You can also employ an API that integrates alerts with other security-event management systems. This might be helpful when
a virus is transmitted, so a response can be coordinated with other security people and applications. Security executives
can measure and reduce risk using company-level customized dashboards. These allowed me to identify and reduce security risks
by efficiently grouping violations by department or individual.
Because Tablus emphasizes structured data analysis, Content Alarm is a fine solution for protecting against the loss of personal
identification information and for monitoring against ID theft. Automated content classification should reduce management
costs. However, detection is only a partial answer to data leaks. For enterprises wanting to go beyond finding problems and
plugging holes, an upcoming upgrade (currently in beta) adds blocking. Alternatively, you can complement Content Alarm NW
with the agent-based Content Alarm DT or a similar tool.
Vericept Intelligent Protection Platform 7.1
Vericept’s software watches all inbound and outbound Internet traffic for content that falls outside of your acceptable-use
policies. Data passes through an analysis engine, which stores and reports on out-of-bounds communications. This system differs
from other products: Vericept looks for broad inappropriate behavior by users, such as conflict-of-interest messages or communications
that indicate a disgruntled employee. Based on these patterns, you can use positive evidence to stop abusive and criminal
behavior. Custom categories for corporate compliance (including compliance with HIPAA, SB 1386, and Sarbanes-Oxley) are weak,
but Vericept plans to add this and other functions later this year.
Vericept 7.1 maintains the product’s ease of use. It worked well out of the box, evaluating my entire test network’s traffic
without requiring me to create special policies. Moreover, business users should have no trouble accessing a number of key
features, including customized monitoring, which enhances accuracy.
The new Category Builder helped me tune several of the 61 Vericept-supplied categories (such as codes of conduct and acceptable
use); I specified a range of source and destination IP addresses to watch for. I also specified specific data — credit card
numbers, for example — to watch for.
Vericept can’t automatically register content, such as information in a database, for observation, yet several other functions
have worth. The Social Security number category now uses information from the Social Security Administration to determine
if a number is valid. Furthermore, I manually created custom categories with text related to names of confidential projects.
After establishing the basic monitoring rules, I further tweaked each category by determining when monitoring happened; this
lessened false positives. For instance, I permitted Internet shopping after business hours.
Vericept combines multiple inspection engines, which have complementary analysis techniques. These probed all my unencrypted
TCP/IP traffic and correctly identified harmful content, including material used in Telnet sessions, bulletin board postings,
chat rooms, and peer-to-peer file sharing. Vericept can’t open encrypted IM or SSL Web traffic, but the software can detect
their use. This gives you some insight into potential use of rogue encryption.
This solution locally saves extensive metadata about noted incidents (approximately a year of workday monitoring) and has
administration commands for archiving collected events on external storage devices for more extensive historical analysis.
For my tests I examined several weeks of captured activity using the four types of reports available from the Web user interface
(Event Query, Event Summary, Event Search, and Most Recent Events). Most Recent Events showed a list of current bad messages,
with links for drilling down to details about the event. Executives using Vericept can view threat summaries, as they can
when using Vericept’s competitors.
iLumin Assentor Compliance 3.3
iLumin Software Services, ilumin.com
|
 Good 7.8 |
|
| criteria |
score |
weight |
| Ease-of-use |
8 |
20% |
 |
| Features |
8 |
20% |
|
| Performance |
7 |
20% |
|
| Reliability |
8 |
20% |
|
| Scalability |
8 |
10% |
|
| Value |
8 |
10% |
|
|
|
Cost:
Basic Mailbox Management begins at $15 per mailbox
Platforms:
Microsoft Windows 2000 Server or Windows Server 2003
Bottom Line:
Assentor Compliance scans and archives messages, and helps ensure e-mail follows corporate and regulatory requirements. It
works well with all e-mail platforms, plus it supports IM, Bloomberg, and BondDesk. The UI isn’t pretty, but admins can use
it to quickly adjust message-retention length and other characteristics such as keywords to watch.
|
|
About our Reviews and Scoring Methodology
|
|
Reconnex iGuard 3300, Version 1.4
Reconnex, reconnex.com
|
| Excellent 8.9 |
|
| criteria |
score |
weight |
| Ease-of-use |
9 |
20% |
|
| Features |
9 |
20% |
|
| Performance |
9 |
20% |
|
| Reliability |
9 |
20% |
|
| Scalability |
9 |
10% |
|
| Value |
8 |
10% |
|
|
|
Cost:
$70,000
Platforms:
Proprietary appliances
Bottom Line:
iGuard analyzes multiple protocols and content types at network speeds, giving immediate views to insider threats. Users easily
create customizable rules for message monitoring, capture, storage, and data mining. Examiners receive notifications of violations
and effortlessly view the actual content. This system is notable for saving all communications.
|
|
About our Reviews and Scoring Methodology
|
|
Tablus Content Alarm NW 2.1
Tablus, tablus.com
|
| Very Good 8.4 |
|
| criteria |
score |
weight |
| Ease-of-use |
8 |
20% |
|
| Features |
8 |
20% |
|
| Performance |
8 |
20% |
|
| Reliability |
9 |
20% |
|
| Scalability |
9 |
10% |
|
| Value |
9 |
10% |
|
|
|
Cost:
Starts at $25,000
Platforms:
Hardened Linux appliances
Bottom Line:
Content Alarm’s distributed, scalable architecture is especially appropriate for global enterprises. A combination of linguistics
analysis, keywords, and signatures initially discover the damaging data. File crawlers accurately classify information and
manage documents through their lifecycle. An encrypted audit log maintains message details.
|
|
About our Reviews and Scoring Methodology
|
|
Vericept Enterprise Risk Management Platform 7.1
Vericept, vericept.com
|
| Very Good 8.5 |
|
| criteria |
score |
weight |
| Ease-of-use |
9 |
20% |
|
| Features |
8 |
20% |
|
| Performance |
8 |
20% |
|
| Reliability |
9 |
20% |
|
| Scalability |
9 |
10% |
|
| Value |
8 |
10% |
|
|
|
Cost:
Ranges from less than $3,000 to $1,000,000, depending on implementation, number of users, and modules
Platforms:
Appliance or licensed application running under Red Hat Enterprise Linux 3.0
Bottom Line:
Vericept’s monitoring, reporting, and inquiry tools help spot general data-leak problems; reports verify compliance. Flexibility
is strong, with time-based inspection of inbound and outbound traffic and automatic routing of problematic messages to designated
auditors, but messages aren’t blocked. Managers can either use built-in categories or customize rules.
|
|
About our Reviews and Scoring Methodology
|
|
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
