Code Green Prevents Red Alerts with DLP AppliancesBy Frank Ohlhorst | Posted 2008-01-14 Email Print
Review: Code Green Networks brings a data loss prevention (DLP) appliance to the channel in the form of the company's CI-750. eWEEK's channel labs takes a look to see if the CI-750 is the answer to the DLP question.Data security has become a complex endeavor for most any business. Most IT administrators have turned to a multitude of appliances and software solutions to build layered security from outside threats.
This proves to be a good start, but while many focus on protecting corporate data from the outsider, the threat from the insider is often overlooked.
Many enterprises, driven by compliance issues, have started to implement a technology called DLP (Data Leakage Prevention), which controls the movement of data in the network. Code Green Networks has become a valuable ally to those deploying enterprise DLP solutions, thanks to its high-end DLP appliance, the $25,000 CI-1500.
The CI-750 helps prevent leakage of sensitive data and works over a variety of network protocols, including SMTP, HTTP, HTTPS, and FTP. What's more, the unit works with standard Web transport protocols, which allows it to protect sensitive data from being posted to blogs, wikis, and Web forums. That protection even extends to Web-based mail services such as Gmail, Hotmail, Windows Live Mail, AOL mail and Yahoo Mail.
The CI-750 also monitors and records sensitive information transmission, and offers the ability to block transmission using third-party proxy server solutions. If the data is not to be blocked, then the appliance can automatically encrypt the data transmissions, making it an ideal DLP solution for branch offices.
The unit works by scanning all traffic for defined data types, such as Social Security numbers, credit card numbers and so on. The unit can gather that information from corporate databases to protect the actual data or policies using pattern recognition can be setup. To protect intellectual property, which may not be stored in defined databases, the CI-750 employs a technology called deep-content fingerprinting, which relies on cryptographic hashes of recognized data to block transmission and generate alerts.
The same data control can be applied to the corporate e-mail system, where data can either be blocked or encrypted based upon defined policies. Those features are all good news to businesses attempting to meet PCI, HIPPA, SOX and California SB1386 regulations. The CI-750 offers out-of-the-box compliance with Federal Trade Commission guidelines and Federal Rules of Civil Procedures amendments, which govern electronic discovery.
The CI-750 can protect as much as 20 million elements of stored data (found in databases and structured files) and up to 250Gb of data across more than 400 different file formats, including MS Office, CSV Files, CAD Files, Images and so on.
The unit has been designed with ease of use in mind; most solution providers should be able to deploy a CI-750 in less than a day. A typical setup consists of hardware installation, policy definition and then some fine tuning and should not be too much of a challenge to even an entry level network engineer.
While most users will think of the CI-750 as a plug-it-in and forget style of appliance, nothing could be further from the truth. DLP solutions need management and auditing and the CL-750 is no exception. That's good news for the solution provider, who can build service revenue around reporting, policy adjustment and other integration and maintenance services associated with compliance and data leakage prevention.
There is a lot more to DLP than just monitoring network traffic, a complete DLP solution must also address end points, specifically PCs or other devices that connect to the network and can access data. Here, Code Green offers additional protection in the form of their Content Inspection Agent, which, when installed on end points, prevents the copying of sensitive data to CDRs, USB Key drives and so on. The idea here is to close all exit points where data can travel. The agent can be set up to either block the movement of data to removable storage or it can use a policy to encrypt the data when it is stored on a removable device. The idea here is to allow workers to transport data, but keep the data secure if the device (such as a USB Key drive) is lost or falls into the wrong hands.
The Content Inspection Agent fully integrates into Code Green's management applications, which allows a single point of administration for all policies, regardless if the policy is aimed at IP traffic or portable devices. This single view into DLP simplifies both administration and reporting and allows companies to meet compliance requirements with relative ease.
Although Code Green Networks is a relative newcomer to the security appliance market, the company has made significant commitments to the channel. The company distributes its products 100 percent through the channel; there are no direct sales to customers, which help to create additional opportunity for partners. The company is still in startup mode and offers significant flexibility to its current partners. Major requirements to become a partner include demonstrated technical know-how, an established customer base and completion of sales and technical training.