Leak prevention entering the next phase

OK, the experimental phase is over in the nascent leak prevention space. Many security companies launch in response to a problem.  (Occasionally companies are started to address a potential problem. Those are a roll of the dice for the entrepreneurs and their venture backers.) But, there really is a problem with information leaving the corporate domain either accidentally in the case of so many recent disclosures or with malicious intent as in the case of stolen credit card information being IM’d or someone emailing customer lists to their hotmail accounts.  (For a chronicle of these events subscribe to Data Protection Weekly).

But look at recent announcements.  Reconnex is going to deliver their capability to detect critical information leaving the corporate nest on Extreme switches.  That is material because it indicates that Reconnex is not going to create yet another box on the wire to deploy but rather, they will work with the more technically adept hardware vendors to provide leak prevention capabilities in existing edge devices. Makes sense.

 

And this morning Websense is announcing a completely different twist on how to approach leak prevention.  Websense is already in the content management space which evolved from controlling which web sites a user can visit to a protective stance by blocking access to malware that resides on malicious sites.  And, if you think of it, Websense is in the user behavior control space as well. Content filtering is all about enforcing company policies on what is good and bad use of the web.  So why not also enforce policies about what content is allowed to leave the network?  Voila! Leak prevention.  Websense is partnering with PortAuthority to pull this off in what appears to be  much more than a co-marketing agreement.  Websense will build PortAuthority’s technology into their product.

 

While rumors abound of acquisitions in this space (don’t do it Check Point!) I believe the direction the space will take is made clear by these two announcements:  integration into existing control points.  This is not a stand alone space. No one will IPO in “leak prevention”.   Yes, there will be acquisitions.  Big Yellow will buy some company at ten times forward looking revenue. They will announce that it will be “integrated” into their other product lines but what will really happen is leak prevention will be integrated in to their price book.

 

In the meantime, email gateway companies, firewall and switch vendors, and content filtering vendors will develop their own leak prevention capabilities. Partnering is the way to go in this space.