Content Alarm 1.1

Content Alarm 1.1
Tablus
Price: Starts at $30,000

Information is the fuel of enterprises, and nearly every bit of that information-sensitive, restrictive and unclassified-is passed over network pipes. The last things enterprises want are copies of their product designs, formulas, financial statements or marketing plans digitally leaked-intentionally or accidentally.

Tablus' Content Alarm doesn't seal data leaks, but it does let security managers know when someone, or something, is trying to pass restricted data through the network perimeter. Rather than just using keyword matching to find sensitive data in e-mails and attachments, Content Alarm's scanning engine and proprietary linguistics algorithm inspects all network traffic.

Tablus won't disclose the nuts and bolts of how Content Alarm works, but our tests found it quite effective at detecting portions of sensitive documents that had been "cut and pasted." Rewritten documents that still contained sensitive data weren't overlooked, either. Content Alarm scrutinizes numerous protocols and data transmissions, including HTTP and FTP.

More Information Learn how to secure the network perimeter Learn factors to consider when evaluating and selecting enterprise e-mail security products

Content Alarm is a reactive system. Even with its strong detection capabilities, it can't block unauthorized data transmissions. It merely reports data leaks after the fact. Real and suspected infractions instantly trigger notification via SNMP or e-mail.

Content Alarm is fairly easy to set up and administer and doesn't require extensive technical knowledge. Security managers will need a firm understanding of their enterprise's data security policies and classifications. Monitoring policies can be extremely detailed and can range from "detect all financial data" to "flag e-mails containing financial data not coming from the accounting department." Equally granular is Content Alarm's ability to determine exempted data based on destination, protocol, sender, etc. For instance, you can set a policy that flags the transmission of financial data and Social Security numbers, except for the CFO and certain members of the accounting group.

Content Alarm continually scans network traffic, updating itself when files are added or changed. Security managers can use the management console to audit logs for compliance and trend information.

With this seemingly intense inspection, you might expect a performance hit. Content Alarm is a passive, out-of-band solution that has no impact on network traffic throughput.

One drawback is that Content Alarm can't inspect encrypted traffic. Tablus acknowledges this limitation, but dismisses the issue, estimating that less than 2 percent of network traffic is encrypted. While this may be true, it provides a loophole that a knowledgeable insider could exploit. Further, most Web-based e-mail systems are accessible via SSL, and enterprises are expanding their use of SSL VPNs to access backend applications and databases.

For enterprises concerned about the security of proprietary and classified information, Content Alarm is excellent at spotting plaintext leaks, albeit it at a pretty steep price compared to competitors who offer blocking functionality as well.

About the Author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.

This review orginally appeared in Information Security magazine.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Security Buyer's Guide Keystroke dynamics makes BioPassword Internet Edition a viable authentication option Access security with KoolSpan's SecurEdge NetChk Protect 5.5 Biometrics: Best practices, future trends 2006 Products of the Year: Emerging Technologies Secure Sphere 2.0 Scan & Deliver: SLAs force service providers and outsources to hit the mark ... or hit the road Secure remote access: SSH Tectia Manager Spycatcher Enterprise 3.2 Configuresoft's Enterprise Configuration Manager v4.7 Email Security Appliances Trend Micro joins growing email encryption market Code Green enters consolidated DLP Market Small email security vendors thrive in saturated market Tumbleweed merger seen as a negative for email security customers Companies still monitoring email manually, survey finds Trend Micro aims Message Archiver at midmarket Are challenge-response technologies the best way to stop spam? Most antispam technologies get failing grade Security vendor Postini acquired by Google How vulnerable are document scanners and other 'scan to email' appliances? Enterprise Data Protection Microsoft to embed data classification, strengthen ties with DLP Is a lack of employee privacy a HIPAA violation if the employee files Medicare claims? TrueCrypt an open source laptop encryption choice for SMBs Layoffs, Mergers Put Focus on Data Protection Product Review: GuardianEdge Data Protection Platform Managed file transfer a secure way to keep data moving How to create a data security policy to avoid disgruntled employee data leaks Seagate hardware-based disk encryption could gain traction Workstation hard drive encryption: Overdue or overkill? Symantec melds DLP, archiving into information risk management RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Defense Message System  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.