CA Technologies Data Protection: DLP product overview

Expert Bill Hayes examines CA Technologies Data Protection, a data loss prevention suite designed to protect data at rest, in transit and in use across enterprise devices, networks and cloud services.

Software vendor CA Technologies is best known for its mainframe, business-to-business and distributed computing offerings. As an expansion of its enterprise-based offerings, the company also offers a data loss prevention suite called CA Technologies Data Protection. Formerly known as CA Technologies DataMinder, CA Technologies Data Protection is capable of supporting large enterprises with thousands of users and desktops. The DLP software suite components include CA Data Protection Endpoint, CA Data Protection for Networks, CA Data Protection for Stored Data and CA Email Supervision.

Data scanners

This CA Technologies Data Protection suite is able to protect data at rest, data in transit and data in use. It also integrates with CA Technologies Identity and Access Management products to allow access to sensitive information based on content and data classification. CA Technologies Data Protection is also able to quarantine data and protect sensitive information by granting or blocking access based on the reviewer's access privileges.

Endpoint agents

CA Data Protection Endpoint agents are application plug-ins for securing data at rest that execute on an endpoint device. These agents can monitor user activity and execute capture and control actions based on DLP policy. They either work with a gateway server or report directly to the DLP central management server. The agents are also able to continue policy enforcement even if disconnected from the central management server. CA Data Protection Endpoint is able to encrypt data sent to removable media. This action is controlled in part by the Client File System Agent (CFSA). In addition to monitoring local file copy actions, the CFSA is able to enforce policy for synchronization folders connecting to cloud resources such as Drop Box.

Network security

The CA Data Protection for Networks network appliance is able to control SMTP, web browser, webmail and social media HTTP/HTTPS traffic, instant messaging and peer-to-peer messaging such as Skype. Using SPAN ports, it can function as a passive DLP monitoring tool or be deployed in line to block sensitive data traffic, including decoding SSL traffic while inline.

Stored data

CA Data Protection for Stored Data secures data at rest by protecting and controlling sensitive information stored in network file shares and document repositories, public folders, ODBC sources and information collaboration servers such as Microsoft SharePoint. It can recognize and classify over 300 file types including HTML, XML, ZIP and others. CA Data Protection for Stored Data can also conduct full and partial fingerprinting of text and graphical content in order to the file content's transmission and usage. The product's scalable and distributed architecture enables file scan rates of up to 500 gigabytes per hour.

Email data

CA Email Supervision controls and reports on sensitive email in motion and at rest for popular email servers such as Microsoft Exchange and Lotus Domino as well as mail transport agents such as Sendmail and postfix. The CA Email Supervision lightweight agent is deployed at the email sever and supports any number of email policies designed to product an organization from potentially criminal as well as unintentional sensitive data exposure. Supported email endpoints include laptops, virtual desktops and smartphones for DLP controls inside and outside the corporate network.

Summary

CA Technologies' DLP suite offers several components and features designed to address a wide array of data protection needs for large enterprises. CA Data Protection cover endpoints and data in use as well as data in transit on the network, data at rest in storage or databases, and mobile and cloud data as well. The product suite comes with 24/7 technical support from CA Technologies; free training and educational courses are also available for customers. Organizations interested in pricing and licensing terms for CA Data Protection products should contact the vendor or authorized CA reseller partners.

Next Steps

Part one of this series looks at the basics of data loss prevention products

Part two examines the business case for DLP products

Part three explores usage scenarios for DLP products

Part four focuses on procuring DLP products

Part five offers insight on selecting the right DLP product

Part six compares the best DLP products on the market

CA Technologies uses AI to beef up legacy mainframe software

Dig Deeper on Data security and privacy