October 12, 2010 | Updated: October 14, 2010

The Forrester Wave™: Data Leak

Prevention Suites, Q4 2010
by Andrew Jaquith
for Security & Risk Professionals

Making Leaders Successful Every Day

For Security & Risk Professionals

October 12, 2010 | Updated: October 14, 2010

The Forrester Wave™: Data Leak Prevention Suites,
Q4 2010
Symantec And Websense Lead, With McAfee, RSA, And CA Close Behind
by Andrew Jaquith
with Stephanie Balaouras and Alex Crumb

Execut i v e S u m mary
In Forrester’s 94-criteria evaluation of data leak prevention (DLP) vendors, we found that Symantec and
Websense led the pack. Both have comprehensive DLP suites with high levels of refinement, ease of use,
and a deep bench of technology partners they can integrate with. McAfee, RSA, and CA Technologies
were very close behind: All bring strong technology and significant technical breadth and depth to their
DLP suites. All five of these products give enterprise security managers sophisticated tools for detecting
and preventing the dissemination of sensitive corporate information. Verdasys has done an admirable
job “skimming off the cream” of the high-end DLP market, focusing on knowledge-intensive intellectual
property opportunities. Fidelis Security Systems, in turn, gives network security managers the tools to
control leaks inside an enterprise’s network. Trend Micro has a lot of work to do before it is competitive
with the Leaders.

ta ble of Co n te nts N OT E S & RE S O U RC E S

2 Enterprises Need to Protect Their Sensitive Forrester conducted DLP product evaluations in
Information the spring and summer of 2010 and interviewed
DLP Suites Have Become Complex And Highly eight DLP vendors: CA Technologies, Fidelis
Customizable Security Systems, McAfee, RSA, Symantec, Trend
Micro, Verdasys, and Websense. We also spoke
4 Data Leak Prevention Suite Evaluation
Overview with 11 of these vendors’ enterprise customers.

We Used Three Dimensions To Evaluate Vendors Related Research Documents

Evaluated Vendors Have Extensive Capabilities “Data Leak Prevention: Scenarios For Testing
And Experience Vendor Products”
6 DLP Products Have Evolved Into Feature- June 15, 2010
Packed Suites “Market Overview: Enterprise Rights
9 Vendor Profiles Management”
Leaders: Symantec, Websense, McAfee, RSA, June 3, 2010
And CA Provide Broad And Deep Features “Own Nothing. Control Everything.”
Strong Performers: Verdasys And Fidelis Offer January 22, 2010
Specialized Client And Network Solutions
“Data Security Predictions For 2010”
Contender: Trend Micro Lags Behind Other December 2, 2009
Vendors
12 More DLP Options Exist
12 Supplemental Material

© 2010, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available
resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, RoleView, TechRadar,
and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. To
purchase reprints of this document, please email clientsupport@forrester.com. For additional information, go to www.forrester.com.
2 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals

Enterprises Need to protect their Sensitive information

Data security has moved to the top of the priorities list for chief information security officers
(CISOs) in 2010 — even in a subdued economy. In a recent Forrester survey of enterprise IT
decision-makers, nearly 15% of respondents said that they have already deployed DLP (see Figure
1). Another 12% are planning to implement it in 2010, and a further 36% don’t have firm plans
but are interested.1 Data security trumped disaster recovery, identity and access management, and
regulatory compliance. Unlike tangible assets such as bricks, mortar, and wheelbarrows, digital
information is fungible, duplicates itself with zero marginal cost, and can move in the blink of an
eye. Although enterprise CISOs are charged with protecting all of the information the enterprise
produces, they tell Forrester that four types of data concern them the most:

· Financial information. CISOs worry about cardholder data, bank details, insurance
information, and any other account data that could be used for financial fraud. In the United
States, 48 state data breach disclosure statutes legally oblige enterprises to protect consumer
financial information. Financial institutions are also subject to other mandates, such as the US
Federal Trade Commission’s Red Flags Rules.2 Payment Card Industry Data Security Standard
(PCI DSS) is a key driver, too: Although PCI-DSS is not a statute per se, it’s a contractual
agreement that many enterprises are subject to.3

· Nonpublic personal information. Government identifiers, passport numbers, Social Security

Numbers, and public pension numbers are of great concern. These identifiers are attractive
to identity thieves because governments and corporations have widely used them in the past
to uniquely identify citizens, consumers, and employees. Various regulations and statutes,
including the state data breach disclosure laws, require businesses and governments to protect
nonpublic personal information.

