Sensitive data is highly sought after by threat actors who look to sell personal data, health information, corporate secrets, and other valuable data on the black market.

 

In the wake of the COVID-19 Pandemic, cybercrime is up 600% – further expressing the need to practice secure habits.

 

One countermeasure organizations use to help prevent cyber attacks is data loss prevention.

 

In this article, I’m going to explain what DLP software is, and then review the top DLP vendors on the market. I’ll take a deep dive into Symantic and Forcepoint, the top DLP vendors on the market and I’ll also discuss how much you can expect to spend on a DLP solution.

 

 

Article Navigation

 

• What Is Data Loss Prevention (DLP) Software?
• What Is the Best DLP Software?
• DLP Vendor Comparison Chart
• Symantec VS Forcepoint
• How Much Does DLP Software Cost?

 

 

What Is Data Loss Prevention (DLP) Software?

 

Data loss prevention software is designed to discover, analyze content and context in order to determine if the data presented matches a pattern or expression of a:

 

• Social Security Number
• Credit Card Number
• HIPAA Term
• Or Keyword

 

 

Once the pattern is matched, a violation or alert can be generated. The alert is sent to a management console for review by a support analyst and incident triage.

 

What Is the Best DLP Software?

 

There are a number of factors to consider before selecting a DLP software for your organization. This includes understanding the top strengths and weaknesses of each solution.  In this list, we’ll take a look at the top DLP software solutions on the market including Digital Guardian, McAfee, and Symantec.

 

Digital Guardian DLP

 

• Unsurpassed user activity visibility & EDR capability.
• Managing detailed activity policies can prove complex.
• Full solution currently requires three management consoles.
• Unique vendor-provided fully managed service available.
• Well suited for large enterprises & intellectual property protection.

 

Forcepoint DLP

 

• CASB & UEBA acquisitions driving DLP market change.
• Unique user risk ranking directs resources to most critical incidents.
• Low-cost year 1 subscription may prove more costly over time.
• User-friendly policy creation & management console.
• Large-enterprise capable but scales down to support small businesses.

 

McAfee DLP

 

• New vision 11 addresses long-standing problems.
• Solid integration with other McAfee products.
• Lack of database fingerprinting limits accuracy in protecting personally-identifiable information.
• Full solution integration with ePO.
• Well suited to organizations with existing McAfee products.

 

 Symantec DLP

 

• Long-term DLP market leader & innovator.
• Complex architecture requires significant deployment hours & cost.
• Feature-richness allows for customization but ads complexity.
• The only solution supporting a single policy across all components.
• Complexity makes it well suited to large-enterprise, but no small businesses.

 

DLP Vendor Selection Process

 

The process of selecting a DLP vendor can be streamlined by obtaining unbiased reviews of experts in the industry that have implemented the solutions and provide their opinions.

 

It’s obvious that Symantec is the DLP market leader based on the complexity of its architecture and features.

 

As we know, the more complex a solution is, the higher the cost to deploy, implement, and support. However, the adage still applies – “you get what you pay for”.

 

Therefore, it is imperative for organizations to understand where, and how their data flows in and out of their organization prior to the investment.

 

Proper planning will enable the decision makers to choose properly and avoid deployment and post-support pitfalls.

 

To assist in making the right decision in choosing which Enterprise DLP solution is right for an organization, Gartner provides insight based on research and reviews across various sectors.

 

According to Gartner, Symantec was still the leader in the Data Loss Prevention Market, matching the top four vendors listed in the recent Data Loss Prevent Experts site.

 

DLP Vendor Comparison Chart

 

Symantec (now Broadcom) continue to lead the data loss prevention software market with the closest competitors including:

 

• Forcepoint
• Digital Guardian
• Intel (McAFee)

 

Key to Symantec’s decade success was their focus on innovating technologies with the changing cyber landscape.

 

 

As stated previously, the DLP vendors share similar concepts in the development of its Content Analysis and Fingerprinting capabilities. However, each have their various nuances that set them apart.

