PortAuthority, Tablus plug data leaks in enterprise communications
Both in their fourth version, these data leak tools monitor communications in real time to keep sensitive data in-house
I had no trouble editing policies to include crawled content from network file shares along with a Microsoft SQL database of employee salary listings and Social Security numbers. Tablus also employs keyword analysis, pattern matching, attribute analysis (such as file size or type), and linguistic analysis to see whether data is derived from protected documents. In my tests, I received no false positive reports, and none of the approximately 1,000 sensitive documents I transmitted slipped through undetected.
During the policy setup, I determined the severity of violations. Based on those levels, I could choose whether to simply notify the sender of a problem or take extended action. If you have Interceptors running, other automatic actions include message blocking or quarantine. Content Alarm also integrates with existing enterprise encryption solutions, including PGP’s Universal Series.
When violations are submitted to a workflow, the management console’s Incident Manager sorts events by severity. This helped me find and work on the most critical violations first.
Selecting an incident in NW 4 now provides all the details on one page, which greatly aids in the resolution process. For instance, NW4 highlights data in the transmission that triggered the alert and which policies were violated. You can then open file attachments, change the severity, progress the incident through the workflow, or immediately resolve the problem.
Content Alarm’s IRiS (Information at Risk Snapshot) view provides an executive dashboard that lists incidents by policy violation and top offenders, and charts various trends. Although permissioning isn’t quite as granular as Vontu, Tablus should be adequate for meeting international laws that protect personal employee data.
NW 4 ships with a collection of pre-defined reports ranging from high-level summaries to detailed protocol statistics. These are beneficial when enterprises must demonstrate compliance -- or security executives want metrics that show the effectiveness of security programs. In the Report Manager, I also quickly customized several of the underlying report templates to chart different statistics.
Good preventive measures
Tablus Content Alarm has evolved nicely from when I first used it several years ago. NW 4’s modern Web interface simplifies reaching reports and investigating incidents. Policies are very complete and easily modified. As a result, security staff are likely to be productive, and the product’s high performance, distributed architecture, and accuracy should also boost productivity.
For businesses with existing HTTP proxies and related systems, PortAuthority’s open architecture is notable; it was easy to deploy and it reliably stopped leaks in my tests. Usability and built-in workflow could stand improvement, and when installed as a stand-alone solution, PortAuthority’s forensic analysis suffers a bit. The system does have ICAP support, however, enabling enterprises to integrate PortAuthority with existing systems more easily.