Data loss start-ups sell out
- 08 January, 2008 09:19
The rapid consolidation in the anti-data leakage market in the past year is enough to make an IT manager's head spin: This segment of the security sector ballooned to include dozens of start-ups, then even more quickly dwindled down to a few independent companies as larger vendors cherry-picked smaller ones to add data leakage to their own product portfolios.
A rough estimate shows at least US$1.6 billion was spent by vendors acquiring anti-data leakage -- also referred to as data-loss prevention or data-leak prevention -- start-ups over the past year, and that figure only includes the transaction values that were made public.Now that the spending spree is winding down and the acquiring vendors are revamping their product road maps to include these new wares, observers say enterprises can look forward to having the benefits of these security products baked into existing offerings that they're probably already using.
"We found there was a significant hole in the security product suite vendors," says Trent Henry, vice president and research director with Burton Group. "The hole has been information-flow protection and protecting the endpoint, not just network content flow."
As many of the data leak products evolved from protecting information "in motion," or being e-mailed, sent via instant messaging or copied to removable media, but also data "at rest," many large vendors thought it best to buy rather than build these capabilities.
Data leakage assimilation
Turning anti-data leakage into a feature of existing products represents a logical progression, analysts agree. In fact, many existing products are already moving in that direction; e-mail security offerings from companies such as Proofpoint, Secure Computing and Google's Postini already have some basic data-leak-protection functions that can, for example, scan outbound e-mail, instant messaging and Web traffic and flag messages that contain information thought to be sensitive, such as Social Security or credit card numbers.
Going beyond these basic features to add the finely tuned content-inspection and policy-enforcement capabilities of some data-leak-prevention tools to existing security offerings would reduce the number of products operating at an organization's gateway, and offer universal management and policy enforcement to simplify administration.
Knowing what's going out of the corporate network, and being able to stop policy violations, is an important part of what makes anti-data leakage valuable, says one enterprise user.
"You can generate all the polices that you want, but unless you have some kind of monitoring and enforcement mechanism, you don't know if a policy is working or not," says Bob Gorrie, information security project manager at USEC, a supplier of enriched uranium fuel for commercial nuclear power plants based in Bethesda, Md., which uses Vontu products.
Road to integration
Acquirers including Symantec, McAfee, Trend Micro, Cisco, and others are beginning to reveal details of how they'll integrate these new capabilities into their products.
Upon announcing its acquisition of Vontu in November, Symantec executives offered some details on plans to integrate the start-up's line of data-loss prevention products into its own desktop, network and storage products. The two companies earlier this year struck a deal to embed Vontu's detection engine into Symantec's e-mail security gateway software; Symantec says adding Vontu's capabilities to other products including its endpoint security offering is likely.
Adding Vontu's ability to scan data resources across the network to seek out sensitive data would be beneficial additions to Symantec's NetBackUp and Enterprise Vault offerings as well, officials say, to facilitate chores such as responding to e-discovery requests.
Trend Micro's October acquisition of Provilla will result long term in integrating the start-up's anti-data leakage capabilities into the security vendor's desktop and gateway products, officials say, although in the near term Trend Micro will continue to sell Provilla's LeakProof product as a stand-alone offering. The acquirer also spoke of extending LeakProof to mobile platforms.
Following its acquisition of Onigma late last year, McAfee used that company's products as the basis of its foray into the anti-data leakage market in February. In October, McAfee acquired encryption and access-control vendor SafeBoot, and plans to launch a new data-protection product business unit based on the integration of these technologies, officials say.
WebSense, which acquired anti-data leakage vendor PortAuthority last December and earlier this year bought e-mail security vendor SurfControl, is ahead of the pack in integrating technology from acquired companies into its main product line. In July, WebSense announced it had integrated Port Authority's content protection suite with its ThreatSeeker Web security product, and is currently fusing features from SurfControl's e-mail security technology as well.
"It's the combination of what you know about your employees combined with what you know about malicious activity on the Internet...we're the only company that can set granular policies and enforce them around information protection," says Leo Cole, WebSense's director of marketing.
Cisco, via its IronPort subsidiary, is already putting anti-data leakage features into existing platforms, and is exploring whether it makes sense to also add content scanning to infrastructure offerings.
"Most of the customers we talk to want [anti-data leakage] integrated into their existing platforms," says Tom Gillis, vice president of marketing with IronPort, which Cisco purchased in January. The company in September added anti-data leakage features to its e-mail security appliance, and says there may be opportunities to include variants of these capabilities to Cisco switches and routers as well.
IronPort is focused mainly on protecting data in motion -- because that's the strength of the company's e-mail and Web security appliances -- and believes there's great benefit to being able to do fairly straightforward tasks such as blocking credit-card information from being sent in an unencrypted e-mail.
Others, however, believe the greatest benefit these tools can offer is to help enterprises figure out what and where their sensitive information is.
"Protecting information is a concern for us, our proprietary information is out there in a bunch of different locations, it's tougher to protect it because I don't know how it's going out, where it's going, and trying to locate it all," says one security professional with a high-tech manufacturing company who asked not to be named and uses an anti-data leakage product from Reconnex, one of the few independent companies left in the market. "That's probably the toughest part, to determine exactly what critical data is."