Checklist to Evaluate a DLP Provider

The Data Leak Prevention Project was rolled out in Lanco Infratech Ltd

  • To protect its proprietary assets and business data against any loss or leakage
  • To meet regulatory requirements as per the segment of industry.
  • To increase awareness amongst the employees by publishing the incidents and policy violation cases across the group
  • To help in establishing evidences of intentional breaches to initiate disciplinary cases.

(Read more:  Top 5 Application Security Technology Trends)
  

Check-list for Evaluation:

Policy Definition

  • Policy Wizard to enable predefined policy templates based on Geography and Industry
  • Ability to define policy owners for each policy
  • Policy should allow administrators to run different external command for different policy violations
  • Ability to enforce fingerprint policies when the endpoint is disconnected from corporate network
  • Ability to allow administrators to define applications or application groups that can have access to sensitive data

 

Database Fingerprinting

  • Fingerprint databases using ODBC or equivalent protocol
  • Ability to create multiple rules which correlates different fields within a database with options for different threshold for different rules
  • Fingerprint specific tables from a database
  • Fingerprint specific fields from a table

Directory/file fingerprinting

  • Ability to ignore information(Organization boiler plates, confidentiality Notice etc) from fingerprinting in files
  • Ability to schedule the task for ignoring information from fingerprinting

Discovery

  • Options to provide agentless discovery on databases, file servers, SharePoint portal exchange mailboxes etc
  • Ability to control the bandwidth used for discovery
  • Ability to maintain the original file access time stamps while performing the discovery

Destination Awareness over Web

  • Create policies based on URL categories
  • Real Time User Identification

(Read more:  5 easy ways to build your personal brand !)

SSL Decryption

  • Ability to natively decrypt SSL sessions and inspect content sent over SSL(HTTPS).
  • Hardware required for SSL decryption
  • Unified Management

Custom pattern creation

  • Ability to create custom patterns based on organization/data owner needs

Notification

  • Options to send different notification templates for different policies
  • Notification to the policy owner should be possible in the policy by adding the email address of the policy owner
  • Options to notify administrators, policy owners, senders and sender's manager

Management & Reporting

  • Options to view incidents by setting different filters
  • Options to report sensitive information sent to multiple recipients in a single mail as a single incident

 

Workflow management

  • Ability to quarantine sensitive emails and notify the sender's manager, policy owner and give them permissions to release the email from the system if its approved or required by business.
  • Ability to escalate an incident to a person who is defined in the workflow process
  • Ability to integrate automatically with DRM and encryption software
  • Ability to not allow incident managers or administrators to delete an incident

Deployment Options

  • Capabilities to integrate with ISA proxy by installing an agent on ISA
  • Options for SSL Decryption to monitor leaks over HTTPS
  • Options to monitor printing on Network printers
  • Options to monitor internal mail traffic

 

Hardware required

  • Number of hardware required to deploy DLP at HOV
  • Additional hardware for SSL Decryption

 

Support Capabilities

  • 24x7 support
  • Trained partners
  • Training

-With KK Chaudhary, Lanco Infratech Ltd on How To Evaluate a DLP Vendor ClickToTweet

What are some other factors you use to evaluate a DLP solution vendor ? Share your thoughts in the comments below.

(Read more:  How the Heartbleed bug was found by Antti Karjalainen - discoverer ...)

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)