Related Links

DataTight® Security Architecture

As the DLP market matures it becomes more and more apparent to senior practitioners that DLP alone is like a race horse with 3 legs. It has the body and soul to get the job done but is missing some key elements.

DataTight brings together all of the key elements required to deliver a complete end-to-end solution. Right out of the box all of the major components needed to address all of the principal issues of data leakage security are up and running in a tightly integrated and highly cost effective platform.

Why is this important? Consider that hundreds of thousands of competent and highly technical people are out of work and are looking for things to occupy themselves. In addition, organized crime and foreign governments are recognizing security is often times easy to breach and can yield huge rewards. As a result the FBI's industry liaison group "InfraGuard" reports that data breaches are skyrocketing. This little known fact was recently picked up by the Washington Post resulting in the following headline :

Do you want you, your office, or your company to become a headline also?

95% of all data breaches could have been stopped by a full featured DLP implementation such as DataTight. DataTight is the only DLP implementation that brings together all of the functionality needed to cover all aspects of data leakage protection. Most other DLP packages don't provide all of the needed elements.

What is included in the DataTight architecture? Reference the diagram that follows which pictorially includes the following elements:

  • A full featured DLP suite, including:
    • Data-in-Motion Monitor (DIM)
    • Data-at-Rest Scanner (DAR)
    • Data-in-Use Agent (DIU)
    • Central Management Console
  • An ICAP Proxy Server
  • An Encryption Server including Key Management Services

What sets DataTight apart from others? Consider the following points:

  • Most packages don't include an ICAP proxy. Without this feature the DLP software cannot look into any encrypted traffic. If a disgruntled employee was trying to smuggle company IP, such as client lists, engineering drawings, parts lists, formulas, recipes, etc, out of the company without getting caught the very first thing they would do is employ some sort of encryption to try and cover their tracks. Without an ICAP proxy this traffic would go unnoticed.
  • The new generation of sophisticated "call-home" Bots also employs PGP and SSL in various forms. If your DLP implementation can't look into this traffic it will go completely unnoticed.
  • Tightly integrates with Active Directory and DHCP/DNS Services.
  • Very few DLP Packages include an encryption solution. When this essential element is missing it reduces the package to two intervention options: a) passive, log only mode, b) stop the email and quarantine it until a supervisor or manager releases it; which is much too labor intensive and disruptive of business. Incorporating an encryption solution into the DLP package in a tightly integrated manner yields a number of additional options for intervention.
  • Only one other package we are aware of includes provisions for encryption key escrow. Providing encryption services without including a key escrow service is a formula for disaster under most circumstances. DataTight embeds the well known and trusted services of Voltage Security, Inc. According to a white paper published by Voltage: "Encryption is Easy - Key Management is Hard" (source) .
  • Most of the other big players in the DLP product space require you to purchase expensive appliance hardware. Often times this hardware does not and cannot take advantage of the efficiencies and economies of virtualization. DataTight is solidly built on the Citrix XenServer Virtualization platform. We believe this platform is everything VMware always should have been and never will be. The degree of reliability and ease of administration is nothing short of astonishing. New servers can be replicated with the push of a button. High availability (HA) can be set up in minutes. If a servers hardware ever fails and HA has not been established a new server can be built from scratch in less than 15 minutes.

Aren't these products all available "off the shelf"? Why can't an IT department do it themselves? DataTight is a tightly integrated and thoroughly tested consolidation of a number of vendor products. An enterprising IT Department could spend the same 3 - 4 months repeating that integration but then, when problems occur, they would have to deal with the finger-pointing between at least 4 different vendors. Illumant's team cuts through all of this by providing a single point of contact for all service and support issues.