Escolar Documentos
Profissional Documentos
Cultura Documentos
Execut i v e S u m mary
In Forrester’s 94-criteria evaluation of data leak prevention (DLP) vendors, we found that Symantec and
Websense led the pack. Both have comprehensive DLP suites with high levels of refinement, ease of use,
and a deep bench of technology partners they can integrate with. McAfee, RSA, and CA Technologies
were very close behind: All bring strong technology and significant technical breadth and depth to their
DLP suites. All five of these products give enterprise security managers sophisticated tools for detecting
and preventing the dissemination of sensitive corporate information. Verdasys has done an admirable
job “skimming off the cream” of the high-end DLP market, focusing on knowledge-intensive intellectual
property opportunities. Fidelis Security Systems, in turn, gives network security managers the tools to
control leaks inside an enterprise’s network. Trend Micro has a lot of work to do before it is competitive
with the Leaders.
© 2010, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available
resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, RoleView, TechRadar,
and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. To
purchase reprints of this document, please email clientsupport@forrester.com. For additional information, go to www.forrester.com.
2 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals
· Financial information. CISOs worry about cardholder data, bank details, insurance
information, and any other account data that could be used for financial fraud. In the United
States, 48 state data breach disclosure statutes legally oblige enterprises to protect consumer
financial information. Financial institutions are also subject to other mandates, such as the US
Federal Trade Commission’s Red Flags Rules.2 Payment Card Industry Data Security Standard
(PCI DSS) is a key driver, too: Although PCI-DSS is not a statute per se, it’s a contractual
agreement that many enterprises are subject to.3
· Personal health information (PHI). Of concern are insurance account numbers, treatment
details, and medical records. In the US, the Health Insurance Portability and Accountability Act
(HIPAA) and the Health Information Technology for Economic and Clinical Health Act
(HITECH) of the 2009 American Recovery and Reinvestment Act (ARRA) compel healthcare-
covered entities and their business associates to protect nonpublic protected health information.4
· Intellectual property. CISOs worry about a broad class of information from which the enterprise
derives long-term competitive advantage, such as earnings forecasts, product plans, trade secrets,
legal documents, and other confidential data. Although the term “intellectual property” is
commonly used to refer to copyrights, patents, and trade secrets — all three of which have
different legal distinctions — most enterprises seek to protect all of these types equally.
The elevation in importance of data security has, in turn, spurred interest in several security
product categories, notably DLP. The uptick in adoption is impressive considering the overall state
of the security market: flat or slightly up. That makes DLP one of the few budget line items to grow
October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
The Forrester Wave™: Data Leak Prevention Suites, Q4 2010 3
For Security & Risk Professionals
significantly this year. Based on this data and conversations with customers, Forrester believes that
the technology adoption cycle for DLP has moved from the survival phase to the growth phase.
Mainstream customers are now kicking the tires and exploring their options.
Figure 1 Enterprises Plan To Adopt DLP Suites To Protect Their Sensitive Information
Implemented 15%
· DLP suites detect and prevent unwanted dissemination of sensitive information. DLP suites
include those that detect and optionally prevent violations to corporate policies regarding the
use, storage, and transmission of sensitive information. By “sensitive information,” we mean
the four core information types enterprises care about most: financial information, nonpublic
personal information, nonpublic protected health information, and intellectual property.
· DLP suites inspect information intercepted over multiple channels. This includes channels
such as email, HTTP, FTP, file shares, printers, USB/portable media, databases, instant
messaging, and endpoint hard disks. Once the content is intercepted and analyzed, policy
enforcement points at the gateway, server, or endpoint allow the operation to continue, block it,
or protect the content as required by policy. Enforcement decisions are made dynamically based
on whether the inspected content violates handling policies.
© 2010, Forrester Research, Inc. Reproduction Prohibited October 12, 2010 | Updated: October 14, 2010
4 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals
· Not all products used to stop data leaks qualify as DLP. DLP products must be content-aware
rather than merely an authorization tool that grants or denies access to information based on
identity, role, or other rule. For example, device control technologies that block access to USB
ports or CD/ROM are not DLP products. Neither are full-disk or file-based encryption products.
· Strategy. We evaluated how each service provider described its DLP suite and its differentiators,
along with its go-to-market strategy, future vision, key technology partners, and growth plans.
