PortAuthority, which was recently acquired by Websense, sells software called Precise ID. The software uses multiple detection methods to identify and classify structured or unstructured data, including rules, dictionaries, keywords, threshold counts, categories, lexicons, statistical analysis, and content-matching. It recognizes more than 370 file formats, including popular archival types such as .zip. Searches can be made on storage media (what PortAuthority calls “data at rest”) or while the data is in use.
Evaluate your options
Preventing data leaks requires a multipronged approach. Although no single product can do it all, many companies are buying ILP-specific technologies, such as those found in PortAuthority Technologies’ product line.
Securent CEO Rajiv Gupta, puts it best: “Companies are tasked with making their applications more broadly available to a wider range of customers, end-users, and partners, while at the same time making sure unauthorized access isn’t granted. If everyone is sharing the same data, it often takes a ‘Chinese Wall’ type of product to help keep users and data appropriately segregated to ensure compliance.”
Securent’s Entitlement Management Solutions attempt to keep internal and external parties away from data sources by focusing on authorization. Other vendor systems handle identity and authentication, but then administrators define user authorization policies to enforce who can see what. Securent’s products work by wrapping end-point applications in an application-level shim. Securent’s policy engine and enforcement points can provide additional granularity that the application or operating system itself cannot deliver.
PortAuthority Protector Appliances passively monitor network communications, looking for confidential data in e-mail, IM, file transfers, and Web postings. If protected content is detected, the information is dropped, the device or its port may be disconnected, and management is notified.
Tablus offers similar protection with its Content series of products. Tablus even comes with several built-in policies that understand what types of information fall under different compliance categories.
Other vendors are providing solutions that lock out inappropriate uses of the data. Microsoft’s RMS (Rights Management System) software encrypts protected data. The data owner or originator can decide what users and uses are valid. For example, data can be sent out to a select group -- some people on the mailing list can edit, print, and forward the data; others may be able only to view the data. Every time a protected data file is accessed, it must “phone home” to an RMS authentication server before the encryption is removed. An employee could be terminated, and even though the former worker has a copy of the document at home in an e-mail inbox, he or she may be unable to open it any longer.
Thin clients manufacturers say they’re seeing a rise in interest in sales as the stripped down machines (no CD-ROM, no USB ports, and so forth) are increasingly viewed as useful in improving overall security while working toward desktop consistency.