Download as pdf or txt
Download as pdf or txt
You are on page 1of 11

Magic Quadrant for Content-Aware Data Loss Prevention

Seite 1 von 11

Magic Quadrant for Content-Aware Data Loss Prevention

3 Ja nu a r y 2 0 1 3 I D: G00224160 An alyst ( s) : Eric Ou ellet

VIEW SUMMARY As th e en ter pr ise cont ent -aware DLP m ar k et ev olv es, ven dors ar e integr at ing adj acent technologies t o creat e a broader ecosy stem of DLP- enabled solut ions. Channel DLP and DLP- lite of fer ings ar e gainin g clien t m ind share and focusing on low - com plex ity regulat ory com plian ce use cases.


Cont ent - aw are DLP will be par t of t he st an dar d of due car e by 201 3 in Nor t h Am er ica, and by 2015 in Eur op e an d t he Asi a/ Pacific reg io n. By 2014, m or e t han 50% of en t er pr ises will use som e form of cont ent - aw are DLP capa bi li t y , but on ly 30% of t hem w il l hav e a com pr eh en siv e en t er prise cont ent aw ar e DLP solut io n or st r at eg y .

Market Definition/Description
Gar tn er defin es conten t- aw ar e data loss prev ention ( DLP) t echn ologies as those th at , as a cor e fun ction , perform content inspect ion of data at rest or in m otion, and can execute responses rangin g from sim ple notificat ion t o act iv e blocking based on policy set tings. To be con sidered, product s m ust support sophisticated detection techniques that extend bey ond sim ple key word m at ching an d regu lar ex pressions. Cont ent -aware DLP t ech nologies can be gener ally divided in to thr ee separat e cat egor ies: Ent e r pr ise co nt e nt - a w a r e D LP solut ions incor por ate sophisticat ed detection techniqu es to help organizations address th eir m ost cr it ical data protection requirem ents. Solut ions ar e packaged in agen t sof tw ar e for desktops and ser ver s, physical and virtu al applian ces for m onit or ing n et w orks, and agents and soft appliances for dat a discov ery. One of the leading characteristics of ent er prise content- aw are DLP solu tions in volves a centralized m anagem ent console, support for adv anced policy definit ion and ev ent m anagem ent w or k flow . D LP- lit e pr oduct s typically use few er and less soph ist icat ed det ect ion t ech niques, an d they support on ly a lim it ed num ber of prot ocols (for ex am ple, em ail, Web and FTP) . Deploym ents tend to be ex clusively endpoint or net work, or for dat a discover y only . Solutions t ypically hav e lim ited consoles supporting basic centr alized policies and very lim it ed ev ent m anagem ent if included at all. Cha n ne l D LP is a lim ited content- aw ar e DLP feat ur e set that is int egrat ed w ithin an ot her pr oduct t ypically em ail encr yption . Ch annel DLP in th is m ode is used to facilitat e t he end- user decision process t o questions su ch as " Should I en crypt th is em ail?" by doing t he analysis for th e user and aut om at ically deter m ining w hether encryption is applicable or r equir ed. Channel- DLP technologies ar e usually focused on a lim ited set of pr im ary use cases, m ainly regulatory com pliance. See " Guidelines for Selecting Con tent - Aw ar e DLP Deploy m ent Option s: En ter pr ise, Ch annel or Lit e" for a m ore detailed discussi on. The enterprise con tent - aw ar e DLP m ar ket has ex per ienced st eady growt h during t he past seven years, w it h content- aw are DLP deploy m ent s gr ow in g from 2010 ( $30 0 m illion) t o 2011 ( $42 5 m illion) t o 2012 ( $535 m illion) . Gar tn er estim ates t hat this m arket w ill reach $6 70 m illion in 201 3.
Ret u rn t o Top

This Magic Qu ad rant was dev el oped using Gar t ne r' s w ell- def ine d m et hod ol og y . Th is process in cor po rat ed t he foll ow in g t o gat her prim ar y da t a ab ou t each v en dor 's of fering: A cat egorizat io n sur v ey gat her ed a hi gh- lev el v iew ab ou t which v endor s shoul d be in cluded an d ex clude d f rom t he Magic Qu adr an t . A full sur v ey w as used t o coll ect det ai led in form at ion ab ou t t he v en dor an d it s offer in gs. Dem os w er e condu ct ed t o v iew t he of fer in g in act ion , an d v er ify el em en t s in t he su rv ey respon ses. Refer en ces w er e cont act ed t o gat her infor m at io n ab ou t t he cust om er ex per ien ce, v er ify elem en t s in t he sur v ey r esponses an d id en t ify an y ot her elem en t s of int er est bey ond t hose cov er ed in t he sur v ey . Guidelines f or respon din g t o t he full sur v ey w er e pr ov ided at t he t im e of issu e of t he sur v ey . Responses wer e of v ar ia bl e qualit y . Respon ses t hat wer e low er qu al it y ( for ex am ple , ign ored t he qu est io n, poor gr am m ar , in ab ili t y t o ex plain k ey concep t s, in abi li t y t o pr ov ide hi gh- qu al it y ex pl an at ion s of use cases, an d inab il it y t o go bey ond t echnical capa bi li t ie s an d dem on st r at e an und er st and ing of t he business en v ir on m en t ) or did not m eet t he guid el in es ge ner al ly t en ded t o scor e lo wer . One v en do r decli ned t o prov id e a su r v ey respon se or pa rt icipat e in an y ot her w ay . So m e v en do rs decl ined t o an sw er cert ai n que st ion s because of m ar k et r est rict ions an d, t her ef or e, di d not far e as w ell under som e of t he scor ing cr it er ia . Dem onst r at io ns w er e cr it ical , beca use t hey il lu st r at ed po in t s t hat ar e diff icult t o m ak e in wr it in g, an d prov id ed an op por t un it y t o illu st rat e feat ur es not ot her wise cov er ed in t he sur v ey . All sur v ey r esp on den t s pr ov ide d a pr od uct dem onst r at io n using a for m al sc ript pr ov ided by Gart ner . Dem on st rat ions w er e t er m inat ed af t er a set per iod of t im e, r eg ar dless of whet her t he en t ire scr ip t had been com ple t ed. The dem on st rat ion scr ip t s w er e int ended t o be difficult , but po ssible, t o com pl et e w it hi n t he t im e per iod in order t o force a focus on t he k ey aspect s w it h few ir rel ev an t di st ract ion s, an d also t o dem onst r at e w het her t he pr od uct was easy t o work w it h. Dem onst r at ion qu al it y v ar ied, r an gin g fr om v er y poor t o ou t st andi ng. We ask ed for fiv e r ef er en ces fr om each v en do r, an d each r ef er en ce cust om er was su pp lied w it h a st r uct ur ed sur v ey . Refer en ces w er e scor ed on t he ba sis of t he qualit y of t he refer ence an d w hat t he ref er en ce t ol d us. For each v end or , we t ak e in t o accou nt com m en t s fr om t hat v endor ' s own ref er en ces, an d w ha t ot her v en do rs' cust om er s sai d ab ou t t hat par t icular v en dor . For ex am ple, when sco ring Sy m an t ec, we t ook int o account what Sy m ant ec' s own cu st om er s said , as w ell as w hat t he cust om er s of ot her v en dor s said abo ut t heir ex pe rien ces w it h Sy m an t ec if t hey had an y . Scor es for ea ch v en dor were norm al ized . I f w e recei v e few er t han t hree ref er en ces for a v en dor , we scor ed m issi ng r ef er en ces as a "0." Vend or s can be not ably af f ect ed by t he ina bi li t y t o hav e sufficien t r ef er en ce cust om er s pr ov id e inpu t .