· Market presence. We evaluated the installed base of DLP deployments each vendor has,
along with vendor revenues, sales and team sizes, reseller engagement, and system integrator
partnerships.
· A DLP suite that addresses key requirements for data in motion, in use, and/or at rest.
While not all of the vendors in this Forrester Wave call their products “data leak prevention”
products, all have core features to inspect content and channel traffic, detect violations to
corporate data-handling policies, and provide various options for remediating incidents.
· At least 50 customers. As with the above criteria, we used this limitation to ensure that the
largest Forrester clients could have confidence that these providers had experience with the
challenges that enterprises of this size face today.
October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
The Forrester Wave™: Data Leak Prevention Suites, Q4 2010 5
For Security & Risk Professionals
Product version
Vendor Product(s) evaluated evaluated Version release date
CA Technologies DLP R12 October 2009
At least 50 customers. As with the above criteria, we used this limitation to ensure that the largest
Forrester clients could have confidence that these providers had experience with the challenges that
enterprises of this size face today.
Substantial vendor market presence. Because enterprises tend to shun vendors that lack financial
stability or a proven track record of sales success, Forrester limited the vendors we evaluated to those that
had estimated annual revenues of $20 million or more (for pure-play DLP vendors) or consolidated
revenues of $200 million or more (for those with broader security portfolios than just DLP).
Both strategy and implementation competencies. All of the evaluated firms have the ability to advise
on DLP deployment road maps, standardization best practices, and the mapping of DLP policies to the
data security requirements. Most of the vendors also employ or partner with training and certified
implementation experts across a wide range of DLP practices and specific technologies.
The product version has been released and is generally available prior to June 1, 2010.
© 2010, Forrester Research, Inc. Reproduction Prohibited October 12, 2010 | Updated: October 14, 2010
6 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals
· Substantial vendor market presence. Because enterprises tend to shun vendors that lack
financial stability or a proven track record of sales success, Forrester limited the vendors we
evaluated to those that had estimated annual revenues of $20 million or more (for pure-play
DLP vendors) or consolidated revenues of $200 million or more (for those with broader security
portfolios than just DLP).
· Both strategy and implementation competencies. All of the evaluated firms have the ability
to advise on DLP deployment road maps, standardization best practices, and the mapping of
DLP policies to the data security requirements. Most of the vendors also employ or partner with
training and certified implementation experts across a wide range of DLP practices and specific
technologies.
· Symantec and Websense lead the pack. Both Symantec and Websense have comprehensive
DLP suites with high levels of refinement, ease of use, and a deep bench of technology partners
that they can integrate with. Neither vendor has any substantial weaknesses in its respective
offerings, and both have strong revenue streams from their respective DLP products. That said,
these two vendors’ go-to-market strategies could not be more different. Symantec, the dominant
vendor in the market, relies on its own DLP “capability maturity model” and its consulting
partners to guide its deployment and selling processes. This strategy relies on selling DLP as
a methodology on par with ERP or CRM. Websense, by contrast, views DLP as an adjunct to
its Web content security businesses. It sells its Data Security Suite (DSS) to customers who
want fast, effective security leak prevention without a lot of hassle. Customer feedback on both
companies was consistently strong.
· McAfee, RSA, and CA offer highly competitive options. Although not as highly rated across
the board as Symantec and Websense, McAfee, RSA, and CA all bring strong technology and
significant technical breadth and depth to their products. McAfee offers a DLP technology
platform that we rated as effective as Symantec’s. Customers cited RSA for its accuracy and
low rate of false positives. For its part, CA’s dramatic product enhancements have enabled it to
considerably grow its sales to emerge as a Leader.
October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
The Forrester Wave™: Data Leak Prevention Suites, Q4 2010 7
For Security & Risk Professionals
· Verdasys and Fidelis offer competitive solutions for specialized DLP needs. Verdasys and
Fidelis are the “yin and yang” of DLP: One offers a very competitive but complex endpoint DLP
product, while the other provides sophisticated network-based DLP. Verdasys has done an
admirable job skimming the cream off the high-end DLP market, focusing on knowledge-
intensive intellectual property opportunities. Fidelis, in turn, gives network security managers the
tools to control leaks inside an enterprise’s network. These two companies, frankly, should merge.
