PortAuthority, Tablus plug data leaks in enterprise communications
Both in their fourth version, these data leak tools monitor communications in real time to keep sensitive data in-house
Data leaks that lead to devastating identify theft -- and costly consequences for business -- have reached epidemic proportions. In addition to the financial burden to enterprises (which The Ponemon Institute estimates to be between $5 million and $14 million per incident), the U.S. government recently raised the stakes by forming an identity theft task force.
No matter what this group ultimately recommends, one thing is clear: Organizations will be held even more accountable for protecting data they collect and use.
Fortunately, data theft prevention solutions are improving. The latest offerings from PortAuthority and Tablus, for example, boost their detection accuracy and provide policy customization. Both these network gateways monitor many communications channels for information that shouldn’t be transmitted outside an organization and will block or encrypt traffic according to your policies. Tablus Content Alarm NW 4 is easier to use and stacks up well against the products reviewed in January, whereas PortAuthority 4.0 integrates with existing enterprise HTTP proxies and workflow apps but has some analysis quirks.
PortAuthority monitors outbound communications in key protocols (including e-mail, FTP, and instant messaging) then blocks unauthorized dissemination of information according to very granular policies. For better precision, version 4.0 fingerprints information in file systems and ODBC-compliant databases.
Version 4.0 also adds ICAP (Internet Content Adaptation Protocol) support; as such, you can integrate PortAuthority with ICAP proxies (such as Blue Coat, Cisco, and Network Appliance) to protect Web mail communications and SSL traffic. And, PortAuthority now protects network printing.
PortAuthority’s architecture, much like Tablus’, includes a management appliance (which handles policy setup, enforcement, and data fingerprinting) along with monitoring appliances placed around your network. These ICAP edge servers can be configured in monitoring or blocking mode. Although organizations often start out monitoring traffic patterns to learn which policies to implement, blocking suspicious communications is the most desirable feature to stop information leaks.
Other improvements in PortAuthority 4.0 include more granular policy management and new reports that show auditors how your organization complies with regulations.
Customizing the Windows Server 2003-based PortAuthority Management Appliance for my network required just a few minutes; the same was true for the ICAP monitor. Then -- either at the management server console or thick client -- you configure and control the environment. I’d prefer a browser interface here, for better usability and convenience, but this design is workable.
Right-clicking on the Policy section of the management tree enables various predefined policies. These scan for violations in a solid range of regulatory compliance and personal information areas, from GLBA, HIPAA, and Check 21 to Sarbanes-Oxley. Policies then automatically deploy to the monitors.
PortAuthority includes a wizard for creating customized policies. To do so, I registered content by having PortAuthority scan various file shares -- a fast process called PreciseID Fingerprinting. The system’s impressive speed extends to registering information in databases: it processed one million records in about 10 minutes.