Magic Quadrant
Fi gur e 1 . Magic Quadrant for Content- Aw are Dat a Loss Prevent ion


Ability to Execute Pr odu ct / Se r vice : Cor e goods an d ser v ices of f er ed by t he v en dor t hat com pe t e in / ser v e t he def ined m ar k et . This in cludes cur rent pr od uct / ser v ice capabilit ies,

Source: Gartner (January 2013) ct=130104& st=sb


Magic Quadrant for Content-Aware Data Loss Prevention

Ret u rn t o Top

Seite 2 von 11
qualit y , f eat ure set s, sk ill s an d so on, w het her offer ed nat iv ely or t hroug h OEM ag r eem en t s an d par t ne rsh ip s, as def in ed in t he m ar k et def in it ion and det ai le d in t he su bcrit er ia . Ov er a ll Via bilit y ( Bu si ne ss Un it , Fi n an ci al, St r at egy , Or ga niz a t ion ) : An assessm en t of t he ov eral l or ga ni zat io n's fin an cial hea lt h, t he fin an cial an d pract ical su ccess of t he busine ss unit , an d t he lik el ih ood t hat t he ind iv id ual bu siness un it w il l cont inue inv est ing in t he produ ct , w ill cont in ue of fer ing t he produ ct an d will ad v an ce t he st at e of t he ar t wit hin t he or gan izat ion 's por t fol io of pr od uct s. Sale s Ex ecu t ion/ Pr ici n g: Th e v en do r' s cap ab il it ies in al l pr esales act iv it ies and t he st r uct ur e t hat suppor t s t hem . Th is includ es deal m an agem en t , pr icing an d neg ot iat io n, presal es suppo rt , an d t he ov er al l ef fect iv en ess of t he sales chann el . M a r k et Re sp onsi ve ne ss a nd Tr a ck Re cor d : Ab il it y t o respon d, chang e direct io n, be flex ib le an d ach iev e com pet it iv e succe ss as op po rt unit ies dev elop, com pet it or s act , cu st om er needs ev olv e an d m ark et dy nam ics ch an ge. Th is cr it er ion also consider s t he v en dor 's hist or y of respon siv en ess. M a r k et in g Ex e cu t ion : Th e clar it y , qua li t y , cr eat iv it y an d ef ficacy of progr am s desi gn ed t o del iv er t he or gan izat ion 's m essag e t o in fluen ce t he m ar k et , prom ot e t he brand an d business, incr ease aw ar en ess of t he pr od uct s, an d est ab lish a posit iv e ident ificat ion w it h t he pr od uct / br an d and organ izat ion in t he m in ds of bu y er s. This m in d shar e can be driv en by a com bi nat ion of pu bli cit y , pr om ot ion al in it ia t iv es, t hou ght leader ship, w or d- of - m ou t h an d sale s act iv it ies. Cu st om er Ex pe r ien ce : Relat ion ships, pr od uct s an d serv ices/ pr og ram s t hat en ab le clien t s t o be successf ul w it h t he pr od uct s ev al uat ed. Sp eci fical ly , t his includes t he w ay s cust om er s r eceiv e t ech nical suppor t or account suppo rt . This can also include ancill ar y t ools, cu st om er su pp or t progr am s ( an d t he qu al it y t her eo f) , av ail ab il it y of user gr ou ps, SLAs and so on. Op er a t ions: The ab ili t y of t he or ganizat io n t o m eet it s goals an d com m it m en t s. Fact or s include t he qu al it y of t he organ izat ion al st ruct ur e, in cludin g sk il ls, ex per iences, progr am s, sy st em s an d ot her v eh icles t hat en ab le t he or gan izat ion t o ope rat e ef fect iv el y an d ef ficien t ly on an ongo in g ba sis. Completeness of Vision M a r k et U nde r st a nd in g: Ab ili t y of t he v en dor t o unde rst an d bu y er s' w an t s and needs, an d t o t r an slat e t hose int o produ ct s and ser v ices. Vendo rs t hat sh ow t he high est degr ee of v ision list en an d un der st and buy er s' wan t s an d needs, an d can sh ap e or en han ce t hose w it h t hei r added v ision . M a r k et in g St r at e gy: A clear , differ en t iat ed set of m essag es consist en t ly com m unicat ed t hr ou gho ut t he or gan izat ion an d ex t er nalized t hr ou gh t he w ebsit e, ad v er t isin g, cu st om er pr og ram s an d posi t ion in g st at em en t s. Sale s St r a t e gy: Th e st r at eg y for selli ng pr od uct s t hat uses t he app r op riat e net w or k of di rect an d indi rect sale s, m ark et ing, serv ice, an d com m unicat ion af fil ia t es t hat ex t en d t he sco pe an d dep t h of m ar k et r each , sk il ls, ex per t ise, t ech nologies, serv ices an d t he cu st om er base. Of f er in g ( Pr oduct ) St r a t eg y: Th e v en do r' s appr oach t o pr od uct dev el op m en t an d del iv er y t hat em phasizes diff er en t iat ion , funct io nalit y , m et hod ol og y an d feat ur e set s as t hey m ap t o cur rent an d f ut ur e r eq ui r em ent s. Busi ne ss M ode l: The soun dness an d log ic of t he v en dor 's under ly in g bu siness pr op osit ion . V er t ica l/ I nd ust r y St r a t e gy: Th e v en dor 's st r at eg y t o di rect r esou rces, sk il ls an d of fer ings t o m eet t he specific needs of ind iv id ual m ark et seg m en t s, in cludin g v er t ical m ar k et s. I n nova t ion: Di r ect , relat ed , com ple m en t ar y an d sy ner gist ic lay out s of resou r ces, ex pe rt ise or cap it al for inv est m en t , consolid at ion , def en siv e or pr e- em pt iv e purposes. Geogr a ph ic St r a t eg y: The v en do r' s st r at eg y t o direct r eso urces, sk il ls an d of f er ings t o m eet t he specific needs of geograph ies ou t side t he "hom e" or nat iv e geograph y , eit her dir ect ly or t hr ou gh par t ner s, ch an ne ls an d subsidiar ies, as ap pr op riat e f or t hat geograph y and m ar k et .

Vendor Strengths and Cautions

CA Technologies
CA Technologies cont inu es to have a solid offer in g but st ruggles t o ar t icu lat e its value proposit ion clear ly out side of its core m arket of clients. CA Dat aMinder now incor porat es univer sal in dex ed sear ch ing using Autonom y's I nt elligent Data Oper at ing Lay er , addressing one of t he caut ions from last year's Magic Quadrant. CA Tech nologies is lookin g to build its m arket shar e by developing new offer ings target ed tow ar d deploym ents ou tside t he U.S. and also for new t echn ologies, such as cloud ser vices ( for ex am ple, th rough the DLP- as- a- service of fer ing) . St r e ngth s CA Technologies' focus on th e relat ionsh ip betw een iden tit y m anagem ent and DLP is am ong t he st ron gest . Support for m essaging infrastr uct ures rem ains a strong value point , and CA Tech nologies has a loyal cust om er base in the finan cial sectors. Support this year for finger print ing/ data registration is a welcom ed addit ion to a com prehensiv e and globally localized rich product featur e set and policy language. Clients cont inu e to r epor t t hat CA Technologies' global sales and su ppor t ar e st rong buying criteria. Caut ions Cust om er s com m ent th at CA Technologies' policy and ev en t m anagem ent funct ion is not as int uit iv e or as easy to use as that of com pet it ors w it h sim ilar capability set s. Alth ough all t he com ponent s required t o support com preh ensiv e ev ent m an agem ent and workflow ar e present in the offer ing, t he interface lacks finesse and clarit y, resultin g in an of fer ing t hat appear s less than full- feat u red. Although its policy langu age is com prehensiv e, it is m inim ally docum ented, which result s in added com plex ity in policy definition and t unin g tim e for advanced deploym en t sce nar ios. CA Technologies' int er face, w hich w as a w eak point last year , has im pr ov ed in the past year an d ref lects som e of t he com m on client feedback; however , it is st ill considered by Gar tn er t o be dat ed in design, an d clients continue to repor t that it is dif ficult t o use.
Ret u rn t o Top

Code Green Networks

Code Green Netw orks continues t o lag behin d in the growt h and ev olution of it s pr oduct offer ing, as com pared w ith oth er vendor s r ev iewed in th is Magic Quadrant. Alt hough Code Green has init iat ed inv est m en ts int o creat ing an enter pr ise- grade ver sion of it s offering during th e past sev er al year s, it s ov er all DLP product cont inu es to be pr im ar ily geared to sm all and m idsize deploym ents w it h low com plex ity u se cases. Code Green's ch an nel relat ionship w it h Blue Coat Syst em s is ex pan ding into a techn ology int egrat ion w it h Blue Coat product s, in w hich Code Green's of fer ing will have a su ppor t ing role in a channel- DLP deploym ent context. This chan nel-DLP appr oach seem s to be em erging as a m ore con sistent t hem e ov er all in the way Code Green per ceives itself and it s value to clients. St r e ngth s Code Green im pr ov ed it s endpoint capabilit y in 20 12 to support aut onom ous local dat a discover y scann ing, w it hou t requir ing a connect ion to an available net w ork appliance t o con duct th e actu al content analy sis. Code Green's sim ple- t o- use interface and w orkflow for USB control facilit at e th e t rigger ing of user actions an d j ustificat ions when copying cont ent to USB. I ts solu tion supports a nat iv e dat a encry ption capabilit y . Caut ions Minim al addition of advanced DLP capabilit ies or in tegration with relat ed risk com pliance, identity and access m an agem ent , or enterprise digit al righ ts m anagem ent / infor m at ion rights m anagem en t solut ions is resultin g in a basic DLP offer in g that supports only the core needs of a prim arily U.S.focused r egulatory com pliance client base. Although Code Green previously h ad y ielded strong capabilities in DLP f or int er national deploym ents, lack of cont inued in vest m ent h as all bu t st alled deploy m ent s beyon d Japan an d I ndia. Code Green's offer in g is best- su it ed for sm all an d m idsize deploy m ent s w ith low - com plex ity use cases due to w eak repor t ing capabilit ies an d task- heav y quar antine functions, wh ich can necessit at e m anual adm inistrative interven tion for each ev ent .
Ret u rn t o Top