· Trend Micro contends for sales in less-sophisticated enterprises. Like the Verdasys DLP
product, Trend Micro’s LeakProof is an endpoint-only product. Forrester found that it trailed
the Leaders’ products in most areas, with shallower features and less sophistication.
This evaluation of the DLP market is intended to be a starting point only. Readers are encouraged
to view detailed product evaluations and adapt the criteria weightings to fit their individual needs
through the Forrester Wave Excel-based service provider comparison tool.
© 2010, Forrester Research, Inc. Reproduction Prohibited October 12, 2010 | Updated: October 14, 2010
8 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals
Risky Strong
Bets Contenders Performers Leaders
Strong
Market presence
Weak
October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
The Forrester Wave™: Data Leak Prevention Suites, Q4 2010 9
For Security & Risk Professionals
Trend Micro
Weighting
Forrester’s
Websense
Symantec
Verdasys
McAfee
Fidelis
RSA
CA
CURRENT OFFERING 50% 3.66 2.76 4.03 3.70 4.03 2.22 2.97 3.98
Protection for managed endpoints 20% 3.63 1.59 4.05 3.47 3.70 2.69 3.74 3.79
Protection for unmanaged endpoints 20% 3.32 3.52 3.99 4.15 4.07 1.23 1.23 4.71
Information management 20% 4.00 2.20 4.10 3.50 4.00 2.40 2.80 3.60
Incident management 15% 3.60 4.00 3.80 4.00 4.60 1.80 3.60 4.20
Productivity 10% 3.30 2.30 5.00 3.70 4.40 2.70 3.00 3.70
Features 15% 4.00 3.15 3.55 3.40 3.65 2.75 3.85 3.75
Customer references 0% 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
STRATEGY 50% 4.00 3.40 4.00 4.00 4.75 2.45 3.05 4.60
Product strategy 100% 4.00 3.40 4.00 4.00 4.75 2.45 3.05 4.60
Cost 0% 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
MARKET PRESENCE 0% 3.24 2.41 3.63 3.38 3.98 2.32 2.96 3.47
Installed base 30% 3.15 2.45 3.75 3.10 3.20 3.00 3.00 3.75
Revenue 40% 3.70 2.90 3.70 3.80 4.70 2.50 3.50 3.30
Execution 30% 2.70 1.70 3.40 3.10 3.80 1.40 2.20 3.40
All scores are based on a scale of 0 (weak) to 5 (strong).
Source: Forrester Research, Inc.
Vendor PROFILES
Leaders: Symantec, Websense, McAfee, RSA, And CA Provide Broad And Deep Features
· Symantec. Three years ago, Symantec bought the then-market leader, Vontu. Fast forward
to 2010, and it is still the leader by a country mile. Symantec’s DLP revenues are more than
double those of its closest competitor — evidence, perhaps, that Symantec has finally found a
way to not mess up its acquisitions. From the product standpoint, Symantec’s DLP suite is an
all-around strong performer with few weaknesses, with high levels of refinement and feature
depth throughout. We also like Symantec’s longer-term vision for integrating DLP into adjacent
information management processes like eDiscovery, archiving, and entitlement management.
Going forward, Symantec’s biggest challenge is complacency. To help make DLP a billion-dollar
market, Symantec must find the courage to commoditize its own products by offering a cheaper,
stripped-down “DLP express” version that every enterprise, not just those with money and large
IT staffs, can deploy. Those caveats aside, Symantec should be seen as a strong candidate for any
enterprise’s shortlist.
· Websense. Best known for its Web-content-filtering products, Websense has quietly built
the second-largest DLP product company in the industry. Websense’s Data Security Suite
(DSS) matches Symantec nearly feature-for-feature at a much lower price. Its DLP features for
© 2010, Forrester Research, Inc. Reproduction Prohibited October 12, 2010 | Updated: October 14, 2010
10 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals
protecting against leaks on unmanaged endpoints are excellent. Its clean and simple interface
is geared toward fast installations and time-to-value. Standout features include its “DLP for
Download” test drive program, installation wizards, and built-in features that normally cost
extra with other vendors, such as USB encryption. Of all the vendors in this Forrester Wave,
Websense is the vendor best positioned to cross the chasm into the mass market. These are the
types of enterprises that want “DLP express” products to help solve regulatory and toxic data
problems without complex integration challenges or high prices. Websense’s primary challenge
is one of visibility: Because it doesn’t have a desktop foothold like McAfee or Symantec, it has
to fight harder to get into the CISO’s office. Based on the strength of its current offering, that
should no longer be a hard sell.
