Picking a data leak prevention (DLP) solution used to be fairly easy -- it all depended on what you needed to protect. One solution might best handle data in motion (such as e-mail), while another used agents to sniff out sensitive data in use on desktop systems and laptops. And yet others guarded intellectual property resting in data repositories. Now the major solutions -- Vontu, Websense (formerly PortAuthori Picking a data leak prevention (DLP) solution used to be fairly easy — it all depended on what you needed to protect. One solution might best handle data in motion (such as e-mail), while another used agents to sniff out sensitive data in use on desktop systems and laptops. And yet others guarded intellectual property resting in data repositories. Now the major solutions — Vontu, Websense (formerly PortAuthority), Tablus, and Reconnex (click for reviews) — cover all three situations, and their protection is darn good. I’ve been investigating the key differences among these solutions today and have narrowed it to three areas: usability for security staff performing investigations; quick ways to fine tune rules so that more types of malicious activity are caught, yet false positives are reduced; and the ability to review past communications that may have originally appeared benign. The forthcoming Reconnex 7 appears to have a solid grip on each area.First, version 7.0 introduces a new user interface, the inSight Web console (see above). The redesigned dashboard now shows security violations based on an investigator’s role. Role-based access means that human resources personnel can no longer see incidents covering financial disclosure, for instance. Moreover, Reconnex helps you quickly make sense of what could be a lot of activity. For example, you can group results by rules (such as offensive language or communications to a particular country), and then filter each grouping by sender, time, department, or other parameters. Next, workflow is better integrated with these reports, so less time should be needed to remediate problems. Clicking on an incident in the dashboard immediately takes you to a details screen containing destination, suspect content, and protocol (see screen image above). Yet Reconnex 7 is different from other products because you may collect what might initially seem like unrelated incidents and bundle them as a new case. Other solutions typically turn each possible security breach into a unique case, making it more difficult to connect the dots.The other main difference with Reconnex is that the iGuard Appliance continues to capture all communications. Here’s where that comes into play in version 7. Say you spot a new incident where an employee tries to send confidential information to a competitor. You could do a historical search to find what else the employee might have done, perhaps sending files to a Yahoo! e-mail address owned by another competitor — transmissions that weren’t initially flagged because there were no rules at the time. In Reconnex 7, these new findings are then added to the existing case, making it much stronger if you must take disciplinary or legal action. This version, the company tells me, will also have new methods of indexing to make searches much faster.Admittedly, a solution’s detection methods should be robust enough to catch data leaks without writing specific rules. The previous example notwithstanding, I’ve found that Reconnex’s algorithms generally don’t require adjustments to spot at-risk information. Still, there will always be special cases, such as registering a unique file type your organization uses. This process usually entails hit-or-miss experiments using real-time communications. Reconnex 7 will let you test changes against your historical data; this should help ensure that rules work properly the first time they’re applied to live traffic. The bar is set high for these products as insider data leaks (intentional or not) and breaches of private data and intellectual property continue to make headlines. Reconnex 7 appears to clear the bar in usability and data protection. Further, its forensic capabilities and excellent value set the mark even higher in these two areas for competitors. Reconnex 7.0 Availability: October 2007 Pricing: Starts at $34,995 Verdict: Reconnex 7.0 doesn’t make any startling changes to the iGuard hardware. However, the core inSight centralized management application gets a re-architected user interface that reduces time to act on any possible data leak violations. Workflow is smarter in this version, and role-based access limits what investigators can see, protecting employee privacy. And because the solution captures all communications, enterprises can perform more effective investigations — and more quickly create and adjust rules. Technology Industry