Fidelis Cybersecurity Solutions

Fidelis Security System s w as acquir ed by Gen eral Dynam ics in August 2 012 ( see " Gen er al Dy n am ics Deal Will Accelerat e Ev olution of Fidelis' Mar ket Focu s" ) an d renam ed Fidelis Cyber securit y Solutions. This is t he only acquisition r epor ted in t he conten t- aw ar e DLP m arket in ov er t w o y ears. Fidelis w ill continue to oper at e as a stand- alone com pany un der Gen er al Dynam ics and h as in tegrated Gen er al Dy nam ics' security co nsulting organization as par t of its team of consu lt ant s. Fidelis cont inues t o of fer one of t he strongest and h ighest- th rou ghput net w ork DLP capabilities available in the m arket t oday . Clients report using Fidelis' content- aw ar e DLP of fer ing t o prot ect again st infor m at ion loss from n et w or k com m unications going out side t heir ent er prise and from tar geted ex t er nally sourced t hreats. Fidelis has been investing significant ly in enhancing its advanced per sistent thr eat -m anagem ent- lik e capabilit ies t o ex pan d it s r ole in protecting against ex t er nal threat s. Fidelis has an OEM par tner ship w it h Verdasys, w her e Verdasys of fer s integrat ed Fidelis DLP and cyberthr eat def ense capabilities w ithin its m anagem ent console. Gen er al Dy n am ics, Fidelis an d Verdasy s h av e all st ated publicly an d to Gar t ner their j oint int ent to cont inue th is relat ion ship. Although ct=130104& st=sb


Magic Quadrant for Content-Aware Data Loss Prevention

there are alw ays risks associated with acquisit ion s of this n at u re, it is Gar tner 's belief that t he ex isting relat ion ship w ill con tin ue as is for at least the nex t 12 m ont hs. St r e ngth s

Seite 3 von 11

2 013 Gart ner, I n c. and/ or it s aff iliat es. All r ight s r eser v ed . Gart ner is a regi st er ed t radem ar k of Gart ner , I nc. or it s af filiates. This publicat ion m ay not be r ep roduced or dist r ibut ed in an y fo r m without Gart ner s Fidelis has one of the st rongest cont ent in spection and n et w ork t hroughput capabilit ies available in pr ior wr itt en pe rm issi on . Th e in fo r m at ion con tained in a conten t- aw ar e DLP applian ce. t his publicat ion has be en obtained fr om sour ces believed t o b e r eliab le. Gar tn er disclaim s all warr an t ies as t o t he I ts dif fer entiat ing approach em phasizes prot ect ing from ex ternal t hreat sou rces, in addition to accu r acy, com plet en ess or ad eq uacy of su ch inform ation tradit ional in ter n ally sou rced DLP. and shall hav e no liab ilit y for er rors, om ission s or I ts product road m ap pr ov ides ev idence of strong v endor responsiveness and a pr ocess th at inadeq uacies in su ch infor m at ion. Th is publicat ion enables cust om er s to influence product direction. con sist s of t he op inions of Gart ner s r esea rch organizat ion a nd sh ou ld not be constr ued as st at em en t s Fidelis' m alware pr ot ect ion capabilities ar e a differ ent iator. of fact . Th e opinions expressed her ein are subj ect t o ch an ge wit hou t not ice. Alt hough Gart ner resear ch m ay include a discu ssion of r elat ed leg al i ssues, Gart ner doe s Caut ions not pr ovide leg al ad vice or ser vices a nd it s r esear ch The Fidelis offer ing can easily suppor t sim ple DLP regu lator y com pliance deploy m ent use cases; sh ould not be const rued or u sed as su ch. Gar t ner is a however , th er e ar e low er - cost an d sim pler alt er natives av ailable in th e m ar k et . public com pan y , an d it s sh ar eh older s m ay include firm s and fun ds t hat have financial int er est s in en tities cov er ed Although t he product prov ides in du st ry- leading content detection and ev ent analysis, w or kflow in Gar tn er r esear ch. Gar t ner s Boa rd of Dir ect or s m ay and ot her adm inistrative funct ions ar e m or e basic in com parison w it h en ter prise cont ent- aware include sen ior m anag ers of t hese firm s or fu nds. Gart ner DLP v endors. r esear ch is pr od uced indep enden t ly by it s resea rch Even t severit y is not granu lar an d does n ot take into accoun t event det ails to the ex t ent th at som e organizat ion w it hou t inpu t or influ en ce from t hese f ir m s, funds or th eir m anag er s. For fur t her i nfor m at ion on t he ot her of fer ings do. indepen den ce and int eg rit y of Gar t ner resea rch, see Although Gen er al Dynam ics has an nou nced that t he relat ionsh ip bet w een Fidelis and Verdasys Gu iding Pr inciples on I ndep en de nce an d Ob ject ivit y on

along with the cu rrent DLP road m ap will not change, ex ist ing cust om er s sh ould under stand that t her e ar e alw ay s inher ent risks durin g a change of ow ner ship.
Ret u rn t o Top

GTB Technologies
GTB Technologies provides a com plet e cont ent -aw ar e DLP solution set t hat offers capabilit ies to suppor t bot h regulatory com pliance and intellectu al property ( I P) use cases using endpoint, netw or k an d discover y . Most deploym ents ar e w it hin sm all or m idsize bu sin esses ( SMBs) that rely on a r elatively sm all t eam of adm inistrators to su pport their users. St r e ngth s Clients repor t that GTB is very responsive and adaptive to th eir deploym ent needs. GTB is am ong a ver y sm all set of con tent - aw ar e DLP v endors that have int egrat ed enter prise digital rights m anagem ent/ in for m at ion r ights m anagem ent rem ediation capabilit ies dir ect ly within their DLP solutions. GTB's inv est m ent in enhan cem ent s t o their UI h as result ed in im proved ease of use w hen deploying policies acr oss any com bin at ion of net w or k, endpoint or discover y. The v endor is focusing on m ak ing t he solution clou d-r eady. GTB's content- aw are DLP capabilities for a vir t ualized envir onm ent w er e high ly r at ed by client s. Caut ions GTB's produ cts are focused on techn ical capabilit ies, rat her than w or k flow an d providing sim plif ied m eans of addr essing business concer ns ov er dat a loss. Alt hou gh th is approach has it s m er it w ith sm aller or ganizat ions, lar ger deploy m en ts m ust em phasize the business unit's role in contentaw ar e DLP deploym ents, w hich can be m or e dif ficult t o r ealize w ith t he ex isting offer in g. Although GTB m ade significant im provem ent s in its UI , Gartner assesses that t he over all solution m aint ains an inconsistent look and feel across the var ious pr oduct com ponent s. Gar tn er assesses th at the reporting and au dit logging ar e basic w hen com par ed to com pet itors selling t o lar ge en ter pr ises. The solut ion only provides access t o event s, rather th an prov iding a relat ion ship w it h risk- based reportin g.
Ret u rn t o Top

I nfoWat ch is a Russi an- based conten t- aw ar e DLP vendor t hat has sold solutions in Russia since 2 004. I nfoWat ch began it s internat ional sales expansion du ring the past year , and is showing good product capabilit y dev elopm ent, innovat ive features and a relat iv e high lev el of m at urit y for a n ew product . Although it is not quite ready t o be called enter prise- grade, it prov ides signif icant ly m ore capabilities than m ost DLP- lite offer ings in the m arket . I nfoWat ch has established an ear ly t rack record of happy cust om er references, w hich included ty pical content- aw are DLP adopters in t he banking sect or , bu t also included ent er tainm ent an d m edia or ganizat ions, w hich is not as typical. As w ou ld be ex pected, I nfoWat ch's cu st om er base was prim ar ily located out side of North Am er ica, but efforts are being put into place t o su pport sales ex pansion via par t ner s and reseller s. St r e ngth s I nfoWat ch offer s st rong language and in ter n at ion alization support. I t supports USB dev ice m onit or ing. I ts color- codin g of ev ent type and sev er ity is inn ov ativ e. Sensitiv e data substitution is suppor ted u sing sh adow copies of files. The or igin al is ret ained, yet the sensitive con tent is r em oved before it hit s t he presentation lay er . Caut ions Although its over all of fer ing dem onst rat es prom ise, it is st ill in an early stage, w it h basic netw or k and endpoint capabilit ies and no cu rrent support for dat a discov ery. I nfoWat ch's product does not have built- in policies. I t prov ides in dust ry- specif ic content filtering dat abases, w hich clien ts can either use t o creat e th eir ow n policies or engage w ith t he vendor t o build policies on their behalf. I ts console and policy engin e are basic. Con tent inspection and det ection ar e lim ited and do not inclu de adv anced det ection m echanism s. I nfoWatch uses a m ultistep scr ipt ing pr ocess using a flat ct=130104& st=sb


