Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Occasionally we see a product that anticipates all of our questions and offers the right answers and solutions to all of the challenges that we had ready to throw at it. It doesn't happen often, but it certainly happened in this case. The Trustwave DLP is, hands down, the best-thought-out DLP product we have seen. This tool is available either as a hardware or software appliance. The hardware version has a nice twist on the installation challenges we have seen from appliances in the past: forcing the administrator to install into the network from the command line. With this product, one tells Trustwave about the IP addressing, and the appliance comes preconfigured. Once racked up, the admin connects the network cables and powers it up. The appliance does the rest. This was typical of the thoughtfulness we observed in the design and implementation of the solution. Once in the network, the admin can move on to the web user interface. Where other DLP devices - as well as many other types of policy-driven tools - talk in terms of policies, the Trustwave product refers to these as "categories." Policies, in Trustwave-speak, are the actions that one can take when a category is violated. There are more than 70 out-of-the-box categories ready to go as is, or one can edit them easily into new categories. Likewise, it is quite straightforward to create new categories. Categories are adjustable as well. That means that one can set the sensitivity and regulate, to some degree, such things as false positives. The types of characteristics that can be edited in a category include content, protocol, IP address range(s) and email. The whole create/edit process is simple point-and-click. Violations of categories can be sent to either a Trustwave or Arcsight SIEM for further processing and correlation. The DLP monitors all ports and protocols by default, so if a violation occurs on a non-standard port - 8080 for the web, for example - it will be caught. When a violation is captured, a detailed analysis can ensue. Web events capture both the username and the machine name. Administration is straightforward, and the administrator can change/add/delete users, roles and permissions quickly and easily. Most administration is conducted through simple mouse clicks in check boxes. An important feature of DLP products is workflow, and Trustwave doesn't skimp here either. The workflow system is a full case management tool complete with unique assignments to individuals tasked with investigating and clearing the applicable type of violation. This allows a lot of flexibility. One area that some DLP products have difficulty with is file attachments. It is not always intuitive as to what file type is attached to an email. Often, obscure file types surface, and some DLP tools cannot identify them. The Trustwave DLP can decode about 700 file types. It also uses the actual computing algorithms for such things as credit card numbers. That means that a number that appears to be something innocuous - but, in reality is a credit card number - will be identified. There are, therefore, few false positives that surface when identifying numbers with a special calculation because the tools verifies the calculation, not just the format. Another useful feature is the capability to understand foreign languages. Trustwave has linguists on its team, so if a language other than English or Spanish is required, the company likely has the support needed. We were especially impressed by the neat arrangement of the dashboard. Drill-downs are intuitive, and there is a lot of summary information easily available. Reporting is comprehensive and covers most regulatory requirements. Graphics are clear and appropriate, and there are 30 to 40 premade reports available out of the box. However, creating new reports is simple, so the richness of functionality is a big plus. Because the product provides sound correlation capabilities, violations can be grouped and timelines established. Thus, Trustwave DLP becomes a first-rate investigative tool. Support is available and, like other similar products, there is no free public assistance. However, the comprehensive documentation, ease of use, and intuitive setup and configuration make this a far less daunting problem than we have seen with other products. With a price that starts at a mere $10,000, the Trustwave DLP is an excellent value, especially when the overall cost of ownership is considered.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.