· Personal health information (PHI). Of concern are insurance account numbers, treatment
details, and medical records. In the US, the Health Insurance Portability and Accountability Act
(HIPAA) and the Health Information Technology for Economic and Clinical Health Act
(HITECH) of the 2009 American Recovery and Reinvestment Act (ARRA) compel healthcare-
covered entities and their business associates to protect nonpublic protected health information.4

· Intellectual property. CISOs worry about a broad class of information from which the enterprise
derives long-term competitive advantage, such as earnings forecasts, product plans, trade secrets,
legal documents, and other confidential data. Although the term “intellectual property” is
commonly used to refer to copyrights, patents, and trade secrets — all three of which have
different legal distinctions — most enterprises seek to protect all of these types equally.

The elevation in importance of data security has, in turn, spurred interest in several security
product categories, notably DLP. The uptick in adoption is impressive considering the overall state
of the security market: flat or slightly up. That makes DLP one of the few budget line items to grow

October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010 3
For Security & Risk Professionals

significantly this year. Based on this data and conversations with customers, Forrester believes that
the technology adoption cycle for DLP has moved from the survival phase to the growth phase.
Mainstream customers are now kicking the tires and exploring their options.

Figure 1 Enterprises Plan To Adopt DLP Suites To Protect Their Sensitive Information

“What are your firm’s plans to adopt DLP?”

Interested but no plans 36%

Implemented 15%

Planning to implement in the next 12 months 12%

Base: 1,031 enterprise IT decision-makers

Source: Forrsights Security Survey, Q3 2010

54974 Source: Forrester Research, Inc.

DLP Suites Have Become Complex And Highly Customizable

It would be easy to protect sensitive information if every enterprise’s information-handling policies
were the same. But no two enterprises have the same standards for risk management, information
classification, or sensitive data handling. Moreover, every enterprise has a unique risk profile and
is subject to a unique set of data protection rules, statutes, and contractual obligations. Because the
challenges associated with protecting sensitive enterprise information are complex, solutions on the
market for detecting and preventing data leaks are equally complex. The simple, email-focused data
leak tools of yesteryear have evolved into highly customizable platforms that allow enterprises to
build sophisticated policies that reflect the complexities of their own risk profiles. Forrester views
the DLP market as follows:

· DLP suites detect and prevent unwanted dissemination of sensitive information. DLP suites
include those that detect and optionally prevent violations to corporate policies regarding the
use, storage, and transmission of sensitive information. By “sensitive information,” we mean
the four core information types enterprises care about most: financial information, nonpublic
personal information, nonpublic protected health information, and intellectual property.

· DLP suites inspect information intercepted over multiple channels. This includes channels
such as email, HTTP, FTP, file shares, printers, USB/portable media, databases, instant
messaging, and endpoint hard disks. Once the content is intercepted and analyzed, policy
enforcement points at the gateway, server, or endpoint allow the operation to continue, block it,
or protect the content as required by policy. Enforcement decisions are made dynamically based
on whether the inspected content violates handling policies.

© 2010, Forrester Research, Inc. Reproduction Prohibited October 12, 2010 | Updated: October 14, 2010
4 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals

· Not all products used to stop data leaks qualify as DLP. DLP products must be content-aware
rather than merely an authorization tool that grants or denies access to information based on
identity, role, or other rule. For example, device control technologies that block access to USB
ports or CD/ROM are not DLP products. Neither are full-disk or file-based encryption products.

Data Leak Prevention Suite Evaluation Overview

To assess the state of the DLP market and see how the vendors stack up against each other, Forrester
evaluated the strengths and weaknesses of eight DLP vendors.

We Used Three Dimensions To Evaluate Vendors

After examining past research, user need assessments, and service provider and expert interviews,
Forrester developed a comprehensive set of evaluation criteria. We evaluated eight DLP vendors
against 94 criteria, which we grouped into three high-level buckets:

· Current offering. We evaluated core capabilities for protecting information processed by

managed and unmanaged endpoints, information management, incident management,
productivity enhancement, channels, and feature support. We also spoke with customer
references to validate vendor strategies and capabilities.

· Strategy. We evaluated how each service provider described its DLP suite and its differentiators,
along with its go-to-market strategy, future vision, key technology partners, and growth plans.