Magic Quadrant for Content-Aware Data Loss Prevention

file containing policy definit ions. The process r equir es contact ing v endor suppor t to create new policies. This can r esu lt in sev er e client dissatisfact ion over the disclosure of the nature of t he content- aw are DLP in spection clien ts want to per for m . Logging relies on Oracle Dat abase and is not nat iv ely int egrat ed.
Ret u rn t o Top

Seite 4 von 11
it s web sit e,

Now part of I ntel, th e McAfee content- aw ar e DLP solu tion h as under gone signif icant im prov em ents since th e publishing of the prev ious content- aw ar e DLP Magic Quadrant. Alt hough the over all of fer ing does n ot possess som e of th e im pressive niche use-case feat ures provided by som e of it s com pet ition, sever al of the st andard feat u res inclu ded w it hin the produ ct of fer ing are bet t er t han it s com pet it ors. The k ey different iator , out side of t he McAfee ePolicy Orchestrator ( ePO) int egration, rem ains the capture dat abase. This cent ralized inven tor y of act iv ity data is used in t he testing an d st ream lining of new policies to address possible false positiv es and t o reduce deploym ent t im e. Cust om er sat isfaction was an issue in prev ious Magic Quadrant s for McAfee, and the ven dor continues to score relativ ely low in this ar ea. Clients also r epor ted con cer ns ov er long- term product innovation under I ntel' s ow ner sh ip of McAfee. At th e en d of 20 11, th er e was a significant r educt ion in t he over all size of th e cont ent - aw ar e DLP t eam becau se of in ter n al realign m en t. This is in shar p contr ast w it h other vendors in this m arket that m ade an d continue to m ak e signif icant inv est m en ts in their core t eam and adj acen t product head cou nt. Alth ough this situat ion h as been corrected during 20 12, an d the dedicated st aff count has increased, it cont inu es to be sign ificantly below t he lev els of other vendor s in t he Leader s quadr ant . St r e ngth s McAfee's case m anagem en t w orkflow is one of th e st rongest in t his m ar ket, an d enables both com m ent s and extra docum ents t o be added or delet ed from the case recor d as requ ir ed in the dif fer ent st ages of ev ent m an agem ent . Detection on non tex t cont ent ( for ex am ple, pictu res) is based on both the content and m et adat a. I ts endpoin t DLP product can be deployed in a st and- alone configuration. Feat ures geared t ow ar d em er gin g platform s, such as social m edia and m obile dev ices, w er e notably good. The capt ure database, wh ich allow s for prev iou sly captur ed dat a to be u sed for an aly sis and testing new rules, is an innovat iv e an d distinct iv e featur e th at has been w ell- received by clien ts and continues t o be reported as a leadin g feat ur e for client s adoptin g the McAfee con tent - aw ar e DLP solution . Caut ions The r edaction function eit her encrypts sensitive conten t ( netw or k ) or replaces files w it h placeh olders ( endpoint) . I t does not m ain tain t he integrit y of t he conten t, because it sim ply replaces the sen sitiv e portion with substitut ed t ex t. McAfee cont inu es to have a basic offering for virtualized env ir onm ents. Alt hough Gar t ner obser ves that t he technology is u sed in vir t ualized envir onm ent s by som e cu st om er s on an ex per im ental basis, it was not officially suppor ted by McAfee at the tim e of this analy sis. McAfee's approach t o vir tualizat ion is not as w ell- ar t iculated as som e of its com petit or s. Cust om er s hav e expressed to Gar tn er som e frust ration w ith McAfee's support for th e m anagem ent of in cidents in t er m s of both capacit y an d or ganizat ional capabilities. A var iet y of m inor issues reported by client s suggests room for im provem ent in qualit y assu ran ce, inclu ding r epor ts that u pdates, for exam ple, have on occasion brok en existin g feat ur es, and t hat produ ct docum entation is not t o t he standar d of its peer com pet it or s because of out dat ed or incom plete conten t.
Ret u rn t o Top

Palisade Systems
Palisade Sy stem s' Packet Su re DLP offer ing has h ad only m inor capability enhancem en ts in the past year. Product capabilities rem ain firm ly w ithin th e t raditional regulatory com pliance segm ent of contentaw ar e DLP deploym ents. The offer ing su ppor t s n et w ork, endpoint and agent- based discov ery funct ions. The Packet Sure DLP appliance solution com bines URL filt er ing, I M proxy, applicat ion filter ing and em ail/ Web proxy in a single offer in g at an SMB- friendly price. Leading cust om er deploym ents include presence in t he h ealthcar e, financial services and edu cat ion sect or s. St r e ngth s Sim plicity of deploy m ent an d in tegration with Web an d m ail secur it y services rem ains a h igh not e for Palisade client s. Palisade provides a reasonably com prehensive list of def ault policies that is directly applicable in a regulat or y com pliance deploym ent use case. Palisade su ppor t s em ail encr yption solu tions ( for ex am ple, Pret t y Good Priv acy , Volt age Securit y and Cisco- I ronPor t ) for autom ated rem ediation. Although t he Palisade of fer ing is not as t ech nically soph isticat ed as t hat of other vendor s, cust om ers tend to be v er y happy with their deploym ents. Caut ions Although t he product is com petit iv e w it h in the SMB space, lack of signif icant in vestm ent in t he dev elopm ent of m or e adv anced capabilities and m ore stream lin ed m anagem ent r esu lt s in a produ ct that h as lim ited appeal beyond low- com plex it y SMB deploym ents. Gar tn er assesses th at the m anagem ent inter face is not as intuitive or as easy t o use as it could be for t he SMB m arket segm ent. Defau lt policy m odificat ions and policy updat es ar e reported as som ew hat aw kw ar d and can be confu sin g for t he t ypical par t- tim e adm inistr at ors in an SMB envir onm ent . The m askin g of sensitive data from unauthorized users in t he m anagem ent in ter face is st ill not supported. ct=130104& st=sb


Magic Quadrant for Content-Aware Data Loss Prevention

The m ar k et in the low- com plex it y DLP deploym ents is becom ing cr ow ded w ith offer ings from channel- DLP and DLP-lit e solution provider s ( see The Tren d for Channel- DLP and DLP- Lite section ). Alt hou gh Palisade cont inu es to represen t v alu e t o its client base, Gar tner believes signif icant capabilit y and pricing pressu res for t he n ew of fer ings w ill have a direct im pact on Palisade's abilit y t o grow its client base.
Ret u rn t o Top

Seite 5 von 11

RSA, The Security Division of EMC

The offer ing from RSA, The Security Division of EMC, has had significant im provem ents since t he prev iou s con tent - aw ar e DLP Magic Qu adrant. I nt egrat ion of the DLP solution w it h Ar cher an d NetWitness provides a notable v alu e t o client s alr eady using t hese offerings w it hin their environm en ts. The u pdated UI appears to be the result of a deep rev iew an d an aly sis of h ow cust om er s ty pically use the product . Alt hough repor t capabilities h av e advanced, they ar e not quit e yet at t he stage w here t rue risk- based repor t ing is av ailable out of the box. The OEM agr eem ent with Cisco's I ron Port em ail encryption of fer ing continues to be st ron g, and a sim plif ied upgrade pat h fr om the I ronPort RSA of fer ing to th e full RSA ent er prise solut ion h as been av ailable since ear ly 20 12. St r e ngth s The stated RSA v ision an d product dev elopm ent plans ar e am ong th e m ost com plete of any vendor. I f well-executed, t hey could present a seriou s ch allenge t o Sym ant ec ov er t he n ex t few years. Flex ibilit y and scalabilit y of RSA's data discover y capabilit ies cont inu e to be am on g the best in t he m arket . RSA has a st ron g focus on virtu al desk top infrastru ctu re and m obile with good virtualized environm ent capabilit ies. I t dem on str at ed a clear under standin g of th e issues ar ound DLP capabilit ies in t he cloud. I ts new m an agem ent int er face is significan tly im proved and provides new capabilities t hat ar e focused on assistin g large or ganizat ional deploy m ent s, in addition to m ore com prehensiv e opt ions for def ining adm inistrativ e roles. Repor t ing capabilit ies out of the box target line of business (LOB) audiences, in addition to ot her tradit ional audiences ( for ex am ple, techn ology practit ioner s) . Caut ions RSA is on e of a few DLP solut ions that do not digit ally sign their logs and records, w hich is odd for a vendor w it h a st rong focu s on Ar ch er and NetWit ness integrat ion . Substitut ion of sensit iv e infor m at ion occurs during th e presen tat ion of t he ev en t record and is a w eaker appr oach than som e other ven dor s. The endpoint agent cont inu es to be basic, and clients reported per for m an ce and accu racy issues w it h using som e of the advanced cont ent finger printing capabilities on the endpoint .
Ret u rn t o Top

