Vontu 7 covers your end point
On top of end point monitoring, new version adds configurable dashboards, database encryption
Next I uploaded 1,000 documents containing sensitive data to test IDM (Indexed Document Matching). The third technology, DCM (Described Content Matching) uses keyword lexicons, Boolean logic, and data identification patterns (for example, ABA routing numbers or credit card magnetic stripes) to look for information in nonindexable data (such as e-mail messages). Vontu states a single Enforce server can handle more than 500 million rows of data for EDM and upward of 2 million documents for IDM.
I especially like Vontu's granular detection capabilities. Using just a few forms, I added rules that employed the files previously registered -- for example, if an e-mail had "confidential" in the text, it was blocked from being sent to an external address. During this process, I also defined severity levels for various conditions, such as the number of complete or partial matches that must be found to trigger a response. Importantly, a single policy covers all three Vontu product lines, which in addition to Endpoint Monitor include Vontu Discover and Protect and Vontu Network Monitor and Protect.
In previous testing, I'd focused on Vontu Network Monitor and Vontu Network Prevent, which protect data in motion. In this round, I looked primarily at how well some new additions in these modules worked, including preventing leaks via FTP, HTTPS, and instant messaging over HTTP tunneled protocols.
For data at rest (Vontu Discover and Protect), I scanned Lotus Notes databases and looked at another new feature that discovered the ownership of information (who created the file). And for Endpoint Monitor, my exercises involved monitoring what was copied to removable media on a laptop and monitoring files downloaded at this end point.
The combination of multiple rules, detection technologies, severity levels, and exceptions resulted in no false positives in my evaluation, and all communications containing restricted information were found. I believe a large live implementation should mirror these results; representatives of one large Fortune 100 insurance company using Vontu related they hadn't seen a false positive in six months.
The second part of a strong information protection policy involves response rules. For most incidents, I instructed Vontu Enforce to handle these automatically, such as sending e-mail notifications to end-users, stating which policy was violated and how to follow company procedures. Additionally, Vontu Network Prevent successfully blocked FTP and HTTPS transmissions. Vontu 7, as in past versions, routes e-mail through standard encryption gateways.
Vontu integrates with several other third-party products, including Blue Coat's SG Proxy, Cisco Content Engine, and Network Appliance Netcache, but I did not have the opportunity to test these.
Vontu Protect worked properly in copying sensitive files found on a LAN file share to a secure area on the Vontu server. Importantly, the system left a marker in the file's original location so that users knew what happened and where the file currently resided.