Trustwave Data Loss Prevention, a software product for data at rest and data in transit, which is part of the vendor’s content security portfolio that includes secure email and web gateway products.
Trustwave entered the data loss prevention (DLP) market in 2009 with its acquisition of Vericept. The Vericept-developed and patent-pending Trustwave Intelligent Content Control Engine handles sensitive data monitoring, protection and discovery.
Trustwave Data Loss Prevention uses policy-based detection based on Vericept’s original Content Analysis Description Language (CANDL) data categories, risk categories, custom categories and user categories. CANDL syntax is highly extendable, permitting the use of customer parameter lists and other data sources for categories. This allows for flexible, consistent policy development with reusable categories.
Data in transit
For data in transit, the Trustwave Data Loss Prevention engine analyzes all HTTP protocol communications and attachments, including blog and social media posts. It also analyzes FTP and Telnet communication, email, instant messaging traffic and peer-to-peer file sharing.
It can block undesired FTP and HTTP/HTTPS traffic and offers automatic encryption, blocking and quarantining of email traffic that contains sensitive information.
Trustwave Data Loss Prevention consists of three primary features: Monitor, Protect and Discover. It can be deployed in a stand-alone appliance or in a distributed system that has at least one DLP console appliance managing one or more DLP collector appliances. The DLP console appliance furnishes the user interface for setting policies, configures collector appliances and manages events.
Trustwave DLP integrates with other products in the content security portfolio, as well as other Trustwave products, like Trustwave SIEM Enterprise.
The Trustwave DLP Monitor feature monitors all TCP traffic and stored data. It also monitors content, user, system and drive activity and protects sensitive data found in network traffic, at the endpoint and in email.
The DLP product has more than 70 risk categories and enables the manual creation of additional risk categories for organizations.
It employs the Intelligent Content Control Engine and policies to analyze all internet-based communication and attachments. Monitored protocols and applications include email, instant messaging, peer-to-peer file sharing, web-based chat rooms, blogs, other HTTP traffic, as well as FTP and Telnet traffic.
The Trustwave DLP Protect feature guards against sensitive data loss over email and web traffic. Protect Email provides automatic encryption, blocking, quarantine or self-compliance for email communications and attachments that violate DLP policies. It uses the DLP Protect Email Collector appliance to monitor and control email message delivery, while the Protect Web feature automatically blocks HTTP, HTTPS and FTP traffic violating DLP policies.
It also uses what’s called the DLP Protect Web Collector, an appliance that works together with an Internet Content Adaptation Protocol-enabled proxy server to monitor and block data flowing across a separate proxy server.
Trustwave DLP’s Discover feature scans data at rest using the Intelligent Content Control Engine to find and protect sensitive information in hundreds of file formats residing in stored data on file servers, desktops and laptops. The Trustwave Discover review interface permits users and administrators to examine policy violations, perform remedial action and prepare reports.
Trustwave Data Loss Prevention is an enterprise-focused DLP product that serves as part of Trustwave’s larger content security portfolio. The product covers data at rest, endpoint data in use and network data in transit. However, it does not address data on mobile devices or cloud services.