Symantec spends US$350m to prevent leakage
Symantec's announcement that it will acquire data loss prevention (DLP) vendor Vontu for US$350 million signals an information-centric future for security -- but analysts warn not to deploy DLP technology yet.
"As part of our Security 2.0 vision, we have long been pushing a view that security should be driven by policy, focused on information and supported by a managed infrastructure," Tom Kendra, Symantec's security and data management group president said in a statement.
DLP technologies are critical to the concept of information-centric security since they allow an organisation to apply security policies to storage devices or locations on the network and to information in transit, as opposed to fencing off the network from external threats.
Symantec is not the first to talk of information-centric security. EMC has been promoting the idea since its US$2.1 billion acquisition of RSA in 2006 -- two years after Symantec merged with Veritas, giving the entity greater reach into the enterprise storage market.
Describing EMC's approach to security, Clive Gold, EMC's national product manager, told ZDNet Australia what the company means by "information-centric": "It's the information you're trying to protect. The moats-around-castles approach is outdated and the security industry is all about building moats, which are important but don't give the security you want in today's environment."
Three significant new products to join Symantec's range as a result of the acquisition are Vontu Endpoint, Vontu Network Monitoring, targeting data leakage. Symantec's acquisition of Vontu also follows a number of parallel acquisitions by other vendors, aimed at building DLP into existing product lines.
In August EMC acquired Tablus -- a data leakage prevention software company -- through RSA, followed shortly after by Trend Micro which acquired Provilla, giving it Leakproof, a product that scans file servers to create document signatures. Security firm Websense also announced its intention to acquire data leakage prevention vendor Port Authority in December last year.
Two other acquisitions by EMC that reflect this approach are Authentica -- which gave it distributed digital rights management systems -- and system auditing specialists, Network Intelligence, giving EMC a product that allows comparisons between the logs of multiple systems and is useful for due-diligence and data mining.
But while DLP technologies are considered useful and address concerns around data leakage, highly collaborative businesses would be sacrificing the availability of information for security if they invested in DLP today, Intelligent Business Research Services security analyst James Turner told ZDNet Australia.
"There are still logistical issues with integrating the technology. Until those issues get resolved, no IT manager will pour money into this area. If I set all documents to a certain level of classification this basically means if there is a company you collaborate with heavily, you have to buy the same solution, which is deeply problematic," said Turner.
"It's worth exploring but ... if I buy a solution from Websense and try to intermesh that with Symantec's or EMC's product, there is no standard architecture," he added.
DLP technology may be worth investing in once greater interoperability has been achieved, but that won't occur in the next six months, said Turner, adding that IT managers would benefit if Microsoft enters the scene.
"Microsoft has an enterprise rights management system already. If they start deploying that as standard and IT managers start deploying that seriously, then once again that changes the dynamics of the market. So this is an area where the smart money stays in your pocket," he said.