Sym ant ec ret ains a leadership position again for this y ear; how ev er , the com pet ition is closing the technical gap. The product offering continues t o be com posed of a solid base of com ponen ts, and it also prov ides a st ron g m ix of new feat u res focused on integrat ing DLP capabilities in disr uptive t echnologies, such as cloud, m obility and virtu alized en vir onm ents. Although Sy m antec had a significant focus on regulat or y com pliance deploym ent use cases in t he past , produ ct enhancem en ts hav e pushed I P prot ection w ith this con tent - aw ar e DLP offer ing as a st rong value. I ts product road m ap vision has been developed with signif icant custom er en gagem ent and is am on g the m ost aggr essiv e in th is m arket . As a result , client ex pect at ion s are v er y high for fort hcom ing enhancem ents. Alt hough Sy m antec is sim ilar to other vendors in that plan ned product road m ap featur es occasionally ar e delay ed, the im pact of t hese delay s t end to be m or e com poun ded in th e m inds of Sy m antec clients. Clients ar e rem inded t o alw ays consider any pr oduct acquisition based on ex istin g fun ction ality to ensure that all t heir requ ir em ent s ar e m et w it h t he cu rrent capabilit y set. Sy m an tec's new CEO has in dicated that t he com pan y plans to roll out new st rat egies in the fir st quar ter . At t his tim e, Gar tner does n ot believ e th at these will im pact Sym ant ec' s cu rrent conten t- aw ar e DLP of fer ing. St r e ngth s Cont ent -aware DLP for tablet s has been signif icantly im proved and is on e of t he top capabilit ies discussed by clients. Cont ent ex t raction capabilit ies have also been advanced and prov ide a m or e com prehen sive solut ion t o address I P pr ot ect ion deploy m ent s. I ntegrat ion of native DLP capabilities within other Sy m antec product s (such as Dat a I n sigh t) is reported as a key acquisit ion cr it erion by clients. Caut ions Sym ant ec has an im pressive road m ap, but clien ts report concer ns with on- t im e deliv ery of som e road m ap feat ures. Sym ant ec ex plains that it pr iorit izes agilit y t o n ew m arket conditions over a fixed road m ap; how ev er , client ex pectations ar e not alw ay s r ecalibrat ed accordingly as changes occur . Although t he m an agem ent console is fully funct ional, it is n o lon ger com pet itively th e st andout in Gar tn er - obser ved select ion s. Many of Sym antec' s refer ence cu st om er s com plained t o Gar tner th at support for th e past 12 to 18 m onth s h as not fully m et their expectat ions. Concerns were r aised over tr ouble t icket s rem aining w it h first -lin e su ppor t for longer periods than w ould be ex pected before bein g escalat ed. Although Sym ant ec has incr eased its su pport st aff by 29% in 2 012 ov er 20 11 lev els, it w ill t ak e som e tim e for t he r am p- up to result in bet ter satisfact ion sco res. Final deal pricing continues t o be at t he upper- prem ium end wh en com par ed to alt ernat iv es.
Ret u rn t o Top

Trustwave ct=130104& st=sb


Magic Quadrant for Content-Aware Data Loss Prevention

Trust wave obt ain ed a com prehensiv e set of endpoint , net work and discov ery capabilities wh en it acquir ed Vericept in 2009 ; however , t he product h as seen very lit tle in term s of u pdates or enhancem ents since. Trust wave tar gets the cor e com pliance deploym ent m arket w it h th is of fer ing, w hich has rem ained very stable in t er m s of requirem ents in t he past sever al y ear s. St r e ngth s Core technology at the heart of the of fer ing t hat can support com plex use cases. Trust wave int egrat es it s secure Web gat ew ay , SI EM and conten t- aw ar e DLP of fer ings int o a single security solut ion. I ts m anagem en t con sole prov ides good dashboar ds an d w or k flow . Although t he offer ing com es with predef ined regu lat or y com pliance an d accept able use- case policies, the CANDL scripting language can be used t o creat e cu stom policy sets; however , Trust wave' s current tar get m ar k et will ty pically only lever age t his capability in a m inim al w ay. Caut ions Trust wave' s pr oduct still does n ot su pport dou ble- byt e char act er set s. Gar tn er sees t he Trustw av e client base as focused prim ar ily w it h in regulat ory com plian ce use cases and m or e specif ically with a sw eet spot on PCI requ ir em en ts. I n vest m ent in pr oduct enhancem ents that would ex t end cor e capabilities beyon d th is target m ar ket has been m inim al thu s, lim iting its appeal t o ot her pot ential clients. I ts prepackaged su it e of policies is lim it ed. Addit ional policies ar e only offer ed on a dem and basis.
Ret u rn t o Top

Seite 6 von 11

Verdasy s con tin ues to focus on I P u se cases w it h an offering that provides str ong auditin g and w or kflow. Managem ent console in tegration with Fidelis applian ces provides a fu lly rounded set of endpoint , net work and discovery capabilities. A new m anaged ser vice offerin g increases t he appeal of the solu tion to or ganizat ions that do not want to operat e a DLP solut ion in- hou se. Verdasy s h as an OEM partn er sh ip w ith Fidelis, w her e Verdasys of fer s integrat ed Fidelis DLP and cyberthr eat def ense capabilities w ithin its m anagem ent console. Fidelis w as acquir ed by Gen er al Dy nam ics in Au gust 20 12. Gen eral Dy nam ics, Fidelis and Verdasys hav e all st at ed publicly and t o Gar tn er t heir j oint inten t t o continue this r elationsh ip. Alt hough there ar e always risks associat ed w it h acquisit ions of this nat u re, it is Gartner's belief that the ex isting r elationsh ip will cont inue as is for at least th e next 12 m on ths. St r e ngth s Verdasy s h as a str ong capabilit y set for supporting com plex I P protection deploym ents. I ts new investigat ion m odule provides nat iv e capabilit ies for str eam linin g and supporting inv est igations. I t offer s adv anced loggin g an d auditing fu nct ions, and has bu ilt- in support for EU privacy cont rols. I ts su ppor t for Linux an d Apple deskt ops is a unique capability in this m ar ket . Verdasy s offer s st ron g su pport for virtu alized en vir onm ent deploym ents. Managem ent console suppor t t o m an age Fidelis appliances cr eat es a full- featured offer ing with best - of -br eed com pon ents. Verdasy s h as a m an aged ser v ice offering opt ion for or ganizat ions that do not w ant t o operat e a DLP deploym ent. Caut ions Gar tn er client s h av e reported situations w her e som e issu es hav e taken a long tim e to resolv e an d that external assist ance can be requir ed to bring outst anding issues t o resolution. Becau se of deep int egrat ion of Ver dasys capabilities within endpoint OS and applicat ion environm ents, Gar tner clients report that softw ar e updates an d upgrades typically require m ore testing t han with ot her softw ar e offerin gs t o ver ify capabilit y support and to ensu re m inim al im pacts of ch anges on oper ations. Although Gen er al Dynam ics has an nou nced that t he relat ionsh ip bet w een Fidelis and Verdasys along with the cu rrent DLP road m ap will not change, ex ist ing custom er s sh ould under stand that t her e ar e alw ay s t he u sual inher ent risks during an y change of own er sh ip.
Ret u rn t o Top

Websense's DLP offer in g has im proved consist ently for the past sev eral years and has been am ong th e m ost fu ll- feat ured DLP solutions available in t his m ar k et . I t of fer s a good blend of endpoint , net w ork and dat a discover y capabilities. This y ear, it has in troduced enhanced capabilities t o support m obile dev ices and also t he abilit y to use advan ced per sist ent th reat feat u res w it h in the DLP solution to bet ter ev aluate risks. St r e ngth s Websense of fer s a fu ll-feat ured DLP solution that supports endpoint , net work and data discover y . I ts " drip DLP" feat ure m onit or s for slow leaks of inform at ion over a long per iod of tim e. Websense has a st rong policy engine w it h good r em ediat ion options. I ts opt ical ch ar acter recognit ion ( OCR) capabilit ies identify sensit iv e cont ent within sca nned docum ents. Caut ions I ts redact ion capabilities ar e only supported for dat a at rest . Websense has been in a leader ship role within t he conten t- aw ar e DLP m arket for sev eral years; however , it appears t o Gartner th at it s product road m ap is show in g signs of slow er feat ur e adoption when com par ed to th ose of its com pet itors. This cou ld im pact it s futur e appeal to clients and it s over all position in t he m ar ket . ct=130104& st=sb


