GCN LAB REVIEWS
Stop agency data leakage in its tracks
- By Greg Crowe
- Feb 27, 2012
Many network administrators would like to imagine that most of the threats to their organization’s data come from the outside. They daydream about a league of technological ninjas that can only be stopped by the IT staff’s superior computing skills and an array of Batman-esque paraphernalia.
Unfortunately, the hard truth is that the greatest threat of data loss normally comes from inside the house. What happens is that someone needs to work on a confidential document at home, and, to save time, e-mails the file to his or her personal account. There are many such opportunities for your own users to do more damage than an entire horde of techno ninjas.
BeyondTrust has been protecting against data loss for almost 30 years. One of the many tools it provides is PowerBroker Desktops DLP, which prevents unwarranted data from leaving a single computer.
PowerBroker Desktops DLP
Pros: Once up and running, rules are enforced automatically.
Cons: Setup is a few extra steps; rule writing can get complicated.
Ease of Use: B
Price: $64 per user at 500-999 users; call for other price levels.
M86 Secure Web Gateway v10.0 aims to prevent more WikiLeaks
We found PowerBroker to be easy enough to install on our Windows 7 test system. We downloaded two “.msi” files that needed to be run in succession — one for the program and one for the snap-in. After a reboot, we launched the snap-in manually through the “Run” dialog. This opened the Local Group Policy Editor, which controls what types of information are passed to the different types of computers that may connect to the local machine.
The interface of the Policy Editor was very intuitive. There is a graphical layout that shows the content sources, how they are tracked, and which policies govern them. Content sources could be defined by file type, context, and specific patterns of data such as credit card numbers. There is a huge section that allows control over database sources by login or specific SQL query.
Follow the data
Once the sources are defined, the data flow policies were next. For this there was a wizard that took us through the steps of choosing the type of content operation (file transfer, modification, etc.) and where the data was going. Then we chose the user group the rule was supposed to apply to and finally which actions were supposed to be taken when the rule is activated.
Once the rules were in place, PowerBroker was then completely in charge. Any attempts we made to move actionable data was met with refusal and a notification via e-mail (as this was the way we set up that rule). As long as the rules were constructed properly, it was impossible to get past their enforcement.
Of course this means that the rules need to be constructed correctly, which might take some doing. Fortunately the wizard helps out quite a bit, with drop-down menus and forms that aid in detailing a rule’s properties. It’s still a lot to think about, and you have to be careful that you don’t leave any loopholes or create conflicting rules during this process.
PowerBroker comes with a set of rather powerful reporting tools. In order to use them, however, the Reporting Server has to be installed on a virtual server that we set up with VMWare on our test computer. Once we got through the installation process, which was actually more involved than for PowerBroker Desktops DLP itself, we could log into it through the Policy Editor tool.
The Dashboard is a colorful display that shows the most recent data leak incidents and threats. We found the ability to see the system’s operational risk assessment with a single glance at a gauge graphic to be very useful. The active profiler was also a good way to find which users might be performing more dangerous activities that could lead to data leakage. Since any computers running PowerBroker Desktops can be set to report to the same reporting server, all of their information is combined in one place.
BeyondTrust is retailing PowerBroker Desktops DLP for $64 per user for 500-999 users. We found this price acceptable for this number of installations, considering the value of the data it is protecting. Those who need to protect a higher or lower number of computers can call BeyondTrust to get pricing. They offer free trials of all of their software if you want to try it out for yourself.
PowerBroker Desktops DLP is a powerful way to stop data leakage in its tracks, something every federal agency should be striving to do. It’s not too difficult to set up, and it is being sold for a very reasonable price.