Several companies make a compelling argument for securing data at the origin, in contrast to the network-sniffing approach.
Client agents prevent people from moving files to removable media or both copying and pasting data from the source to, say,
an IM session. This host-based approach is initially more expensive to acquire and administer, yet it delivers strong security
to complex enterprise environments (see Securing data at the point of use and ITM peers inside the inside threats).
iLumin Assentor Compliance 3.3
iLumin’s Assentor Compliance solution is a mature product that was first used by the financial industry to monitor e-mail
and IM. Thus, many of its more than 1,000 recognized violation patterns relate to broker communications and therefore meet
Securities and Exchange Commission selective-disclosure and insider-trading rules. However, the latest version branches out,
spotting and halting more general communication problems, such as harassing messages that should be acted upon by HR. Although
it doesn’t ship with formal policies to meet specific governmental regulations, iLumin’s custom policies could be made for,
say, HIPAA or European Union data-protection directives.
Compliance’s administration and user interfaces lack polish, but they become understandable after minimal training. Web forms
kept me from fumbling when I updated the dictionary of words, stock symbols, and phrases to be tagged and the words to be
excluded from scans. In the same way, I registered documents that lawyers in a legal department had approved for public viewing
so the documents would not be flagged.
This solution works in two modes, pre-event and post-event. When the software finds unacceptable or suspect content in pre-event
mode, it stops the correspondence and routes the message to a quarantine queue for review by an appropriate supervisor. When
it finds suspicious content in post-event mode, Assentor Compliance allows the message through and simultaneously routes a
copy to a supervisor for later action.
After streaming test messages through the server, I used the Web interface to check the results. A single window display clusters
problem e-mails or instant messages, shows the actual message with the problem areas tagged, and then lists the suspected
violations. The NLP did a good job discerning intention (“I am going to sue you”) from a person’s name (Sue), which minimized
false positives.
Threshold Management allowed me to improve efficiency by adjusting the tolerance and quarantine action for each problem category.
For example, an inappropriate joke might not warrant a manager review, but every attempt at passing insider information should
be stopped and subject to review. iLumin’s language understanding was accurate enough to usually discern between these two
situations. In the few cases where the software wasn’t certain about a message’s intent, it played it safe and blocked the
message.
To streamline and lessen auditors’ work, Assentor provides next to each message icons that quickly invoke commands including
Audit Trail, Add Comments, and Send Warning. Other time-saving functions include Mass Approve and Mass Reject.
The system accurately scanned the text of most attachments, including PDFs, and then allowed me to open the files to verify
there was a problem. Plus, Assentor detects and quarantines encrypted e-mail.
Version 3.3 has improved reporting. For example, compliance reviewers now get information such as the percentage of messages
approved or rejected, plus a list of problem messages organized by groups or employees. Importantly, using the Admin Console,
I was able to configure different archive times for different groups, accounting for varying retention periods among employees
and subsidiaries.
At a higher level, compliance executives can generate reports that summarize message problems of each type. Additionally,
I could audit the system to make certain no one had changed thresholds on content analysis without approval. This additional
measure of accountability could prove valuable in an investigation.
iLumin Assentor Compliance 3.3
iLumin Software Services, ilumin.com
|
 Good 7.8 |
|
| criteria |
score |
weight |
| Ease-of-use |
8 |
20% |
 |
| Features |
8 |
20% |
|
| Performance |
7 |
20% |
|
| Reliability |
8 |
20% |
|
| Scalability |
8 |
10% |
|
| Value |
8 |
10% |
|
|
|
Cost:
Basic Mailbox Management begins at $15 per mailbox
Platforms:
Microsoft Windows 2000 Server or Windows Server 2003
Bottom Line:
Assentor Compliance scans and archives messages, and helps ensure e-mail follows corporate and regulatory requirements. It
works well with all e-mail platforms, plus it supports IM, Bloomberg, and BondDesk. The UI isn’t pretty, but admins can use
it to quickly adjust message-retention length and other characteristics such as keywords to watch.
|
|
About our Reviews and Scoring Methodology
|
|
Reconnex iGuard 3300, Version 1.4
Reconnex, reconnex.com
|
| Excellent 8.9 |
|
| criteria |
score |
weight |
| Ease-of-use |
9 |
20% |
|
| Features |
9 |
20% |
|
| Performance |
9 |
20% |
|
| Reliability |
9 |
20% |
|
| Scalability |
9 |
10% |
|
| Value |
8 |
10% |
|
|
|
Cost:
$70,000
Platforms:
Proprietary appliances
Bottom Line:
iGuard analyzes multiple protocols and content types at network speeds, giving immediate views to insider threats. Users easily
create customizable rules for message monitoring, capture, storage, and data mining. Examiners receive notifications of violations
and effortlessly view the actual content. This system is notable for saving all communications.
|
|
About our Reviews and Scoring Methodology
|
|
Tablus Content Alarm NW 2.1
Tablus, tablus.com
|
| Very Good 8.4 |
|
| criteria |
score |
weight |
| Ease-of-use |
8 |
20% |
|
| Features |
8 |
20% |
|
| Performance |
8 |
20% |
|
| Reliability |
9 |
20% |
|
| Scalability |
9 |
10% |
|
| Value |
9 |
10% |
|
|
|
Cost:
Starts at $25,000
Platforms:
Hardened Linux appliances
Bottom Line:
Content Alarm’s distributed, scalable architecture is especially appropriate for global enterprises. A combination of linguistics
analysis, keywords, and signatures initially discover the damaging data. File crawlers accurately classify information and
manage documents through their lifecycle. An encrypted audit log maintains message details.
|
|
About our Reviews and Scoring Methodology
|
|
Vericept Enterprise Risk Management Platform 7.1
Vericept, vericept.com
|
| Very Good 8.5 |
|
| criteria |
score |
weight |
| Ease-of-use |
9 |
20% |
|
| Features |
8 |
20% |
|
| Performance |
8 |
20% |
|
| Reliability |
9 |
20% |
|
| Scalability |
9 |
10% |
|
| Value |
8 |
10% |
|
|
|
Cost:
Ranges from less than $3,000 to $1,000,000, depending on implementation, number of users, and modules
Platforms:
Appliance or licensed application running under Red Hat Enterprise Linux 3.0
Bottom Line:
Vericept’s monitoring, reporting, and inquiry tools help spot general data-leak problems; reports verify compliance. Flexibility
is strong, with time-based inspection of inbound and outbound traffic and automatic routing of problematic messages to designated
auditors, but messages aren’t blocked. Managers can either use built-in categories or customize rules.
|
|
About our Reviews and Scoring Methodology
|
|
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
