RSA Data Loss Prevention Suite: Product overview
Expert Bill Hayes examines the RSA Data Loss Prevention Suite, which covers data in use, in transit and at rest for corporate networks, mobile devices and cloud services.
Storage giant EMC is taking a comprehensive approach to data loss prevention (DLP) with its RSA Data Loss Prevention Suite, which consists of RSA DLP Datacenter, RSA DLP Network and RSA DLP Endpoint with RSA Enterprise Manager; in addition, four RSA appliances are used for the DLP suite.
Editor's note: The RSA Data Loss Prevention Suite was recently discontinued, and the product hit End of Primary Support on Jan. 31. RSA DLP will hit its End of Extended Support date on Dec. 31, 2018.
The appliances used for the RSA Data Loss Prevention Suite include a Sensor appliance, which is employed for passive monitoring; an Interceptor appliance, which analyses and enforces policies for outbound email; an Internet Content Adaptation Protocol (ICAP) Server appliance, which communicates with ICAP-capable web proxies to monitor and control web and FTP traffic; and a Network Controller appliance, which manages all the appliances and communicates with the Windows-based RSA Enterprise Manager software.
The RSA Enterprise Manager, for its part, is a central management console that displays dashboards, creates reports, manages policy development and deployment, and controls incident management workflow and administers the data loss prevention systems. The following is a closer look at the components of the RSA Data Loss Prevention Suite.
RSA DLP Datacenter
RSA DLP Datacenter is a data-at-rest scanning DLP tool that performs automated discovery for sensitive data on storage platforms such as Microsoft Windows file servers, Unix file servers, network-attached storage/storage-area network devices, Microsoft SharePoint, Lotus Notes, databases and local drives on Windows workstations.
The RSA Network Sensor appliance is required to deploy this tool.
The DLP Datacenter is able to efficiently scan large storage repositories without the need for dedicated hardware by using temporary scanning agents.
RSA DLP Endpoint
RSA DLP Endpoint monitors and controls sensitive data on Windows endpoints. The Network Sensor appliance is also required to deploy this tool, and it uses either temporary or permanent endpoint agents.
RSA DLP Endpoint can monitor and prevent sensitive data exposures via user actions such as HTTP/HTTPS posts to webmail and social media, portable media reads and writes, printing, and the saving of sensitive data to network file shares. Specific devices can be whitelisted to authorize the transfer of sensitive data to approved portable media.
An optional self-remediation feature in RSA DLP Endpoint can be used to educate users by providing real-time feedback on policy violations.
In addition to Windows, RSA DLP Endpoint supports virtual desktops such as Microsoft Hyper-V, VMware View, Citrix XenDesktop and XenApp virtual applications.
RSA DLP Network
RSA DLP Network monitors and controls sensitive data in motion in real time to prevent unauthorized transmissions. DLP Network can control corporate email on Windows workstations and portable endpoints, such as Windows laptops, smartphones and tablets. It is also able to control sensitive data in generic TCP traffic, HTTP/HTTPS web and social media traffic, FTP, instant messaging and encrypted traffic.
The Network Sensor appliance is required to deploy this tool.
Summary
The RSA Data Loss Prevention Suite is designed to serve medium-sized businesses to large enterprises. The product suite covers endpoint data in use, network data in transit and data at rest in various files and databases.
RSA DLP software also addresses data on mobile devices, as well as public cloud applications and services. Pricing for the DLP suite depends on a number of factors, including which appliances may be deployed. Organizations interested in pricing and licensing terms for RSA Data Loss Prevention Suite can contact the vendor or their authorized RSA resale partners.