· Market presence. We evaluated the installed base of DLP deployments each vendor has,
along with vendor revenues, sales and team sizes, reseller engagement, and system integrator
partnerships.

Evaluated Vendors Have Extensive Capabilities And Experience

Forrester included eight vendors in the assessment: CA, Fidelis, McAfee, RSA, Symantec, Trend
Micro, Verdasys, and Websense. We evaluated vendor offerings that were generally available and
shipping as of June 1, 2010. Each of the firms evaluated has (see Figure 2):

· A DLP suite that addresses key requirements for data in motion, in use, and/or at rest.
While not all of the vendors in this Forrester Wave call their products “data leak prevention”
products, all have core features to inspect content and channel traffic, detect violations to
corporate data-handling policies, and provide various options for remediating incidents.

· At least 50 customers. As with the above criteria, we used this limitation to ensure that the
largest Forrester clients could have confidence that these providers had experience with the
challenges that enterprises of this size face today.

October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010 5
For Security & Risk Professionals

Figure 2 Evaluated Vendors: Product Information And Selection Criteria

Product version
Vendor Product(s) evaluated evaluated Version release date
CA Technologies DLP R12 October 2009

Symantec Data Loss Prevention 10.5 April 2010

Fidelis Security Systems XPS 6.0 October 2009

McAfee DLP 9.0 March 2010

RSA DLP 7.6 Q4 2009

Trend Micro LeakProof 5.0 N/A (rolling versions)

Verdasys Digital Guardian 5.2.2 June 2010

Websense Data Security Suite 7.5.3

Vendor selection criteria

A DLP suite that addresses key requirements for data in motion, in use, and/or at rest. While not all
of the vendors in this Forrester Wave call their products “data leak prevention” products, all have core
features to inspect content and channel traffic, detect violations to corporate data-handling policies, and
provide various options for remediating incidents.

At least 50 customers. As with the above criteria, we used this limitation to ensure that the largest
Forrester clients could have confidence that these providers had experience with the challenges that
enterprises of this size face today.

Substantial vendor market presence. Because enterprises tend to shun vendors that lack financial
stability or a proven track record of sales success, Forrester limited the vendors we evaluated to those that
had estimated annual revenues of $20 million or more (for pure-play DLP vendors) or consolidated
revenues of $200 million or more (for those with broader security portfolios than just DLP).

Both strategy and implementation competencies. All of the evaluated firms have the ability to advise
on DLP deployment road maps, standardization best practices, and the mapping of DLP policies to the
data security requirements. Most of the vendors also employ or partner with training and certified
implementation experts across a wide range of DLP practices and specific technologies.

The product version has been released and is generally available prior to June 1, 2010.

Source: Forrester Research, Inc.

© 2010, Forrester Research, Inc. Reproduction Prohibited October 12, 2010 | Updated: October 14, 2010
6 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals

· Substantial vendor market presence. Because enterprises tend to shun vendors that lack
financial stability or a proven track record of sales success, Forrester limited the vendors we
evaluated to those that had estimated annual revenues of $20 million or more (for pure-play
DLP vendors) or consolidated revenues of $200 million or more (for those with broader security
portfolios than just DLP).

· Both strategy and implementation competencies. All of the evaluated firms have the ability
to advise on DLP deployment road maps, standardization best practices, and the mapping of
DLP policies to the data security requirements. Most of the vendors also employ or partner with
training and certified implementation experts across a wide range of DLP practices and specific
technologies.

DLP Products Have evolved into Feature-packed Suites

Forrester’s evaluation uncovered a market in which DLP suite feature sets have largely converged.
We observed considerable similarity in the uniformity of features between the products,
unsurprising for a market that has moved past the survival stage of adoption and moved into
growth. Of the eight vendors we evaluated, five scored well enough to be considered Leaders (see
Figure 3):

· Symantec and Websense lead the pack. Both Symantec and Websense have comprehensive
DLP suites with high levels of refinement, ease of use, and a deep bench of technology partners
that they can integrate with. Neither vendor has any substantial weaknesses in its respective
offerings, and both have strong revenue streams from their respective DLP products. That said,
these two vendors’ go-to-market strategies could not be more different. Symantec, the dominant
vendor in the market, relies on its own DLP “capability maturity model” and its consulting
partners to guide its deployment and selling processes. This strategy relies on selling DLP as
a methodology on par with ERP or CRM. Websense, by contrast, views DLP as an adjunct to
its Web content security businesses. It sells its Data Security Suite (DSS) to customers who
want fast, effective security leak prevention without a lot of hassle. Customer feedback on both
companies was consistently strong.