 

Symantec VS Forcepoint

 

To dive deeper into these nuances let’s take a look at the differences between Symantec VS Forcepoint’s DLP solutions.

 

Listed below are the basic feature sets of each software.

 

Note, the purpose of this matrix is not to prove one product over the other, but to visibly observe the similarities and the differences. The real feature test will happen during a proof of concept exercise on-site or in a test virtual environment.

 

Symantec DLP Features

 

View the full list of Symantec DLP Features

 

• Exact Data Matching (EDM) act Data Matching (EDM) detects content by fingerprinting structured data sources, including databases, directory servers, or other structured data files.

 

• Indexed Document Matching (IDM) Document Matching (IDM) applies fingerprinting methods to detect confidential data stored in unstructured data, including Microsoft Office documents; PDFs; and binary files such as JPEGs, CAD designs, and multimedia files. IDM also detects “derived” content, such as text that has been copied from a source document to another file.

 

• Vector Machine Learning (VML) protects intellectual property that has subtle characteristics that may be rare or difficult to describe, such as financial reports and source code.

 

• Described Content Matching (DCM) Described Content Matching (DCM) detects content by looking for matches on specific keywords, regular expressions or patterns, and file properties. Symantec DLP provides more than 30 data identifiers out-of-the-box, which are pre-defined algorithms that combine pattern matching with built-in intelligence to prevent false positives. For example, the “credit card number” data identifier detects 16-digit patterns and validates them with a “Luhn check”.

 

• File type detection recognizes and detects more than 330 different file types such as email, graphics, and encapsulated formats.

 

• Use a single web-based console single web-based console to define data loss policies, review and remediate incidents, and perform system administration across all of your endpoints, mobile devices, cloud-based services, and on-premise network and storage systems.

 

• Symantec DLP for Cloud Storage and Cloud Prevent for Microsoft Office 365 provides discovery, monitoring and protection capabilities for your cloud-based storage and email.

 

• Symantec DLP Cloud Prevent for Microsoft Office 365  enables you to confidently migrate your email to the cloud by seamlessly integrating with Office 365: Exchange Online.

 

• Perform local scanning, detection, local scanning, detection, and real-time monitoring for a wide range of events on Windows 7, Windows 8, Windows 8.1, and Mac OS X machines.

 

• Symantec DLP Network Discover work Discover finds and exposes confidential data by scanning network file shares, databases, and other enterprise data repositories.

 

• Monitor confidential data that is being downloaded, copied, or transmitted to or from laptops and desktops. This includes:  – Cloud Storage Cloud Storage: Box, Dropbox, Google Drive, Microsoft OneDrive – Email: Outlook, Lotus Notes – Network Pro work Protocols: HTTP/HTTPS, FTP – Removable Storage: USB, MTP, CF and SD cards, eSATA, FireWire – Virtual Desktops: Citrix, Microsoft Hyper-V, VMware.

 

• Use multiple scanning op multiple scanning options, such as idle scanning and differential scanning, to enable high-performance, parallel scanning of thousands of endpoints with minimal impact to your systems.

 

• Deploy a highly scalable, multi-tiered architecture Deploy a highly scalable, multi-tiered architecture that can protect hundreds of thousands of endpoint users.

 

• Take advantage of more than 60 pre-built policy templates and a convenient policy builder to get your DLP solution up and running quickly.

 

• Leverage robust workflow and remediation capabilities workflow and remediation capabilities to streamline and automate incident response processes.

 

• Apply business intelligence to your DLP efforts with a sophisticated analytics tool that provides advanced reporting and ad-hoc analysis capabilities. This includes the ability to extract and summarize system data into multi-dimensional cubes—and then create relevant reports, dashboards, and scorecards for different stakeholders in your organization.

 

• Notify users with an on-screen pop-up window or block specific actions when a policy violation is detected.

 

• Scan local drives on local drives on laptop and desktops to provide a complete inventory of confidential data, so you can secure or relocate exposed files.

 

Forcepoint DLP Features

 

View the full list of Forcepoint DLP Features

 

• Data fingerprinting.

