Orchestria 4.7 mitigates data security threats

Companies often ascribe success to “doing one thing and doing it right.” That philosophy is working for Orchestria and its ECC (electronic communication control) solution, which concentrates on preventing sensitive data from leaving organizations through e-mail, Web mail, and related channels, including blogs.

Other data-leak prevention solutions grapple with contrasting technologies, such as in-line appliances and file crawlers (see “A closer look at the insider threat detection playing field”). Orchestria protects with intelligent agents deployed to desktops and e-mail servers (Exchange and IBM Domino).

Moreover, Orchestria extracts messages and conversations from Lotus Notes.nsf, Exchange.pst, and instant message.msg files and integrates with EMC, Zantas, IBM, and Symantec storage management applications for historical investigation of unstructured data.

Impressive scalability

My test bed mirrored a typical enterprise: a network with Microsoft Active Directory and Exchange servers. I added the Orchestria central management server and a second server that handled policy enforcement.

In practice, you would likely install multiple policy engines at different points on your network for scalability, which is the best I’ve seen to date. Typical performance is 300 messages per second; Orchestria’s largest production implementation monitors 275,000 users and processes 9 million messages per day (3,000 messages per second) with this distributed architecture.

Click for larger view.

Besides the agent approach, Orchestria touts its easy, ongoing maintenance and highly customized, accurate polices. I checked these statements using the Administration Console and Policy Editor. The claims held up, due to two things: First, policies adhere to an organizational hierarchy, which can be as complex as you need. Orchestria automatically synchronized Active Directory groups (LDAP import is also supported) with my policy hierarchy. This is especially important in large organizations where there can be hundreds of personnel changes each day; when a user moves from one group to another, his or her policies change automatically.

Second, Orchestria offers Policypaks covering violations involving regulatory noncompliance, corporate governance, and confidential security leakage. I was disappointed to find no Web front end to the server’s policy administration management console or wizards, something most other solutions provide.

Still, after a little learning, I was traversing quickly through nodes within my hierarchy and changing policy definitions. For example, I selected a top-level group and used various menus to define new triggers within policies, as well as the action I wanted taken when the trigger criteria were satisfied. You can apply the same process all the way down to a specific person.