· McAfee, RSA, and CA offer highly competitive options. Although not as highly rated across
the board as Symantec and Websense, McAfee, RSA, and CA all bring strong technology and
significant technical breadth and depth to their products. McAfee offers a DLP technology
platform that we rated as effective as Symantec’s. Customers cited RSA for its accuracy and
low rate of false positives. For its part, CA’s dramatic product enhancements have enabled it to
considerably grow its sales to emerge as a Leader.

October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010 7
For Security & Risk Professionals

· Verdasys and Fidelis offer competitive solutions for specialized DLP needs. Verdasys and
Fidelis are the “yin and yang” of DLP: One offers a very competitive but complex endpoint DLP
product, while the other provides sophisticated network-based DLP. Verdasys has done an
admirable job skimming the cream off the high-end DLP market, focusing on knowledge-
intensive intellectual property opportunities. Fidelis, in turn, gives network security managers the
tools to control leaks inside an enterprise’s network. These two companies, frankly, should merge.

· Trend Micro contends for sales in less-sophisticated enterprises. Like the Verdasys DLP
product, Trend Micro’s LeakProof is an endpoint-only product. Forrester found that it trailed
the Leaders’ products in most areas, with shallower features and less sophistication.

This evaluation of the DLP market is intended to be a starting point only. Readers are encouraged
to view detailed product evaluations and adapt the criteria weightings to fit their individual needs
through the Forrester Wave Excel-based service provider comparison tool.

© 2010, Forrester Research, Inc. Reproduction Prohibited October 12, 2010 | Updated: October 14, 2010
8 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals

Figure 3 Forrester Wave™: Data Leak Prevention Suites, Q4 ’10

Risky Strong
Bets Contenders Performers Leaders
Strong

Symantec Go online to download

McAfee the Forrester Wave tool
for more detailed product
RSA Websense evaluations, feature
CA comparisons, and
customizable rankings.
Verdasys
Fidelis
Current
offering
Trend Micro

Market presence

Weak

Weak Strategy Strong

Source: Forrester Research, Inc.

October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010 9
For Security & Risk Professionals

Figure 3 Forrester Wave™: Data Leak Prevention Suites, Q4 ’10 (Cont.)

Trend Micro
Weighting
Forrester’s

Websense
Symantec

Verdasys
McAfee
Fidelis

RSA
CA
CURRENT OFFERING 50% 3.66 2.76 4.03 3.70 4.03 2.22 2.97 3.98
Protection for managed endpoints 20% 3.63 1.59 4.05 3.47 3.70 2.69 3.74 3.79
Protection for unmanaged endpoints 20% 3.32 3.52 3.99 4.15 4.07 1.23 1.23 4.71
Information management 20% 4.00 2.20 4.10 3.50 4.00 2.40 2.80 3.60
Incident management 15% 3.60 4.00 3.80 4.00 4.60 1.80 3.60 4.20
Productivity 10% 3.30 2.30 5.00 3.70 4.40 2.70 3.00 3.70
Features 15% 4.00 3.15 3.55 3.40 3.65 2.75 3.85 3.75
Customer references 0% 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

STRATEGY 50% 4.00 3.40 4.00 4.00 4.75 2.45 3.05 4.60
Product strategy 100% 4.00 3.40 4.00 4.00 4.75 2.45 3.05 4.60
Cost 0% 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

MARKET PRESENCE 0% 3.24 2.41 3.63 3.38 3.98 2.32 2.96 3.47
Installed base 30% 3.15 2.45 3.75 3.10 3.20 3.00 3.00 3.75
Revenue 40% 3.70 2.90 3.70 3.80 4.70 2.50 3.50 3.30
Execution 30% 2.70 1.70 3.40 3.10 3.80 1.40 2.20 3.40
All scores are based on a scale of 0 (weak) to 5 (strong).
Source: Forrester Research, Inc.

