Enterprise IT administrators didn’t need the recent stories about large-scale data breaches at TJX (network compromise exposing credit data of hundreds of thousands of consumers) or Canadian Imperial Bank of Commerce (lost hard drive with personal financial information on 470,000 mutual fund customers) to convince them that data leaks were an urgent problem in need of attention. Frankly, corporate boards of directors and auditors have been screaming in their ear about it for a while now.
But so far, there’s been a dearth of enterprise-ready end-point protection products that can monitor and lock down data transfers both online and offline without crippling productivity. However, with the RSA Security Conference on the horizon, a crop of new products may finally give IT some weapons to plug the holes of leaking data.
Last week brought news from two companies: PointSec (CheckPoint’s newest acquisition) and startup Provilla.
PointSec Protector, an enterprise data protection product, combines encryption technology with Reflex Magnetics DiskNet Pro technology to secure computer ports, storage devices, and e-mail.
PointSec initially focused on mobile data protection for smartphones, PDAs, and other devices. But the growing threat posed by corporate insiders prompted the company to broaden its scope, said president Martin Leamy.
Startup security firm Provilla last Monday pulled the covers off LeakProof, an enterprise leak prevention product, said Glenn Kosaka, vice president of marketing.
The new solution uses data fingerprinting technology that Provilla calls “DataDNA” to tag sensitive data, which can then be monitored both at rest and in motion by in-office, mobile, or branch-office employees. The product uses an appliance-based server to scan for sensitive data and set policy, and a lightweight client to flag or block unauthorized copying of sensitive data online, offline, or via public networks, Kosaka said.
Benjamin Powell, a senior IT security analyst said his employer, a large financial institution, is deploying the Provilla LeakProof product for approximately 1,000 users after trying the product in beta for 11 months. The company will use Provilla to monitor source code, data files, and some types of data elements such as credit card and Social Security numbers, Powell said.
This week, two more companies, Vontu and Tizor, announced data-protection and leak-prevention tools.
Vontu is unveiling Vontu 7, which adds monitoring of USB drives and removable storage devices, discovery features for scanning and securing data stored on the network and better workflow and reporting, said Steve Roop, vice president of marketing.
Tizor Systems said it will announce Mantra V5, a data auditing and protection solution that can discover, monitor and report on the activity of specific types of data, such as credit card numbers and Social Security numbers, in databases, file servers and mainframe environments.
Auditors are pushing hard for companies to address the data leak problem, Vontu’s Roop said.
“The big trend we’ve seen in the last six months is that auditors are giving very specific dates to do scanning, clean up data shares, and remove confidential data,” Roop said.