Magic Quadrant for Content-Aware Data Loss Prevention

Ret u rn t o Top

Seite 7 von 11

Vendors Added or Dropped

We review and adj ust our inclusion crit er ia for Magic Quadrants and Market Scopes as m ar k et s ch ange. As a result of t hese adj ust m en ts, t he m ix of vendor s in any Magic Quadran t or Mar ketScope m ay change ov er tim e. A v endor appear ing in a Magic Quadrant or Mar ket Scope one year and not t he nex t does n ot necessar ily in dicate that w e hav e ch anged ou r opinion of th at vendor. This m ay be a ref lection of a change in the m arket and, t her efore, ch anged ev aluation criter ia, or a ch ange of focu s by a vendor.
Ret u rn t o Top

I nfoWat ch, based in Russia, is a new entr ant in the 20 13 Magic Quadran t.
Ret u rn t o Top

Trend Micro has been in t he process of w in ding dow n its st and- alon e en ter pr ise DLP solut ion and has announced end- of- sale for t his product . Trend Micr o has m igrat ed t o a strategy of em beddin g it s DLP capabilities w ithin its endpoint an d gat ew ay solut ions. This is consider ed a chan nel-DLP approach and, at this tim e, does not m eet the in clusion criter ia for t his Magic Quadr ant . Safend was acqu ir ed by Wave Sy st em s and did not m eet th is year's in clusion criter ia.
Ret u rn t o Top

Inclusion and Exclusion Criteria

This Magic Quadr ant is restr ict ed t o enterprise conten t- aw ar e DLP produ cts. Vendor s are included in this Magic Quadrant if t heir offerings: Can detect sensit iv e cont ent in at least tw o of netw or k tr affic, data at rest or endpoint oper at ions Have a relat ively soph ist icat ed, cen tralized policy an d ev ent m an agem ent console Can detect sensit iv e cont ent using at least three of the follow ing content- aw ar e det ection techniques, including partial and ex act docum en t m at ching, st ruct ured dat a finger pr int ing, st at ist ical analy sis, ex t ended regular expression m atch ing, and conceptu al and lex icon analysis Can support t he det ection of sensitive data cont ent in st ruct ured and u nst ructured dat a, using registered or descr ibed dat a def initions Can block, at m inim um , policy violat ions that occur v ia em ail com m un ication Wer e gener ally available as of 29 February 2 012 Vendor s m ust also be det erm ined by Gar t ner t o be significan t play ers in the m arket , because of m ar ket presence or t ech nology inn ov ation: Although Fidelis does not str ictly m eet these cr iter ia because it is a netw or k- only cont ent- aware DLP appliance solution , we hav e included Fidelis in the Magic Quadrant for th e follow ing reasons: Fidelis' product has a particular ly im pressiv e det ection capability. Client inquiries and deploym ents su pport Fidelis as being a viable alt ernat iv e to enter pr ise DLP offer ings. The r elationship bet w een Verdasys and Fidelis is su ch that inclusion is w ar r ant ed.

Vendor s are excluded from t his Magic Quadr ant if th eir of fer ings: Use only sim ple dat a det ect ion m ech anism s ( for ex am ple, supporting only key word m at ch ing, lexicons or sim ple regular ex pression s) Have netw or k -based functions t hat su pport few er th an fou r protocols ( for ex am ple, em ail, inst ant m essaging and HTTP) Prim arily su ppor t DLP policy enforcem en t via conten t t ags assigned t o obj ects
Ret u rn t o Top

Evaluation Criteria
Ability to Execute
Ability t o Execute is ranked according to a vendor's ability to provide to th e m ar ket a cont ent- aware DLP pr oduct t hat m eets cust om er feature/ funct ion capabilit y requirem ent s, as w ell as their abilit y to deliver and ex ecut e t he product w it h a high lev el of ser vice guarant ee and cu stom er support. Vendor rat ings ar e m ost influenced by the vendor ' s under st anding of the m arket , it s pr ocesses for solicitin g cu stom er feedback, an d the ex perience of th e cu st om er . We also take into accoun t t he av ailabilit y of solut ions for em er gin g platform s, such as clou d and m obile dev ices. Weigh ts ar e su bj ect iv e an d contextual. Reader s w ho conduct th eir ow n RFI s m ay ch oose t o change w eight s to suit the needs of t heir business an d their industry : Pr oduct / Se r v ice com par es t he com pleten ess an d appropriateness of core cont ent - aw ar e DLP technology capability. This is the m ost ex haustive of all of the assessed criteria. Sa le s Ex e cu t ion / Pr icing com par es t he strength of a vendor's sales, par tner ships, sales channels, deploym ent plans, pricing m odels and indust ry su ppor t. M a r k e t Re sponsiv e ne ss a nd Tr a ck Re co rd reflects how vendors respond to custom er feedback by assessing per form ance again st prev iou s pr oduct r oad m aps, cont ent of fut ure produ ct road m aps and t he cultiv at ion of strat egic advant ages. Custom e r Ex pe r ie nce is a com bined rat ing of the m ater ials prov ided t o custom ers w hen t hey purchase t he t echnology and, m or e significan tly , what cu stom er s t ell us about their ex per iences good or bad w it h each ven dor . ct=130104& st=sb


Magic Quadrant for Content-Aware Data Loss Prevention

Ope r a t ion s assesses the ability of the vendor t o prov ide support acr oss all aspects of th e cust om er en gagem ent dom ain.

Seite 8 von 11

Ta ble 1 . Ab ility to Execut e Ev aluat ion Crit er ia

Eva lua t io n Crit er ia W e ig h t in g

Prod uct/ Ser vice Over all Viabilit y ( Business Unit , Financial, St rat egy, Or ganizat ion ) Sales Execut ion/ Pricing Market Responsiven ess an d Track Recor d Market ing Execution Cust om er Experience Oper at ion s

High No Rating High St an dard No Rating High High

Source: Gartner (January 2013)

Completeness of Vision
The Gar tner scor ing m odel fav ors providers t hat dem on str at e Com plet eness of Vision in t er m s of st rat egy for the fut ure and th e Ab ility to Execut e on t hat vision. Gar tner continues t o place stronger em phasis on technologies t han on m arket ing and sales st rat egies. Com plet eness of Vision is ranked accor ding t o a v endor's ability t o show a com m it m ent to con tent aw ar e DLP technology developm ents in an ticipation of user w ant s and needs th at turn ou t t o be on target with the m arket . A clear under st anding of the business needs of DLP cu st om er s even those that do not fully recognize those needs them selv es is an essen tial com ponent of t hat vision. This m eans that vendors should focus on enter pr ises' business- and r egulation- driven needs t o ident if y, locate and control the sensitiv e data st or ed on their net w orks and passin g their boun dar ies. Our Com plet eness of Vision w eightings ar e m ost influ enced by four basic cat egor ies of capability: net work per form ance, endpoint per for m an ce, discovery perform ance and m anagem ent consoles. Weigh ts ar e su bj ect iv e an d contextual. Reader s w ho conduct th eir ow n RFI s m ay ch oose t o change t he w eight s to suit the needs of t heir business an d their industry : M a r k e t Unde r st a nding is rank ed th rou gh obser v at ion of th e degr ee to wh ich a ven dor's produ cts, road m aps and m issions ant icipat e leading- edge thinkin g about buyer s' w ants an d needs. I ncluded in this criter ion category is how buyer s' wants an d needs are assessed and t hen brou ght t o m arket in a product ion- ready of fer ing. M a r k e t ing St ra te gy assesses wh et her a ven dor under stands it s differ entiat ion from its com petit or s and how w ell th is fits in w it h how it thinks th e m ar ket w ill ev olv e. Sa le s St r a t e gy ex am ines the ven dor ' s strategy for sellin g produ cts, in clu ding t heir pricing st ruct ure and their partnersh ips within t he DLP m ar k et place. Offe r ing ( Pr oduct ) St r a t e gy assesses t he differ en tiation of it s pr oducts from it s com pet itors, and how it plan s t o dev elop these pr oducts in the fu ture. I nnova t ion looks at the in nov at ive features t hat vendor s have developed to assess w het h er t hey ar e th ought leader s or sim ply follow ing the pack, and also th e ex tent to w hich their pr oducts ar e able t o com bin e w it h other relevant disruptive technologies. Ge ogra phic St r a te gy is an assessm ent of the ven dor' s u nder standing of the needs and nuances of each region, and how the product is positioned to suppor t th ose nu ances.