Vendor PROFILES
Leaders: Symantec, Websense, McAfee, RSA, And CA Provide Broad And Deep Features
· Symantec. Three years ago, Symantec bought the then-market leader, Vontu. Fast forward
to 2010, and it is still the leader by a country mile. Symantec’s DLP revenues are more than
double those of its closest competitor — evidence, perhaps, that Symantec has finally found a
way to not mess up its acquisitions. From the product standpoint, Symantec’s DLP suite is an
all-around strong performer with few weaknesses, with high levels of refinement and feature
depth throughout. We also like Symantec’s longer-term vision for integrating DLP into adjacent
information management processes like eDiscovery, archiving, and entitlement management.
Going forward, Symantec’s biggest challenge is complacency. To help make DLP a billion-dollar
market, Symantec must find the courage to commoditize its own products by offering a cheaper,
stripped-down “DLP express” version that every enterprise, not just those with money and large
IT staffs, can deploy. Those caveats aside, Symantec should be seen as a strong candidate for any
enterprise’s shortlist.

· Websense. Best known for its Web-content-filtering products, Websense has quietly built
the second-largest DLP product company in the industry. Websense’s Data Security Suite
(DSS) matches Symantec nearly feature-for-feature at a much lower price. Its DLP features for

© 2010, Forrester Research, Inc. Reproduction Prohibited October 12, 2010 | Updated: October 14, 2010
10 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals

protecting against leaks on unmanaged endpoints are excellent. Its clean and simple interface
is geared toward fast installations and time-to-value. Standout features include its “DLP for
Download” test drive program, installation wizards, and built-in features that normally cost
extra with other vendors, such as USB encryption. Of all the vendors in this Forrester Wave,
Websense is the vendor best positioned to cross the chasm into the mass market. These are the
types of enterprises that want “DLP express” products to help solve regulatory and toxic data
problems without complex integration challenges or high prices. Websense’s primary challenge
is one of visibility: Because it doesn’t have a desktop foothold like McAfee or Symantec, it has
to fight harder to get into the CISO’s office. Based on the strength of its current offering, that
should no longer be a hard sell.

· McAfee. Since our last DLP Forrester Wave, McAfee has been busy integrating its network
DLP product (the well-regarded Reconnex product) and its client DLP product (Israeli startup
Onigma). McAfee’s hard work has paid off. In the past two years, it has closed its primary
feature gaps, such as fingerprinting, and integrated its suite into ePolicy Orchestrator (ePO),
the security management technology it is well-known for. McAfee DLP scored the highest for
endpoint DLP features. It combines Verdasys-style tagging of information sources with the
standard DLP features found in the other suites. The DLP suite also includes multiple features
designed to reduce the overall hassle factor: tuning tools to quickly make exceptions to rules,
its unique “capture database,” and features for employee self-release and bypass. McAfee DLP’s
strong feature set should appeal to most enterprises, especially those with existing installations
of the company’s ePO, ToPS, or Endpoint Encryption products.

· RSA. RSA’s DLP product strategy is the most interesting of all of the vendors we surveyed. In
addition to its direct model for selling its DLP suite, RSA has also aggressively embedded a
subset of its suite into products from partners like Cisco (with its IronPort email appliance)
and Microsoft (into ForeFront Online Protection for Exchange and its File Classification
Infrastructure). RSA’s two-pronged strategy is working: Hundreds of customers have sought
to step up from Cisco’s embedded DLP feature to RSA’s full suite. From a product perspective,
RSA’s DLP suite scored very well overall, with strong network DLP features for protecting
information processed on unmanaged endpoints. Its classification rule sets are well-regarded
by customers and competitors alike for their accuracy and relatively low rate of false positives.
Considering that storage vendor EMC owns RSA, Forrester was surprised to see that RSA’s
information life-cycle strategy is relatively weak compared with, for example, Symantec.
Its integration with third-party enterprise rights management (ERM) tools is similarly
underdeveloped, and in our view, has an over-reliance on its partnership with Microsoft’s
RMS technology. Those concerns aside, RSA’s DLP suite is a good choice for large enterprises,
particularly those with heavy investments in Microsoft technologies like SharePoint.

· CA. From its traditional stronghold in financial services, CA’s DLP product has expanded
from its endpoint heritage (the former Orchestria product) to a full-fledged suite, including

October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010 11
For Security & Risk Professionals

network DLP. CA has added features such as fingerprinting, information inventory (data-at-
rest), and scanning tools. These and other additions have brought its DLP suite closer to parity
with Symantec and Websense. CA offers best-in-class email filtering and integrates well with
information life-cycle technologies such as archiving and eDiscovery. Its USB features, with
built-in encryption, negate the need to purchase a third-party product. Perhaps as a result of all
the improvements in the newest version of the product (r12), CA’s DLP suite sales are growing
faster than any other vendor’s, and a best-in-class 60% of its customers have already upgraded.

