Tablus has three main products to prevent information leakage. The newest is called Content Sentinel. This sends out client-side agents that install to end-point computers (only Windows at this time) using RPC connections and the administrative password for the service account. The agent installs and then downloads a larger scanning program, which searches every file and data structure on all hard drives and reports back any matching confidential-content hits. After that, it deletes itself. The agent runs only when the clients have idle time as measured by CPU and disk utilization.
Second in the triumvirate is Content Alarm NW, which sits at network choke points and reads packets, looking for controlled content heading to or from unauthorized locations. It can also crawl the network looking for confidential content.
Rounding out the offerings is Content Alarm DT, a desktop product that looks for monitored content sent in e-mail, via IM, to USB keys, and so on.
Data management starts by defining legitimate locations and types of confidential information. Content Sentinel automates the process of fingerprinting information in well-defined repositories so that Content Alarm NW can detect whether it -- or content derived from it -- is trying to leave the network. Content Sentinel looks for sensitive information in places it shouldn't be.
Tablus even has a heuristic scanning engine to detect previously undefined content that contains suspicious formatting -- such as Social Security or credit card numbers. Administrators can define queries and allow the Tablus crawler mechanisms to discover more legitimate and unauthorized locations. Information will even be found in browser caches, PDFs, XML files, Word files, and the Recycle Bin.
Findings requiring attention are brought to the forefront for action through thoughtfully created screens; the first screens show the worst, high-risk targets so you can -- and should -- start with the worst offenders.
When unauthorized content is found, the security administrator can choose to remove a particular user’s permissions from the content -- however, removing the individual user’s permissions will not override ACLs if the user is also a member of the Administrators group -- or delete the offending file. Soon, you'll also be able to encrypt and/or move the information to a safe quarantine location.
I like Tablus’ data-leak prevention solution for four reasons. One, it has a multitiered approach that attacks the problem at the desktop and network layers. Two, the user interface screens are created to give quick bang-for-the-buck alerts. Third, the product provides flexibility and customization that many similar products don’t. Last, it seems expressly built to tackle the source problem of how to identify information leakage. With Tablus, there should be fewer places for unauthorized, confidential data to hide.
This doesn’t mean the Tablus solution is perfect; it is, after all, still in the first generation, and I can already think of a few ways around it. Stay tuned for a more in-depth review from the InfoWorld Test Center in a future issue -- I can’t wait to see the results.
And while you're waiting for that review, write your representative about stopping the DATA Act -- if you haven't already.