Sophos has added data-loss prevention capabilities to its desktop anti-malware software, the security firm says, promising gateway-based DLP in the future as well.
Endpoint Security and Data Protection 9 combines a fully-integrated desktop agent for DLP and malware protection in a single product. Rainer Gawlick, chief marketing officer for Sophos, says the desktop DLP technology is designed to monitor for sensitive content a user might transmit via e-mail, Web uploads, USB sticks or DVDs, and block it if need be. “We’re using the existing agent to scan malware and for confidential information,” he says, noting for existing Sophos endpoint-security customers, the DLP technology is a free upgrade.
Many DLP systems cost hundreds of thousands of dollars; however Sophos doesn’t claim the DLP functionality it packed into Endpoint Security and Data Protection 9 is the same found in high-end endpoint/gateway DLP products.
For instance, the Sophos product doesn’t have a DLP discovery tool, and it basically works by focusing on personally-identifiable data such as credit-card and driver’s license numbers. But it allows for the creation of customized rules in order to identify and catch file data through discrete triggers, such as project codes, that could be added to documents as identifiers.
“There’s pressure increasing on customers every day to protect data,” Gawlick says. “What we’re doing is making DLP implementable. DLP is a scanning problem. We’re using the existing agent to scan for malware and scan for confidential information.”
Some organizations may find they do need more sophisticated DLP, Gawlick says, but others may find what Sophos has come up with to be “practical DLP” that makes it hard for people to violate content-protection policies.
John Raymond, IT security manager at Sacramento-based SAFE Credit Union, has long used Sophos anti-malware software in his organization, and for the past two months has been beta-testing the DLP features in Endpoint Security and Data Protection 9.
The single-agent DLP/anti-malware software from Sophos appears to have less of a software footprint and uses less CPU resources than having a separate DLP and anti-malware agent, he says. Raymond had been using another standalone DLP product he declined to name, noting there had been minor interference at times among separate agent software.
While the other DLP agent made use of a type of fingerprinting technology that might be more accurate than the Sophos DLP, so far it appears that the Sophos technology is going to be sufficient to protect sensitive customer data. “I think it’s going to be accurate enough for what we need,” Raymond says, adding that the firm also has other gateway means to monitor for unauthorized transmissions.
According to Gawlick, Sophos DLP on the desktop can be used to block, allow or notify a user of violations of policy.
“You can use it to simply warn the user,” Gawlick says, by telling them if the file is sent, that transmission will be logged into the management console. Administrators can be kept apprised of DLP actions via the same management console used to watch for malware events.