority 4.0 had some usability and functional lapses when I last looked at it. PortAuthority 5.0 corrects the major issues I uncovered, pushing it to the top of the class in this category.

I take this stand because of four main ways PortAuthority 5.0 has improved. First, security is improved, as it now catches accidental and intentional data leaks over networks, examines file repositories for confidential information, prevents data from being copied to removable media, and integrates with DRM (digital rights management) systems. Second, the Web-based user interface is simpler to use, with only a few clicks now required to review and act on policy violations. Third, you now receive 150 prebuilt policies, which universally apply to data at rest, data in motion, and data in use; moreover, the system easily switches from auditing to prevention mode. Last, PortAuthority re-engineered its appliances, making them more reliable (with built-in fail open network interface cards) and more powerful, which gives enterprises better scalability.

My tests involved the Enterprise Manager MX appliance, which handles networks with as many as 10,000 users, as well as P-500 Protector appliances, which sits on the network edge, distributing the data monitoring, enforcement, and discovery workload when you’re configuring large global networks.

No complete ILP solution will be installed overnight, but PortAuthority 5.0 should reduce IT staff workload compared with competitive offerings. That’s because Manager servers merely connect to any network hub or switch as do the Protectors, which the main appliance automatically recognizes.

PortAuthority retains an MMC (Microsoft Management Console) snap-in to manage policies; sitting on top of this are still policy wizards for deploying the system quickly. In a few clicks I’d selected prebuilt policies for U.S. federal regulations, corporate governance, and intellectual property (such as patent information).

Yet policy management is easier and more detailed. The system integrates with Active Directory and LDAP servers; this enabled me to assign policies quickly by user, group, department, or other characteristics. Drilling down into the policy settings, I could now set real-time alerts. Importantly, I individualized notifications for system administrators, security officers, and end-users based on severity. For instance, what’s considered an unintentional mistake (perhaps putting one Social Security Number in a message) could send a warning to the end-user; malicious violations would trigger a message block and send an immediate e-mail to your compliance team.

Other advanced features let me enforce variations of a policy by geography -- which is important when you must comply with international regulations.

Another aspect of policy setup is identifying confidential or private information in database tables. PortAuthority 5.0 guided me through connecting to a SQL database and specifying rules; as before, fingerprinting happened fast, with about 1 million records analyzed in 10 minutes.

To be clear, for complete data coverage I had to perform additional steps. As an example, server agents are required to protect internal data-in-motion (such as networked printers), and desktop agents are loaded to monitor how data is used locally.

Still, a single policy you create universally applies to any data location. That is, when I created a corporate governance policy to look for confidential executive communications, the system checked if relevant documents were e-mailed using Microsoft Exchange and Lotus Notes, printed, or copied to a pen drive. Plus, policies are amazingly granular; I could allow a secure USB product with a certain device ID but prohibit other manufacturers’ thumb drives.

To further evaluate how well PortAuthority 5.0 performed in real life, I also monitored Webmail, FTP, and instant messaging. Overall, false positives and false negative alerts were under 1 percent, which is somewhat better compared with other products I’ve tested. Part of this precision is because PortAuthority 5.0 classifies and extracts content from more than 370 file formats (30 percent more files than Version 4.1). It scanned nested compressed files and correctly determined if a message’s content was extracted from another protected document.

Click for larger view.
However, PortAuthority still does not scan encrypted communications. PortAuthority representatives indicated because they have so many other checks on content, they did not add this feature in 5.0. I agree with their call and the omission isn’t a show stopper. Although other systems such as Vontu dig into encrypted files, they often lack PortAuthority’s more comprehensive network and file coverage.

PortAuthority 5.0, however, adds integration with DRM systems. With a few clicks I updated a policy so documents sent to a particular partner were first automatically routed to a server running Microsoft RMS  (Rights Management Services) for protection. Besides rights management and blocking messages, other policy actions include quarantine, sending communications through an encryption gateway, and archiving sensitive data.

PortAuthority 5.0’s Web incident management and reporting side underwent serious retooling. Role-based administration in this version prohibits business owners (such as an HR representative) from viewing, say, financial-related incident listings.

Further, there’s better usability -- with typically no more than three clicks now required to go from the summary dashboard display to viewing an incident’s detail. Also, once I looked at a message’s content (with offending material highlighted and a list of policies that were violated) I used a simple drop-down list to take action or to delegate the case to another person.

I also found more accessible and thorough reporting. I sorted events by source, destination, or protected content, and by various combinations of these criteria. This advanced filtering should help organizations quickly detect incidents requiring immediate remediation.

With some ILP solutions you get good usability, while others are technically impressive. It rarer to see one that does both so well, which is my conclusion after testing PortAuthority 5.0. The clinchers for me were getting policy management and administration right.

InfoWorld Scorecard
Ease of use (20.0%)
Value (10.0%)
Scalability (15.0%)
Performance (20.0%)
Security (15.0%)
Features (20.0%)
Overall Score (100%)
PortAuthority 5.0 9.0 9.0 9.0 8.0 9.0 9.0 8.8