Strong Performers: Verdasys And Fidelis Offer Specialized Client And Network Solutions
· Verdasys. Based in Waltham, Massachusetts, brash endpoint-only vendor Verdasys has
carved out an enviable niche for itself. Verdasys specializes in providing complex solutions to
enterprises with complex intellectual property challenges, such as electronics manufacturers,
carmakers, and pharmaceutical companies. Verdasys Digital Guardian provides rich, detailed
controls for managing the spread of toxic data and secrets emanating from managed endpoints.
Its controls for Webmail, email, Web, and USB controls are very strong. Its “Enterprise
Information Protection” vision is, in essence, a template for deeply integrating data security
controls into business processes and enforcing them through its deeply embedded endpoint
agent, which Verdasys gleefully describes as a “rootkit.” As a result, Verdasys’ deal sizes
are much larger than those of its peers: millions of dollars rather than the low hundreds of
thousands. Verdasys provides desktop agents for Windows and Linux but does not provide
network-based DLP features, making it a poor choice for customers worried about leaks from
unmanaged endpoints. However, Verdasys resells Fidelis XPS network DLP and can process
alerts and incidents forwarded from that product.. Verdasys is poorly positioned to supply “DLP
express” solutions for mass-market customers. But the vendor should be on the shortlists of
companies that have significant industrial secrets or intellectual property assets to protect —
and checkbooks and stamina to make it happen.

· Fidelis. Network DLP specialist Fidelis XPS helps security or network operations managers
to detect leaks on large company networks. Its innovative “heads-up” Information Flow Map
shows DLP violations in real time. Fidelis XPS has good support for filtering Web traffic and
emails and for fingerprinting secrets such as company plans and trade documents. It also has
several highly distinctive key features, such as the ability to detect and block peer-to-peer
traffic, rogue network channels, botnets, or malicious insiders. As a network-only DLP vendor,
Fidelis doesn’t have its own capabilities for monitoring endpoint activities, although it can
forward events to Verdasys. It also lacks the feature depth of the leading DLP vendors’ suites.
For example, Fidelis does not have a “named data” feature that matches toxic data elements
against specific database rows/columns, its fingerprinting controls are relatively weak, and its
management dashboard is workmanlike but not refined enough for CISOs. That said, Fidelis is
appropriate for enterprises that want to take a network-centric, monitoring-based approach to
preventing data leaks.

© 2010, Forrester Research, Inc. Reproduction Prohibited October 12, 2010 | Updated: October 14, 2010
12 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals

Contender: Trend Micro Lags Behind Other Vendors

· Trend Micro. Trend Micro’s 2007 purchase of endpoint-only DLP vendor Provilla gave the
company an entry into the DLP market with LeakProof. The product provides best-in-class
USB and removable media protection and very good controls for filtering clipboard paste
operations on the client. However, LeakProof provided merely adequate features in most of the
other areas Forrester evaluated. Its overall features set seems more appropriate for small and
midsize enterprises than for large enterprises, which require features like advanced named-data
filtering features that match against database rows and columns, and network-based DLP for
unmanaged endpoints — things that LeakProof doesn’t have. Trend Micro has a lot of work to
do before its LeakProof product is competitive with those of the Leaders. LeakProof should fit
well into smaller enterprises that have fleets of homogeneous Windows PC and nothing else. But
enterprises with more demanding needs should look elsewhere.

More DLP options exist

In addition to these eight vendors, which we chose because of their large-enterprise focus, financial
stability, and market presence, enterprises should know that many other capable DLP vendors exist.
These serve smaller market segments than were covered in this Forrester Wave, are less established
in the market, or have other areas of focus beyond just DLP. Some of these vendors include:

· Code Green Networks. Code Green is a vendor with a balanced DLP suite that serves the small
enterprise segment.

· GTB Technologies. GTB Technologies takes a granular, rules-based approach to DLP that
includes endpoint, network, and inventory scanning.

· Palisade Systems. Palisade Systems’ midmarket DLP appliance and SaaS offerings exemplify the
“set and forget” simplicity that harried SMB staffs require.

· NextLabs. NextLabs’ product includes both DLP and built-in ERM technology for encrypting
sensitive enterprise documents.