· McAfee. Since our last DLP Forrester Wave, McAfee has been busy integrating its network
DLP product (the well-regarded Reconnex product) and its client DLP product (Israeli startup
Onigma). McAfee’s hard work has paid off. In the past two years, it has closed its primary
feature gaps, such as fingerprinting, and integrated its suite into ePolicy Orchestrator (ePO),
the security management technology it is well-known for. McAfee DLP scored the highest for
endpoint DLP features. It combines Verdasys-style tagging of information sources with the
standard DLP features found in the other suites. The DLP suite also includes multiple features
designed to reduce the overall hassle factor: tuning tools to quickly make exceptions to rules,
its unique “capture database,” and features for employee self-release and bypass. McAfee DLP’s
strong feature set should appeal to most enterprises, especially those with existing installations
of the company’s ePO, ToPS, or Endpoint Encryption products.
· RSA. RSA’s DLP product strategy is the most interesting of all of the vendors we surveyed. In
addition to its direct model for selling its DLP suite, RSA has also aggressively embedded a
subset of its suite into products from partners like Cisco (with its IronPort email appliance)
and Microsoft (into ForeFront Online Protection for Exchange and its File Classification
Infrastructure). RSA’s two-pronged strategy is working: Hundreds of customers have sought
to step up from Cisco’s embedded DLP feature to RSA’s full suite. From a product perspective,
RSA’s DLP suite scored very well overall, with strong network DLP features for protecting
information processed on unmanaged endpoints. Its classification rule sets are well-regarded
by customers and competitors alike for their accuracy and relatively low rate of false positives.
Considering that storage vendor EMC owns RSA, Forrester was surprised to see that RSA’s
information life-cycle strategy is relatively weak compared with, for example, Symantec.
Its integration with third-party enterprise rights management (ERM) tools is similarly
underdeveloped, and in our view, has an over-reliance on its partnership with Microsoft’s
RMS technology. Those concerns aside, RSA’s DLP suite is a good choice for large enterprises,
particularly those with heavy investments in Microsoft technologies like SharePoint.
· CA. From its traditional stronghold in financial services, CA’s DLP product has expanded
from its endpoint heritage (the former Orchestria product) to a full-fledged suite, including
October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
The Forrester Wave™: Data Leak Prevention Suites, Q4 2010 11
For Security & Risk Professionals
network DLP. CA has added features such as fingerprinting, information inventory (data-at-
rest), and scanning tools. These and other additions have brought its DLP suite closer to parity
with Symantec and Websense. CA offers best-in-class email filtering and integrates well with
information life-cycle technologies such as archiving and eDiscovery. Its USB features, with
built-in encryption, negate the need to purchase a third-party product. Perhaps as a result of all
the improvements in the newest version of the product (r12), CA’s DLP suite sales are growing
faster than any other vendor’s, and a best-in-class 60% of its customers have already upgraded.
Strong Performers: Verdasys And Fidelis Offer Specialized Client And Network Solutions
· Verdasys. Based in Waltham, Massachusetts, brash endpoint-only vendor Verdasys has
carved out an enviable niche for itself. Verdasys specializes in providing complex solutions to
enterprises with complex intellectual property challenges, such as electronics manufacturers,
carmakers, and pharmaceutical companies. Verdasys Digital Guardian provides rich, detailed
controls for managing the spread of toxic data and secrets emanating from managed endpoints.
Its controls for Webmail, email, Web, and USB controls are very strong. Its “Enterprise
Information Protection” vision is, in essence, a template for deeply integrating data security
controls into business processes and enforcing them through its deeply embedded endpoint
agent, which Verdasys gleefully describes as a “rootkit.” As a result, Verdasys’ deal sizes
are much larger than those of its peers: millions of dollars rather than the low hundreds of
thousands. Verdasys provides desktop agents for Windows and Linux but does not provide
network-based DLP features, making it a poor choice for customers worried about leaks from
unmanaged endpoints. However, Verdasys resells Fidelis XPS network DLP and can process
alerts and incidents forwarded from that product.. Verdasys is poorly positioned to supply “DLP
express” solutions for mass-market customers. But the vendor should be on the shortlists of
companies that have significant industrial secrets or intellectual property assets to protect —
and checkbooks and stamina to make it happen.
