Block data leaks at the endpoint
TrendMicro, Websense offer effective protection against insider security breaches
TrendMicro's LeakProof installation was eased by the fact that a physical appliance was used, instead of a software installation. However, the installation documentation was somewhat lacking. The quick start guide that shipped with the product contained a port diagram that did not match the configuration of ports on the PowerEdge 1950 that was used. Next, the user name and password on the sheet did not work. An e-mail to support returned an updated Quick Start guide containing a working login (though the port diagram was still incorrect). This guide mentioned a configuration utility that was apparently supposed to start at first login, but did not give the name of the command to start it by hand. Since the utility did not start on first login, network configuration had to be performed manually. Fortunately, the system is built upon CentOS (a free RedHat clone), which we were familiar with.
From this point on, sailing was relatively smooth for LeakProof's installation. The endpoint agent installer was command line driven, requiring the administrator to specify the IP address of the management server. Deployment via Active Directory or System Center Configuration Manager are also advertised, but were not tested.
Identity Finder's installation process was about average. No major problems were encountered, but the reviewers had to manually install .Net 3.5, Microsoft Report Viewer 2008 and IIS 6.0 or better before the installer would continue. Since the first two are freely available, and the third is a Windows component, this process could definitely be automated. After installation, the license file needed to be manually copied into the directory containing the management console executable.
The Identity Finder installer also created a registry file that, along with the installer and license files, needed to be copied to the clients. The registry file needed to be manually executed to add the management server information to the registry, and then the installer could be executed from the command line.
LeakProof and Identity Finder's management server configuration is done entirely from a Web console. Data Endpoint has a Web console for policy and profile management, but also a separate MMC snap-in for management of the server itself. Websense is working towards unifying this into a single Web-based console.
Data Endpoint for the most part had the easiest-to-use configuration, other than being split into two interfaces. After an orientation from an engineer at Websense, we were able to navigate comfortably around the interfaces. That said, a couple of the test items required additional support to configure fully. Initial policy configuration is a breeze with the Policy Wizard. This tool asks the administrator what type of organization is using the product (for example, government, finance, healthcare, education) and in which locality the product is to be used. It then tailors a (long) list of available templates. For this test, only the HIPAA and PCI templates were used, but many others could have been enabled.
After the initial configuration of policy profiles, the administrator moves over to the Web interface to configure profiles for protection. This test only made use of the default profile, but the ability to target profiles for different computers or users is available. Each profile consists of channels and services (applications). The administrator selects which channels to protect, and then configures the blocking actions for the desired groups of applications, or individual applications.