Defining the Market

Where can data loss prevention technology make sense for your company? When defining your long-term risk management strategy. But don't take vendor and analyst words for it: Hear it from the head of risk management at ING U.S. Financial Services.

Defining the Market
One of the most paramount challenges may very well be defining DLP to the buyers at large. Mogul claims that the DLP field is one of the most confusing among all types of security products for buyers to figure out. Part of that is attributed to the category’s name, which has at once been described as data loss prevention, data leak protection, information loss prevention, extrusion prevention and content monitoring and filtering. The DLP moniker that most analysts settled on a few years ago has been co-opted by vendors who sell in this space still leaves much to be desired because it can easily be used by any solution with any modicum of properties that protect data.

“What we are seeing now is that everyone is calling their solution DLP or extrusion prevention—everything from encryption to the actual real DLP solution and I think that’s going to create enough confusion that its going to be one of the limiting factors in the market,”  Mogull said. “It’s clearly solving the problem in a different way and I think lumping it all together doesn't help anybody.”  

Many pure-play DLP players have expressed frustration over this confusion, even if it is a bit of a compliment to their marketing departments.

 “I think there is confusion in some cases because everybody and their brother claims that they’ve got some sort of DLP capabilities,” said John Peters, CEO of the DLP company Reconnex. “It’s a hot buzzword so you want to attach it to your product and that’s where some of the confusion comes in. You know, if I’ve got an email product and it can do a keyword look up, is that DLP?  If I’ve got an intrusion detection system and I can look for credit card numbers is that a DLP?”

According to Mogul, in order to be considered true DLP a product must be based on central policies that identify, monitor and protect data at rest, in motion and in use through deep content analysis. Peters believes that it is the action of analysis across those three channels, scanning stored data through content discovery, protecting data in use on the endpoint and protecting data in motion across the network, that really differentiates DLP products from the wannabes. Once the category is whittled down to those set of qualities, the field becomes much more manageable to wade through, he says.

“You need a solution in all three of those domains with a central management system that covers them and there’s only a few of us that offer that full set of capabilities,” Peters said. “What we find in the marketplace is that we're almost always competing at the end of the day with the same one or two vendors in the final bake off.”

Steve Roop of Vontu echoed Peters’ definition of a DLP, emphasizing that the benefit comes by way of its unity in policy enforcement, something that cobbling products together cannot offer.

“You don't have to different policies or rules—one for network, one for storage and one for endpoint,” said Roop, who is vice president of marketing and products for Symantec’s Vontu division. “For all three of those threats being able to have a single incident response console where you can remediate all of those threats is what buyers want.”

This is key if a user, say, copies sensitive data to a USB device and then maybe ten minutes later mails off 70 files off of her laptop to her Web mail ten minutes later, and then ten minutes after that she burns several Gigs of data onto a CD-ROM.

“When you see all these things together in incident response you get a full picture of the types of data loss threats and whether or not you've got and innocent employee doing careless things or a malicious employee that you need to investigate,” Roop said. “When you see those incidents happen together you get the full picture, something some of our customers like to call a ‘single pane of glass’ looking into their data activity.”