Ta ble 2 . Com pleteness of Vision Evaluation Criteria

Eva lua t io n Crit er ia W eigh t in g

Market Underst anding Market ing Strat egy Sales St r at egy Offering (Produ ct) St rat eg y Business Model Vertical/ I ndu stry Strat eg y I nno vat ion Geogr ap hic Strat egy

St an dard St an dard St an dard High No Rating No Rating High St an dard

Source: Gartner (January 2013)

Quadrant Descriptions
Leader s have pr oducts that w ork w ell for Gar t ner client s in m idsize and lar ge deploy m ent s. They hav e dem onstrated a good under standing of client n eeds an d generally offer co m preh ensive capabilit ies in all thr ee functional areas net work, discov ery and en dpoint. They hav e st rong m anagem ent int er faces, and hav e tight int egration w ith oth er product s within t heir brand or t hrough w ell- established par t ner ships and tight int egrat ion. They of fer aggressive road m aps and usually deliv er on t hem . Their DLP pr oducts ar e w ell- known to clients and ar e frequen tly found on RFP sh or t lists.
Ret u rn t o Top

Challengers ct=130104& st=sb


Magic Quadrant for Content-Aware Data Loss Prevention

Challen gers hav e com pet itiv e visibilit y an d ex ecut ion su ccess in specific industry sectors that are bet t er - dev eloped than Niche Play er s. Challenger s offer all th e cor e feat ur es of cont ent- aware DLP, but typically th eir vision, road m aps or product deliv ery is nar r ow er than th e Leader s. Challenger s m ay hav e difficulty com m unicat ing or deliver ing t heir vision in a com pet it ive way outside their core industry sector.
Ret u rn t o Top

Seite 9 von 11

Visionaries m ak e investm ents in broad funct ionalit y and plat for m su ppor t, but their com pet it ive clout , visibility and m ar k et share don't reach th e lev el of Leaders. Visionar ies m ake plann ing choices that w ill m eet futu re bu yer dem ands, and th ey assu m e som e risk in the bar gain, becau se ROI tim in g m ay not be cer t ain . Com panies that pursue visionar y activit ies w ill not be fully credit ed if th eir actions ar e not generat ing n ot iceable com pet itiv e clout, and ar e not influencing other vendor s.
Ret u rn t o Top

Niche Players
A vendor is con sider ed a Niche Play er w hen it s product is not w idely visible in com pet ition, and w hen it is j udged to be relat ively narrow or specialized in breadth of functions and platfor m s or, for other reasons, t he v endor's ability t o com m unicat e v ision an d featur es does not m eet Gar tner 's prev ailing view of com petitiv e t rends. Nich e Player s m ay, nev er th eless, be st able, reliable and long- ter m vendor s. Som e Niche Player s w ork from close, long- t er m relat ionships with their bu yer s, in which cu stom er feedback sets the prim ar y agenda for new features and enhancem ent s. This appr oach can generat e a high degree of cust om er satisfaction , bu t also resu lt s in a narrow er focus in t he m ar k et (w hich would be ex pected of a Visionary) . I n t his Magic Quadrant , Niche Player s m ay also be v endor s t hat did not prov ide answers to all, or any, questions asked during th e vendor su rvey .
Ret u rn t o Top

This Magic Quadr ant is a m arket sn apsh ot that rank s v endor s accor ding t o com pet it iv e buying cr it eria. Vendor s in any sect or of th e Magic Quadrant , as w ell as t hose not ranked on the Magic Quadrant, m ay be appropr iat e for you r en ter pr ise's needs and budget. Ever y com pany should consider content- aw ar e DLP as par t of its infor m at ion secu rit y m anagem en t program , so t hat th e value of st rategic inform at ion asset s m ay be pr eserved and also so th at the or ganizat ion m ay av oid fraud, loss or harm ar isin g from loss of other for m s of sen sitiv e inform ation.
Ret u rn t o Top

Market Overview
Cont ent -aware DLP t ools en able the dynam ic application of policy based on the classif icat ion of cont ent det erm ined at the tim e of an operat ion. Cont ent- aware DLP descr ibes a set of t echnologies an d insp ection t echniqu es used to classify infor m at ion cont ent contained w it hin an obj ect su ch as a file, em ail, packet , applicat ion or data st or e while at rest (in storage), in u se (du ring an oper at ion ) or in transit (across a net work) ; and t he abilit y to dyn am ically apply a policy su ch as log, report, classify, relocat e, tag and encrypt an d/ or apply ent er prise digit al rights m anagem en t protection s. Con tent aw ar e DLP solut ions prov ide capabilit ies to su ppor t regulatory com pliance and I P use. This is different from non- conten t- aw ar e DLP solut ions. These ar e of ten j ust r efer red t o as " DLP" in vendor offer ings. Non- content- aw ar e DLP solu tions apply a policy w it hout r ev iew ing t he conten t or context of wh at is being m onitored. As a result, these DLP so lut ions can not adj u st a policy respon se based on t he con tent or cont ex t . An ex am ple of th is type of capability is of ten found in USB port control tools. Technically , t hese t ools can pr ev ent t he loss of dat a becau se they can block users from copying any an d all inform at ion to a nonapproved USB drive, w hich is w hy t hey refer t o this capability as a DLP solut ion. However , because these solution s can not det er m ine a differ ence in conten t or cont ex t , they do not offer any flex ibilit y in t he applicat ion of the policy. Wit h a content- aw ar e DLP solu tion t hat is used for USB cont rol, a policy could be created so that a user would be able to sav e docum ents th at do not contain any sensitive inform ation on any USB driv e, and save specific t ypes of sensit ive infor m at ion ( such as client dat a) only on a com pany- approved USB dr iv e that h as built- in encrypt ion. Highly sensitiv e t ypes of inform ation (such as HR records) w ould not be allowed to be sav ed on any USB drive at all. Cont e nt - Aw a r e D LP Ought t o Ch a nge Be ha v ior Used t o it s full capability, cont ent- aware DLP is a nont ranspar ent con trol, w hich m eans it is in tent ionally visible t o an end user with a pr im ar y value pr oposition of changing user beh av ior . This is ver y dif fer ent from transparent contr ols, such as firew alls an d ant iv irus program s, w hich are unseen by end users. Non tran spar ent contr ols r epresent a cultural shift for m any or ganizat ions, and it is critical to get business involv em ent in t he requirem ents planning st ages and as par t of ongoing long- t er m operat ions of th e cont ent -aw ar e DLP syst em . Specifically, the rev iew of conten t- aw ar e DLP ev ents needs t o be per for m ed by LOB per sonn el ver sus I T or I T secur it y per son nel, because the LOB per son nel ar e responsible for m aking a bu sin ess decision on t he acceptabilit y of an incident w it h in the business context. As cont ent- aware DLP t ools m atur e, use cases for m anaging sensitive dat a ar e becom in g m ore sophisticated. The use cases associated w ith vir t ualizat ion, cloud, m obile and social m edia hav e becom e m ore com m on, as h av e those in volving operat ions wh en t he com put er is not connected to t he corpor at e netw or k. An exam ple of th is would be detecting t he post ing of sensitiv e data to social m edia sites using a t ablet or lapt op wh ile in a coffee shop or airpor t t er m inal. Feat ures t hat su pport these use cases include endpoint and net w ork con tent - aw ar e DLP funct ions, as w ell as Web prox y integr at ion and the ability to resolve a syst em to I P address or MAC address with a user nam e. Su pport for t hese featur es hav e becom e com m on, but they do requ ir e int egration with Microsoft Act iv e Dir ectory or ot her services. Many vendor s h av e begun ex per im enting w it h alt ernat iv e deliv ery m odels such as cloud, softw ar e as a service and m or e tr adit ional m anaged ser vice of fer ings, w here t he vendor is r esponsible for sett ing up the sy stem and ensu ring that t he policies m eet client ex pect at ion s. Gar t ner has had conver sat ions w it h clien ts lever aging m anaged ser vice offerings, and they report a t ypically faster tim e to value in th eir deploym ents versu s t raditional internally m anaged deploym ent s. They also report that t hey ar e m ore ct=130104& st=sb


