First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
PortAuthority tightens its security net
- — 05 December, 2006 15:47
I appreciate when a vendor succeeds at developing a very good application. But what I find more admirable is when a vendor recognizes the deficits in its solutions, makes no excuses, and quickly goes back to the drawing board to make that app excellent.
Such is the case with PortAuthority Technologies. Although no slouch as an ILP (information leak prevention) system, PortAuthority 4.0 had some usability and functional lapses when I last looked at it. PortAuthority 5.0 corrects the major issues I uncovered, pushing it to the top of the class in this category.
I take this stand because of four main ways PortAuthority 5.0 has improved. First, security is improved, as it now catches accidental and intentional data leaks over networks, examines file repositories for confidential information, prevents data from being copied to removable media, and integrates with DRM (digital rights management) systems. Second, the Web-based user interface is simpler to use, with only a few clicks now required to review and act on policy violations. Third, you now receive 150 prebuilt policies, which universally apply to data at rest, data in motion, and data in use; moreover, the system easily switches from auditing to prevention mode. Last, PortAuthority re-engineered its appliances, making them more reliable (with built-in fail open network interface cards) and more powerful, which gives enterprises better scalability.
My tests involved the Enterprise Manager MX appliance, which handles networks with as many as 10,000 users, as well as P-500 Protector appliances, which sits on the network edge, distributing the data monitoring, enforcement, and discovery workload when you're configuring large global networks.
No complete ILP solution will be installed overnight, but PortAuthority 5.0 should reduce IT staff workload compared with competitive offerings. That's because Manager servers merely connect to any network hub or switch as do the Protectors, which the main appliance automatically recognizes.
PortAuthority retains an MMC (Microsoft Management Console) snap-in to manage policies; sitting on top of this are still policy wizards for deploying the system quickly. In a few clicks I'd selected prebuilt policies for U.S. federal regulations, corporate governance, and intellectual property (such as patent information).
Yet policy management is easier and more detailed. The system integrates with Active Directory and LDAP servers; this enabled me to assign policies quickly by user, group, department, or other characteristics. Drilling down into the policy settings, I could now set real-time alerts. Importantly, I individualized notifications for system administrators, security officers, and end-users based on severity. For instance, what's considered an unintentional mistake (perhaps putting one Social Security Number in a message) could send a warning to the end-user; malicious violations would trigger a message block and send an immediate e-mail to your compliance team.
Other advanced features let me enforce variations of a policy by geography -- which is important when you must comply with international regulations.
Another aspect of policy setup is identifying confidential or private information in database tables. PortAuthority 5.0 guided me through connecting to a SQL database and specifying rules; as before, fingerprinting happened fast, with about 1 million records analysed in 10 minutes.
To be clear, for complete data coverage I had to perform additional steps. As an example, server agents are required to protect internal data-in-motion (such as networked printers), and desktop agents are loaded to monitor how data is used locally.
Still, a single policy you create universally applies to any data location. That is, when I created a corporate governance policy to look for confidential executive communications, the system checked if relevant documents were e-mailed using Microsoft Exchange and Lotus Notes, printed, or copied to a pen drive. Plus, policies are amazingly granular; I could allow a secure USB product with a certain device ID but prohibit other manufacturers' thumb drives.
To further evaluate how well PortAuthority 5.0 performed in real life, I also monitored Webmail, FTP, and instant messaging. Overall, false positives and false negative alerts were under 1 percent, which is somewhat better compared with other products I've tested. Part of this precision is because PortAuthority 5.0 classifies and extracts content from more than 370 file formats (30 percent more files than Version 4.1). It scanned nested compressed files and correctly determined if a message's content was extracted from another protected document.