The TrueDLP platform from Code Green Networks consists of both hardware and software components with the goal of identifying and preventing the distribution of or automatically encrypting sensitive corporate data. Specifically, the platform consists of the Content Inspection (CI) Appliance, the Content Inspection Manager (which resides on and is accessed via the CI Appliance), and the Content Inspection Agent for Windows (2000/XP/Vista) endpoints.

The CI appliance is a hardened Linux-based box that is deployed at the network perimeter (off of a network TAP). The appliance allows for the registration/identification of sensitive data, the creation and management of data handling policies, and the automatic monitoring of outbound network traffic for sensitive data. Setup and management of the appliance is via a Web-based interface.

To identify sensitive data in unstructured documents, the appliance leverages Deep Content Fingerprinting technology, based on research conducted at Stanford University. In brief, the appliance learns what data is considered sensitive to the organization by automatically crawling designated file systems (Windows, Linux/UNIX) or Content Management Systems; or reading content directly supplied to it via E-mail or Web upload from the administrator or designated users. The appliance then creates and stores a digital fingerprint of this information, "... a series of sliding hashes that are mathematically reduced to uniquely represent a document and all of its constituent parts." This fingerprint is then stored in the appliance itself. Up to 1 TB of fingerprint data (which the vendor states is a "much smaller" representation of the original data) can be registered on the appliance, and the fingerprint itself is irreversible (the original data cannot be reconstructed from the fingerprint).

The appliance then monitors outbound network traffic along routable TCP protocols, including HTTP, FTP, and SMTP. It collects the information sent, fingerprints it, and then compares the resulting fingerprints to those in its repository. If a match is found, the appliance takes action according to administrator defined policies; which can include logging the incident (syslog is supported), alerting appropriate individuals, and/or blocking the transmission entirely. The appliance itself includes a built-in MTA (Mail Transfer Agent), and thus supports multiple E-mail specific actions on identified sensitive information; including blocking, quarantining, or rerouting. The vendor states that their Deep Fingerprinting technology enables the appliance to recognize both full documents as well as partial data fragments, regardless of position; and the process is able to fingerprint over 400 different document formats, including MS Office, drawings, image files, and more.

Two versions of the CI Appliance are offered: The CI 1500, with support for up to 1 TB of source data; and the CI 750, with support for up to 400 GB of source data.

The new platform components include the CI Manager (provides Web-based configuration, management, and reporting for all TrueDLP components, including those that are geographically dispersed), and the CI Agent, which provides both Endpoint discovery and protection for Windows machines. The CI Agent, specifically, provides policy-based, device-level controls and activity logging preventing the copying or transmission of sensitive data to external locations (USB, iPod, iPhone, SD/MMC Card, FD, CD/DVD Drive, and more are supported); as well as the ability to locate and report sensitive data-at-rest on the endpoint.

Also supported by the platform is automated encryption (policy-based) of identified sensitive information, both at the CI Agent and CI Appliance (for outgoing E-mails) levels. This encryption is provided via built-in integration with the Cisco, Voltage Security, and now Zix encryption platforms; i.e., the components necessary to accomplish the encryption are built directly into the CI Appliance, with the appliance providing the necessary calls to the respective encryption services for delivery of encryption keys, etc. The encryption feature is optional and activated via an activation key.

TrueDLP is available now; pricing starts at $10,000. Visit the Code Green Networks Web site for further information.

product submission by EITPlanet Staff

E-Mail this page to a colleague
send info about TrueDLP

Suggest a link
for the TrueDLP fact sheet