Magic Quadrant for Content-Aware Data Loss Prevention

w illin g to ex tend the initial scope of deploy m ent and lever age m or e advanced use cases, because th e vendor exper ience and suppor t capabilities giv e them m or e confiden ce that t he deploym ent will operat e as th ey intended. Fidelis Security System s w as acquir ed by Gen eral Dynam ics in August 2 012 . This is the only m aj or acquisit ion report ed in th e cont ent -aw ar e DLP m ar k et in m ore t han tw o years. The last m aj or acquisit ion w as McAfee's acquisition of Reconnex . M obile D e v ice s St ill Po se a Ch a lle nge Mobile dev ices specifically tablet s hav e becom e com m onplace w it hin or ganizat ions; how ev er , Gar tn er client s con tin ue t o report t hat th ey are str uggling to establish appropriate ter m s of use and security ov erlays to m anage an d protect t he sensit iv e in for m ation being accessed and used on these dev ices. Becau se of lim itations in OS API s, the variabilit y of OS configurat ions, differin g com put ing capabilit ies and bat ter y life ex pect at ions, content- aware DLP vendor s have not been capable of inst alling n at ive content- aw ar e DLP soft ware n at ively on t ablet s or sm ar tphones. I nst ead, t hey leverage m obile device m anagem ent configurat ions to force a VPN connection back t o the hom e net w ork, w her e all t raf fic bound for sites ex ter n al to th e organ izat ion ar e scan ned by the content- aware DLP netw or k solut ions they host at t he perim et er of t he n et w ork. This does not addr ess th e risk s associated w ith a user disablin g the VPN conn ect ion or t et herin g the m obile device t o a t hir d-party system , su ch as a hom e PC o r via Bluet oot h t o rem ov able m edia. Vir t ua liz a t ion, OS Suppor t a nd Risk Re por t ing Ar e St ill La gging The u se of content- aware DLP for v ir t ual env ir onm ents has becom e m ore pronounced in t he past 12 m onth s; how ev er , capabilit ies vary significan tly am ong vendor offer ings. Som e do not su pport t he inst allat ion of th eir DLP solut ion w it hin a v ir t ual m ach ine, w hereas others only su ppor t t he sca nning of vir tual drives w hen not in use. Many of the cu rrent solutions involve the in stallat ion of vendor DLP solut ions on each VM, as w ould be t he case of a t raditional phy sical syst em , r at her t han prov idin g a com m on service lay er. Cloud deploy m ent of con tent - aw ar e DLP solut ion also sh ould be consider ed at an ear ly stage of the deploym ent. Gartner ex pect s t his to ch an ge over the nex t 12 m ont hs, becau se m ost vendors reported aggressive plans for m or e advanced su ppor t of virtu al environm en ts in their product road m aps. Window s con tin ues to be the OS of choice for vendor support in t his Magic Quadrant . As in prev iou s years, m any vendors prom ised support for Apple's OS X if dem and w as high enough . Most vendors suggest they suppor t OS X by being able to per for m local dat a discov ery usin g a net w ork appliance or a soft ware agent not locally inst alled on th e OS X syst em . Only one deliver ed content- aw ar e DLP capabilit ies t hat ar e deploy ed locally on t he OS X sy stem . Gar t ner does n ot ant icipat e t hat th is situation w ill lik ely change for the nex t 1 2 to 1 8 m ont hs. Linu x cont inues to be com pletely ignor ed by all but on e vendor, an d no other ven dor has an y plans for t his platfor m . Unt il clients m ak e it a buyin g criterion t o hav e su ppor t for these plat form s, vendors will cont inue to speak of t hem in fut ure ter m s. Cont ent -aware DLP deploym en ts ar e seen m ore and m or e as business tools by t he busin esses units them selves to address com pliance and I P pr ot ect ion m andates th an in t he past , wh er e it w as of ten seen as an I T/ I T security solut ion lookin g for a need. As a resu lt , con tent - aw ar e DLP business cases now typically in clude r isk m anagem en t as one of th e corn er st on e driver s; however , few ven dor of fer ings support nat iv e reporting capabilities that are business- and risk- m anagem ent- focu sed. Out - of- t he- box reporting cont inu es to be focused on list ing the num ber and t ype of ev en ts that h av e been det ect ed, rat her than t ak ing a risk- or ien ted v iew t hat looks at an accum ulated point- in -t im e risk linked to th e type an d value of the in form ation asset that h as been ex posed or the value of th e busin ess process that has been com prom ised by the ev ent. This r equir es a m in dset that goes bey ond linkin g reports to t he w ay in w hich the content- aware DLP tool w orks to dev eloping reports linked to th e w ay in wh ich th ey w ill be used outside of the I T an d I T secur it y departm ents. Ga r t ne r I nquir y D a t a a nd Obse rv a t ions About Cont e nt - Aw a r e D LP Gar tn er inquiry data through 2012 in dicat es several m aj or obser v at ion s t hat sh ould help organ izat ion s dev elop appropriate requirem ent s and select the right t echnology for t heir needs: Gar tn er inquiries su ggest t hat w e are n ow get ting bey ond basic DLP use cases. DLP as a cont rol for t he protection of I P has been gr ow ing signif icantly, repr esenting roughly 12 % of all DLP inqu ir ies up from 5% in prev ious year s. The EMEA m arket , wh ich has been difficu lt to navigate by cont ent- aware DLP vendor s prim ar ily because of r egulatory com pliance, privacy legislation and w ork cou nsel requir em en ts has begun to pick u p, with not able adv ances in deploym ents in France, Ger m an y, Sw it zerland, Ru ssia, Turk ey and Sau di Ar abia. The t rend for th e Asi a/ Pacific region an d Japan has pr im arily been for content- aw are DLP deploym ents su ppor tin g I P prot ect ion; how ev er , client s in som e j urisdictions ( su ch as Aust ralia, I ndia and Singapore) ar e prim ar ily focused on r egulatory com pliance m andates. About 35% of ent er prises led th eir content- aw are DLP deploy m ent s with net w ork r equir em ents, 20% began with discover y requirem ent s, an d 45% st ar ted w it h en dpoin t r equir em ents. Ent er prises th at began w it h net work or endpoint capabilit ies n early alw ay s deployed data discover y fun ction s n ex t. The m aj or it y of lar ge ent er prises purch ase at least tw o of t he t hree prim ar y ch annels ( net work, en dpoin t and discov ery) in an in it ial purchase, but few deploy all of them sim ult aneously . Many en ter pr ises str uggle to def ine their str at egic content- aw are DLP needs clear ly and com prehensiv ely . We continue to recom m end t hat ent er prises post pone their invest m en ts until they are capable of ev aluating ven dor s' offer ings against in dependently dev eloped, ent er prisespecif ic requ ir em ent s. Fur therm ore, m any or ganizations cont inue to m ak e the m ist ak e of assigning th e daily m anagem ent of con tent - aw ar e DLP ev ent s to I T an d I T secur it y per son nel, or t hey initiat e th eir DLP solution deploy m ent as part of an I T and I T security m an dat e, rat her than focu sin g on establishing their DLP deploy m ent as a business process. Although t he prim ar y appeal of endpoint DLP continues to be the protection of I P and ot her valuable enterprise data from insider theft and accidental leakage, t her e has been grow ing appeal in the past 1 2 m on ths for t he u se of endpoint DLP to addr ess regu lat or y com pliance use cases. Most content- aw are DLP solu tions cont inue to focus on tex t- based cont ent in their analy sis. Although t her e w er e signif icant capabilit y updates by a few vendor s for OCR su ppor t, ch em ical form u la not at ion suppor t an d sch em at ic analy sis, m ost ven dor s st ill str uggle with nontex t data ev en w it h finger pr int ing support.

Seite 10 von 11 ct=130104& st=sb


Magic Quadrant for Content-Aware Data Loss Prevention

Lack of support for finger pr int ing on endpoints cont inu es to be the dir t y lit t le secret of t he indu str y. Although a few vendors of fer this capabilit y in som e form , the m aj or it y that do only support a coar se init ial high- level scan at the endpoin t and th en lev erage a ph one hom e capabilit y to a locally av ailable n et w or k appliance for t he act ual finger pr int m atchin g analy sis. Many deploy m en ts ar e sold on the basis of being a tool t o assist in r isk m anagem en t act iv ities; however , m ost con tent - aw ar e DLP solut ions do n ot of fer reporting, dashboard or ev en gener alized feedback relev ant for th is fun ction . I ncu m ben t antivir u s and endpoint prot ect ion vendor s con tin ue t o lead clients' RFP shortlists. The Tr e nd for Ch a nne l- D LP a n d D LP- Lit e So lut ion s Ther e is a grow ing m ar ket t rend for DLP- en abled offer ings to suppor t m any com ponent s m ak ing up an ent er prises' I T ecosy stem . Som e vendor s provide cont ent -aw ar e DLP capabilities that are quit e advanced, while other s only su ppor t basic regist er ed ex pression m at chin g. The follow ing list of v endor s represen ts an ov erview of th e t ypes of ch annel- DLP and DLP- lite solut ions that Gar t ner will investigat e in fut ure research : Cont ent Keeper Technologies I dent it y Finder Next Labs Proofpoint Rayth eon Oak ley Syst em s Sophos Wav e Syst em s Wor k share Xbridge Sy st em s Zscaler Additional research cont ribut ion and review w er e provided by Rob McMillan.
Ret u rn t o Top

Seite 11 von 11

ht t p: / / www .gar t ner .com / t ech nology/ abou t / om bu dsm an / om b_guide2 .jsp.

About Gar tn er | Car eer s | New sr oo m | Policies | Sit e I ndex | I T Glo ssar y | Con t act Gart ner ct=130104& st=sb


You might also like