· Fidelis. Network DLP specialist Fidelis XPS helps security or network operations managers
to detect leaks on large company networks. Its innovative “heads-up” Information Flow Map
shows DLP violations in real time. Fidelis XPS has good support for filtering Web traffic and
emails and for fingerprinting secrets such as company plans and trade documents. It also has
several highly distinctive key features, such as the ability to detect and block peer-to-peer
traffic, rogue network channels, botnets, or malicious insiders. As a network-only DLP vendor,
Fidelis doesn’t have its own capabilities for monitoring endpoint activities, although it can
forward events to Verdasys. It also lacks the feature depth of the leading DLP vendors’ suites.
For example, Fidelis does not have a “named data” feature that matches toxic data elements
against specific database rows/columns, its fingerprinting controls are relatively weak, and its
management dashboard is workmanlike but not refined enough for CISOs. That said, Fidelis is
appropriate for enterprises that want to take a network-centric, monitoring-based approach to
preventing data leaks.
© 2010, Forrester Research, Inc. Reproduction Prohibited October 12, 2010 | Updated: October 14, 2010
12 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals
· Code Green Networks. Code Green is a vendor with a balanced DLP suite that serves the small
enterprise segment.
· GTB Technologies. GTB Technologies takes a granular, rules-based approach to DLP that
includes endpoint, network, and inventory scanning.
· Palisade Systems. Palisade Systems’ midmarket DLP appliance and SaaS offerings exemplify the
“set and forget” simplicity that harried SMB staffs require.
· NextLabs. NextLabs’ product includes both DLP and built-in ERM technology for encrypting
sensitive enterprise documents.
Supplemental MATERIAL
Online Resource
The online version of Figure 3 is an Excel-based service provider comparison tool that provides
detailed product evaluations and customizable rankings.
October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
The Forrester Wave™: Data Leak Prevention Suites, Q4 2010 13
For Security & Risk Professionals
· Service provider surveys. Forrester surveyed service providers on their capabilities as they relate
to the evaluation criteria. Once we analyzed the completed service provider surveys, we conducted
service provider calls to gather additional details and validate service provider qualifications.
· Customer reference calls. To validate product and service provider qualifications, Forrester also
conducted reference calls with three of each service provider’s current customers.
After examining past research, user need assessments, and service provider and expert interviews,
we develop the initial evaluation criteria. To evaluate the service providers and their products
against our set of criteria, we gather details of product qualifications through a combination of lab
evaluations, questionnaires, demos, and/or discussions with client references. We send evaluations
to the service providers for their review, and we adjust the evaluations to provide the most accurate
view of service provider offerings and strategies.
We set default weightings to reflect our analysis of the needs of large user companies — and/or other
scenarios as outlined in the Forrester Wave document — and then score the service providers based
on a clearly defined scale. These default weightings are intended only as a starting point, and readers
are encouraged to adapt the weightings to fit their individual needs through the Excel-based tool.
The final scores generate the graphical depiction of the market based on current offering, strategy,
and market presence. Forrester intends to update service provider evaluations regularly as product
capabilities and service provider strategies evolve.
Endnotes
1
Source: Forrsights Security Survey, Q3 2010.
2
“The Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit
Union Administration (NCUA) have issued regulations (the Red Flags Rules) requiring financial
institutions and creditors to develop and implement written identity theft prevention programs, as part
of the Fair and Accurate Credit Transactions (FACT) Act of 2003.” Source: “FTC Business Alert,” Federal
Trade Commission, June 2008 (http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm).
© 2010, Forrester Research, Inc. Reproduction Prohibited October 12, 2010 | Updated: October 14, 2010
14 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals
3
Staffing the traditional security operations center (SOC) is expensive. Forrester anticipates that the SOC will
become virtualized in the future, in a next-generation transformation that we call “SOC 2.0.” See the April
20, 2010, “SOC 2.0: Virtualizing Security Operations” report.
4
“The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually
identifiable health information; the HIPAA Security Rule, which sets national standards for the security of
electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which
protect identifiable information being used to analyze patient safety events and improve patient safety.”
Source: US Department of Health and Human Services (http://www.hhs.gov/ocr/privacy/).
October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
Making Leaders Successful Every Day
54974