The core product is made up of seven parts: Vontu Enforce -- creates security policy; Vontu Network Monitor -- passively monitors network egress points for classified data; Vontu Network Prevent - monitors and blocks traffic at network egress points; Vontu Endpoint Prevent -- the client software which protects classified data from being downloaded, copied to a USB device, or CD/ DVD; Vontu Endpoint Discover -- additional client software which scans the client for existing classified data; Vontu Network Discover -- identifies sensitive data in data stores, e.g., servers; and Vontu Network Protect -- automatically relocates sensitive data to a secure data store.
With all of the components listed above, the Symantec Vontu product protects all three of the most common data leak threats. These include network distribution via email, instant messaging, or FTP.
The final common point of data leakage is from data stores, such as file servers and databases, which are also protected with this suite of tools.
The seven components answer to a central reporting console, which allows an administrator to follow the blocked path of sensitive documents through the enterprise. An added feature to the Vontu Endpoint Prevent is a justify dialog.
This allows a user to explain the need for a policy-violating action, and the justifi cation can be approved by the department manager.
The Vontu package was an easy, albeit time-consuming process from the server perspective. As with other products, the client app can be created into a MSI file and distributed through most common software distribution systems. The client supports XP Service Pack 2 and also current releases of Vista, with legacy support for server versions of the operating systems.
While the documentation was above average, the support options are below the industry norm. All Symantec support is available over the phone or through the extensive symantec. com website, which includes a knowledge base and a FAQ list.
Pricing begins at US$25,000, and this places the Vontu package in the middle of the price spectrum.
See original article on SC Magazine US
For: A product which covers all major data leakage points. Against: The terminology is a bit confusing, as is figuring out what is essential and what is not required. Verdict: A secure offering that really protects against data leakage, but a sharp learning curve means that most administrators will require training.