PortAuthority, Tablus plug data leaks in enterprise communications
Both in their fourth version, these data leak tools monitor communications in real time to keep sensitive data in-house
I fine-tuned my custom policies by specifying communications protocols to monitor users that would not trigger the policy, and the action to take when the policy was breached. Depending on the event severity, I either delivered content to authorized recipients or quarantined suspicious messages; in all cases an audit trail was generated to demonstrate compliance.
PortAuthority’s solution matched the accuracy of the other data leak products I’ve tested. Keyword, lexicon, and advanced regular expression algorithms caught confidential text in e-mail and Web mail according to policies I set. False positives were insignificant; for instance, PortAuthority properly distinguished between nine-digit telephone numbers and Social Security numbers. As a bonus, the system performs real-time scans of 300 file formats, including CAD files and graphics, and will identify sensitive data in nested compressed files.
In addition to this fine performance, PortAuthority stands out in the detection and identification area. Often, registered documents that are not transmitted intact will fail to be detected by a data-leak solution. PortAuthority’s fingerprinting, however, correctly sensed when I pasted part of a restricted Word document into an e-mail.
When sensitive communication is spotted, PortAuthority generates an instant notification according to policy settings. Analysts view violations from a Web interface over a secure connection. From the initial executive summary view, I drilled down to view event details. Messages can be tagged for further investigation.
I found this process time-consuming because essential information about a breach was spread over many pages. Likewise, built-in workflow functions (for example, routing a violation to another analyst) are minimal. This limitation makes PortAuthority somewhat more difficult to use when investigating and resolving security incidents.
Reporting, though, is reasonable. I could customize predefined reports (such as sorting events by destination or protected content) and generate unique reports on the fly. Reports can also be scheduled and then converted to Acrobat PDF format. I like the way reports tie into a forensic module, so I could link from one event and review logs for related incidents.
Tablus Content Alarm NW 4
Content Alarm NW 4 significantly expands the type of data enterprises can protect and improves usability. With a single click, you can select and implement a prebuilt policy for all the major risk and compliance areas. Workflow is better, with automatic violation remediation, and NW 4 crawls and fingerprints information in databases, file systems, and EMC Documentum repositories, as well as encrypts sensitive information.
I tested Tablus’ central Controller server plus one Sensor, the companion server that passively monitors network traffic. Sensors plug in to your network at exit points and automatically register with the controller, making this solution well-suited for large, geographically diverse organizations. You can also configure an Interceptor SMTP proxy to block, quarantine, or encrypt sensitive e-mail traffic.
NW 4’s tabbed Web interface is highly organized and consolidates functions (such as data crawling) that previously required separate apps. In the Policy area, it takes just a few seconds to select policies from the library. You can create unique policies for countries or regions, too.