 

• Follow data with automatic application of controls, even when user devices are not on the network.

 

• Predefined policy library.

 

• Get started quickly with an extensive Policy Library that addresses common regulatory and IP protection use cases, including GDPR.

 

• Optical character recognition.

 

• Enables textual data, including PII and PHI, to be detected and extracted from images—such as source code, engineering drawings, M&A docs, and trade secrets.

 

• Automated Classification & Labeling.

 

• Simplify data classification with automated validation and application of labels for sensitive files with Bolden James Classifier and Azure Information Protection.

 

• Advanced incident workflow.

 

• Secure workflow notifications for data owners, providing users role-based access and data privacy on their mobile devices with DLP.

 

• Single console control.

 

• Set data loss prevention policies across your network and endpoints once, from a single console for your environment.

 

• Gain visibility into Microsoft Rights Management.

 

• Enable Microsoft Protection RMS to securely share information with partners. Automatically encrypt and decrypt using Microsoft Azure Information Protection.

 

• Achieve risk-adaptive protection.

 

• Educate data owners to protect data.

 

• Dynamic in-action coaching to educate end-users on appropriate data use while using Forcepoint’s DLP tool.

 

• Data leakage prevention.

 

• Detect and protect against low and slow data exfiltration and data leakage via print, email, cloud applications, and removable media.

 

Integrated Data Loss Prevention (IDLP)

 

In this article, we’ve primarily discussed one type of DLP solution – EDLP or Enterprise Data Loss Prevention.

 

The other type of DLP solution is the Integrated Data Loss Prevention (IDLP).

 

IDLP is a device that functions primarily as a firewall or web gateway but also has DLP features integrated that can be enabled once a subscription or license is activated.

 

Zscaler is a popular Web Gateway Service provider that specializes in monitoring and inspecting web traffic. DLP is also one of its features that can be enabled to detect a user’s content as it traverses the gateway to the Internet.

 

Many Next Generation Firewalls also offer Integrated DLP features. In most cases you’ll need a license in order to enable the DLP functionality. The DLP protection offered is around the basic patterns, such as, Social Security numbers, credit card numbers, and custom keywords.

 

Firewalls that have DLP integrated within their product suite include:

 

• Check Point
• Fortinet
• Palo Alto

 

There are other software vendors in the DLP space that are ranked as visionaries according to recent Gartner research, which include:

 

• Clearswift
• CoSoSys
• Digital Guardian
• Fidelis Cybersecurity
• GTB Technologies
• InfoWatch
• SearchInform
• Somansa
• Zecurion

 

How Much Does DLP Software Cost?

 

How much does DLP cost? It depends on multiple factors.

 

The majority of DLP software vendors charge based on the number of users, professional services, maintenance, and support.

 

The total first-year investment for a DLP solution is approximately  $385,000. This is based on a real-world example of $17.50 per user with a total of 10,000 users. $175,000 is allocated for software, up to $175,000 for servicing the software, and $35,000 for administrative and management costs of the vendor.

 

Cost Category	Cost
Software per year	$175,000
Installation and configuration (i.e. professional services for the first year)	$175,000
Administration and Management (first year)	$35,000
Total First Year Investment	$385,000

 

DLP vendors usually work through VARs (Value Added Resellers). The matrix provided is a general cost breakdown that can be used as a reference to estimate cost.

 

In some cases, the vendor will post their cost online. Somansa is a cloud DLP vendor that provides their rates online, based on the number of users:

 

• Small business, 1-99 users – $5,950
• Small business, 100-199 users – $9,950
• Small business, 200-299 users – $13,500

 

 

If you’re looking for inexpensive or open source DLP software then there are a few options available:

 

• OpenDLP
• HiveCode
• MyDLP
• Falcongaze SecureTower

 

Related Articles

 

• How To Prevent The Top Cyber Attacks In 2020 And Beyond
• 5 Proven Small Business Network Security Tips
• What Is A SIEM Solution? Benefits, Tools, & Strategies
• What Is The Difference Between IDS And IPS?
• What Is Endpoint Detection And Response (EDR)?