Block data leaks at the endpoint
TrendMicro, Websense offer effective protection against insider security breaches
Data Endpoint gives the power to run a custom script on the item -- perhaps moving it to a secure location and leaving a notification message in its place, or encrypting the file. The only limit is the administrator's scripting ability.
On the other hand, LeakProof has the capability to gather more information from the user. LeakProof gives the option to request a justification for the action, instead of just a yes or no allow decision, as in Data Endpoint.
To be clear, either of these options is only available to the user when the confirmation response is selected instead of the block response. Both Data Endpoint and LeakProof can be completely silent about blocking the activity. The user might never know the agent is on the system.
Identity Finder gives the user options about what to do with a discovered sensitive file. The user may move it into an encrypted file vault (maintained by Identity Finder); shred the file any number of times; quarantine the item to a secure location; or if the file is a text file, Office 2007 file or PDF, scrub the offending items from the file. We were only able to verify the scrubbing functionality for text files. The central console controls the selection of these features that are available to the end-user.
A feature that left us somewhat on the fence was Data Endpoint's application-centric policy configuration. While this gives a very fine level of control to the administrator, it leaves one open to a constant stream of new applications that must be detected and added to the policy. In an environment where users are not allowed to install software, this might be less of an issue.
Another potential downside is that if an administrator wishes to control copying to network shares, unauthorized internal hard drives or other folders on the same drive, he must block Explorer.exe's access to sensitive files. Obviously this will create some issues, as Windows will be cordoned off from them.
None of the installations were particularly difficult, though they all had their minor shortcomings.
Websense requires both Oracle and MS SQL to be installed on the system, as well as .Net 3.5. Thankfully, these items were all bundled with the installation files provided, and their installation was wrapped into the installer. We had to manually extract the installer files for Oracle and MS SQL and then instruct the installer where to find them. Considering the items are all bundled together, this seems like something that could be automated. After installation, the management console was used to input the licensing information provided by Websense.
Data Endpoint includes a utility to build installation packages for the endpoint software. In this utility, the administrator specifies the IP address of the management server and a couple of other parameters. From this information, Data Endpoint builds a customized installer package that can be used to deploy the agent to the clients. For this test, the files were copied to the clients and manually installed.