Block data leaks at the endpoint
TrendMicro, Websense offer effective protection against insider security breaches
LeakProof won our performance testing, scoring a 76% overall success rate to 68% for Data Endpoint. LeakProof scored 100% in blocking HIPAA and PCI data, 100% blocking various types of code and 96% blocking different access to media, such as thumb drives and CDs. LeakProof scored only 29% blocking legal documents and 18% blocking via file names, although the company argues that this functionality is irrelevant because file names don't tell you anything about the content of the file.
When it came to exfiltration methods, LeakProof was remarkably consistent, blocking roughly 75% of sensitive data no matter which method was used. LeakProof did have a problem blocking smaller portions of a fingerprinted document.
Though Data Endpoint was able to catch pages, it was not able to catch paragraph- or sentence-sized excerpts. This could pose a problem for documents where only a couple paragraphs contain truly sensitive information. Thankfully, most scenarios where this would pose a problem are handled by other mechanisms (such as pattern matching and keyword blocking).
Data Endpoint scored higher than LeakProof in many categories of exfiltration methods. For example, 85% each for blocking via USB drive, CD and Webmail, compared with 75% for LeakProof in those three categories. However, the current version of Data Endpoint doesn't block users from moving data to shared network drives without denying Windows access to these files, so it scored a zero in that category. Websense plans to provide enhanced support for CIFS shares in Version 7.5, which should remedy this shortcoming.
While neither product had an explicit file name matching ability, the keyword ability in Data Endpoint was able to largely achieve the same purpose.
Identity Finder performed well within its intended purpose. The only HIPAA- or PCI-related data it did not identify was American Express card numbers. It had no trouble with Mastercard or Visa numbers, names, addresses, phone numbers, or Social Security numbers. However, it also found a large number of false positives in Windows system dynamic link libraries and other program files that it thought were sensitive information.
Data Endpoint seemed to be the most lightweight of the agents. It only consumed up to 30MB of memory, and a small share of the processor. Hard disk usage was between 68MB (in Windows 2008) and 91MB (in Vista). It's worth repeating that it was the only program with an option to throttle discovery network usage.
LeakProof used a quarter to half of the processor, and a max of 50MB of memory. Hard drive space was a little less than Data Endpoint, weighing in at 55M to 67MB (again with Win 2008 taking the least and Vista taking the most). Blocking actions never got in the way of system operation.
Identity Finder's discovery scan consumed most of the processor and up to 60MB of memory. Canceling a scan forced the program to finish scanning the file it was on before it would terminate. Hard disk usage was consistent around 47MB.
LeakProof was the best general-purpose endpoint DLP tool of the three. Configuration was painless, performance was tops, it was the least obtrusive, and it enforced policies across the entire system.
Data Endpoint by far gives the administrator the most power. The fully packaged installation, ability to draw on a large selection of policy templates from around the world, scriptable custom actions upon detection, tailored actions per-application, and scheduled fingerprinting of files in a network share make DSS by far the most attractive feature-wise.