Clamp down on security leaks

For analysts, Vericept has some of the better query functions. These functions allowed me to search by one or more categories and then hone in on activity for a specific workstation. To create presentation-quality reports or perform deeper data mining, you need separate software. Vericept has nine Crystal Report templates, which I used with Crystal Report, a third-party application, to build charts and summarized tables.

Free IT resource Virtualization Insights from Top Experts - Learn how virtualization gets real! Sponsored by Dell Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Return to special report DOWNLOAD PDF Click here to download InfoWorld's special report Leakproof your data

As noted, Vericept is more attuned to spotting trends than to generating immediate alerts on every troublesome message. Viewed in this context, the software meets its design goals. In this part of testing, I distributed the task of reviewing certain events by creating Workflow Policies and Rules. I assigned an HR user to manage activities such as shopping and game playing under Acceptable Use policies; a security group employee was responsible for nonpublic personal information such as Social Security numbers.

On a set schedule (typically each hour), reviewers receive activity reports about their specific compliance area. After scanning the summaries, auditors can annotate events, reassign the case (even to those who are not Vericept users), or download event details to their workstation.

In Version 7.1, reviewers can now free-form search the metadata fields. I successfully searched Web mail traffic on a particular network subnet for messages containing a particular person’s name.

Vericept’s Intelligent Protection Platform 7.1 accurately scans all forms of Internet traffic using predefined categories. It also offers easy rule customization. The system correctly noted both structured and unstructured proprietary data on the network.

Moreover, it traces this data back to a user, user name, workstation, or IP address. Users in responsible departments received alerts and reports, enabling them to manage problem communications without much effort. If you need categories that address specific compliance legislation or blocking, Vericept isn’t best. But for discovering inside threats before they grow into serious compliance problems, Vericept gets the job done right.

Vontu 4.0
Vontu 4.0 is a feature-rich data-loss-prevention solution that meets or exceeds each of my test requirements. It accurately monitors all network traffic; selectively stops confidential data from going outside an enterprise; is easy to manage with role-based access, even in large deployments; and provides multiple levels of reports to identify risks and demonstrate corporate and regulatory compliance.

Setting up and configuring the Vontu Manager server, network-inspection Monitors, and inline Prevent component (which directs MTAs to block, reroute, or quarantine messages based on content), should take about half a day.

Vontu 4.0’s Policy Authoring contributed greatly to this short setup cycle. I used some of 50 prebuilt templates (including regulatory enforcement, customer data protection, IP, and acceptable use) as the formula for my custom policies. For instance, it was a snap tuning the Gramm-Leach-Bliley template to look for an exact match of Social Security numbers contained in a customer database, to block e-mail containing numerous violations, and to create an autoresponse notification for less-serious infractions. Just as important, I had Vontu 4.0 regularly scan my database for updates; this helped ensure 100 percent accurate detection of structured data.

Similarly, the clear-cut process enabled me to create from scratch a policy to protect source code based on data matches, sender, recipient, geographical location, and other parameters.