CoSoSys Endpoint Protector v4
Strengths: Excellent endpoint-based DLP with some additional functionality.
Weaknesses: Limited functionality, can be tricky to deploy and can become pricey, given that other endpoint tools may be needed, especially after the first year.
Verdict: Good DLP and for that alone well worth looking into.
Endpoint Protector v4 comes as a virtual appliance and is intended to provide device control, mobile device management and data leakage protection. It consists of a virtual appliance and two main modules: Devices Control and Content Aware Protection. As such, it provides the ability to manage endpoints as well as external devices such as thumb drives. It is compatible with a wide variety of operating environments and, as a virtual appliance, is available in several virtual formats.
We downloaded the virtual appliance for VMware - although there are several other formats available as well - and installed it on a Windows 2008 server using VMware Reader. The installation went reasonably smoothly with the exception that some of the steps are less than intuitive. For example, when you deploy an endpoint, the product asks for quite a bit of information about it. It does not say which information is required, however. When we attempted to deploy without filling in all of the requested information, it rejected our information telling us that we needed to add another piece of data - the MAC address in this case. We provided the address, told it to install and it came back with another error. When we corrected that, it worked. You do not need to fill in all of the boxes, but it is unclear without some experimenting which are and which are not required.
Once we were up and running, things got a lot easier. Setting up endpoints is straightforward once you know the tricks, and the policy engine is solid. All device management is centralised and there is a good, though a bit busy, dashboard. We did not find the functionality to be intuitive, though once we figured it out we saw a lot of useful information. We found this to be a reasonably powerful system that focuses on DLP rather than the usual endpoint protection focus on malware. Since it is as important to keep data in as it is to keep malware out, we don't see a problem here beyond needing to add some form of distributed malware protection.
If we were to evaluate the most important aspect of this tool it would have to be DLP. With content-aware protection, it has all of the personality of an advanced DLP product. It doesn't really care what device is connected to the system. As long as it knows about it, if the DLP is invoked it will protect it. Thus, a USB drive with sensitive data is as important as the computer's hard drive. Transfers of sensitive data to the USB drive is subject to controls.
The content-aware feature is an add-in whereas device control is included. Reporting is quite good and documentation is well done. We were a bit disappointed with the website, however, in that some things that we expected to see in a capable support site were not there. There is a knowledge base as well as all documentation for download. They may be useful for awareness training, but we were a bit lost as to what they were intended to add to the website.
Pricing is a bit high for a product with pinpoint functionality given that the organisation will need to invest in other products, such as anti-malware. After the first year, support starts to get pricey as well. However, the cost of keeping sensitive and other data protected by regulatory requirements is a bit hard to calculate. We liked the product overall even though it took a little getting used to. We think it could have a bit more depth.
Prices are US-based, thus indicative only.