Supplemental MATERIAL
Online Resource
The online version of Figure 3 is an Excel-based service provider comparison tool that provides
detailed product evaluations and customizable rankings.

October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010 13
For Security & Risk Professionals

Data Sources Used In This Forrester Wave

Forrester used two data sources to assess the strengths and weaknesses of each solution:

· Service provider surveys. Forrester surveyed service providers on their capabilities as they relate
to the evaluation criteria. Once we analyzed the completed service provider surveys, we conducted
service provider calls to gather additional details and validate service provider qualifications.

· Customer reference calls. To validate product and service provider qualifications, Forrester also
conducted reference calls with three of each service provider’s current customers.

The Forrester Wave Methodology

We conduct primary research to develop a list of service providers that meet our criteria to be
evaluated in this market. From that initial pool of service providers, we then narrow our final list.
We choose these service providers based on: 1) product fit; 2) customer success; and 3) Forrester
client demand. We eliminate service providers that have limited customer references and products
that don’t fit the scope of our evaluation.

After examining past research, user need assessments, and service provider and expert interviews,
we develop the initial evaluation criteria. To evaluate the service providers and their products
against our set of criteria, we gather details of product qualifications through a combination of lab
evaluations, questionnaires, demos, and/or discussions with client references. We send evaluations
to the service providers for their review, and we adjust the evaluations to provide the most accurate
view of service provider offerings and strategies.

We set default weightings to reflect our analysis of the needs of large user companies — and/or other
scenarios as outlined in the Forrester Wave document — and then score the service providers based
on a clearly defined scale. These default weightings are intended only as a starting point, and readers
are encouraged to adapt the weightings to fit their individual needs through the Excel-based tool.
The final scores generate the graphical depiction of the market based on current offering, strategy,
and market presence. Forrester intends to update service provider evaluations regularly as product
capabilities and service provider strategies evolve.

Endnotes
1
Source: Forrsights Security Survey, Q3 2010.
2
“The Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit
Union Administration (NCUA) have issued regulations (the Red Flags Rules) requiring financial
institutions and creditors to develop and implement written identity theft prevention programs, as part
of the Fair and Accurate Credit Transactions (FACT) Act of 2003.” Source: “FTC Business Alert,” Federal
Trade Commission, June 2008 (http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm).

© 2010, Forrester Research, Inc. Reproduction Prohibited October 12, 2010 | Updated: October 14, 2010
14 The Forrester Wave™: Data Leak Prevention Suites, Q4 2010
For Security & Risk Professionals

3
Staffing the traditional security operations center (SOC) is expensive. Forrester anticipates that the SOC will
become virtualized in the future, in a next-generation transformation that we call “SOC 2.0.” See the April
20, 2010, “SOC 2.0: Virtualizing Security Operations” report.
4
“The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually
identifiable health information; the HIPAA Security Rule, which sets national standards for the security of
electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which
protect identifiable information being used to analyze patient safety events and improve patient safety.”
Source: US Department of Health and Human Services (http://www.hhs.gov/ocr/privacy/).

October 12, 2010 | Updated: October 14, 2010 © 2010, Forrester Research, Inc. Reproduction Prohibited
 Making Leaders Successful Every Day

Headquarters Research and Sales Offices

Forrester Research, Inc. Forrester has research centers and sales offices in more than 27 cities
400 Technology Square internationally, including Amsterdam; Cambridge, Mass.; Dallas; Dubai;
Cambridge, MA 02139 USA Foster City, Calif.; Frankfurt; London; Madrid; Sydney; Tel Aviv; and Toronto.
Tel: +1 617.613.6000
Fax: +1 617.613.5000 For a complete list of worldwide locations
visit www.forrester.com/about.
Email: forrester@forrester.com
Nasdaq symbol: FORR
www.forrester.com

For information on hard-copy or electronic reprints, please contact Client Support

at +1 866.367.7378, +1 617.613.5730, or clientsupport@forrester.com.
We offer quantity discounts and special pricing for academic and nonprofit institutions.

Forrester Research, Inc. (Nasdaq: FORR)

is an independent research company
that provides pragmatic and forward-
thinking advice to global leaders in
business and technology. Forrester
works with professionals in 19 key roles
at major companies providing
proprietary research, customer insight,
consulting, events, and peer-to-peer
executive programs. For more than 27
years, Forrester has been making IT,
marketing, and technology industry
leaders successful every day. For more
information, visit www.forrester.com.

54974