Magic Quadrant for Content-Aware Data Loss Prevention Seite 1 von 11

Magic Quadrant for Content-Aware Data Loss

Prevention
3 Ja nu a r y 2 0 1 3 I D: G00224160

An alyst ( s) : Eric Ou ellet

VIEW SUMMARY STRATEGIC PLANNING ASSUMPTIONS

Cont ent - aw are DLP will be par t of t he st an dar d of due

As th e en ter pr ise cont ent -aware DLP m ar k et ev olv es, ven dors ar e integr at ing adj acent technologies t o car e by 201 3 in Nor t h Am er ica, and by 2015 in Eur op e
creat e a broader ecosy stem of DLP- enabled solut ions. Channel DLP and DLP- lite of fer ings ar e gainin g an d t he Asi a/ Pacific reg io n.
clien t m ind share and focusing on low - com plex ity regulat ory com plian ce use cases. By 2014, m or e t han 50% of en t er pr ises will use som e
form of cont ent - aw are DLP capa bi li t y , but on ly 30% of
t hem w il l hav e a com pr eh en siv e en t er prise cont ent -
aw ar e DLP solut io n or st r at eg y .

Market Definition/Description
Gar tn er defin es conten t- aw ar e data loss prev ention ( DLP) t echn ologies as those th at , as a cor e
fun ction , perform content inspect ion of data at rest or in m otion, and can execute responses — rangin g
from sim ple notificat ion t o act iv e blocking — based on policy set tings. To be con sidered, product s m ust
support sophisticated detection techniques that extend bey ond sim ple key word m at ching an d regu lar
ex pressions.
Cont ent -aware DLP t ech nologies can be gener ally divided in to thr ee separat e cat egor ies:
Ent e r pr ise co nt e nt - a w a r e D LP solut ions incor por ate sophisticat ed detection techniqu es to
help organizations address th eir m ost cr it ical data protection requirem ents. Solut ions ar e
packaged in agen t sof tw ar e for desktops and ser ver s, physical and virtu al applian ces for
m onit or ing n et w orks, and agents and soft appliances for dat a discov ery. One of the leading
characteristics of ent er prise content- aw are DLP solu tions in volves a centralized m anagem ent
console, support for adv anced policy definit ion and ev ent m anagem ent w or k flow .
D LP- lit e pr oduct s typically use few er and less soph ist icat ed det ect ion t ech niques, an d they
support on ly a lim it ed num ber of prot ocols (for ex am ple, em ail, Web and FTP) . Deploym ents tend
to be ex clusively endpoint or net work, or for dat a discover y only . Solutions t ypically hav e lim ited
consoles supporting basic centr alized policies and very lim it ed ev ent m anagem ent — if included at
all.
Cha n ne l D LP is a lim ited content- aw ar e DLP feat ur e set that is int egrat ed w ithin an ot her pr oduct
— t ypically em ail encr yption . Ch annel DLP in th is m ode is used to facilitat e t he end- user decision
process t o questions su ch as " Should I en crypt th is em ail?" by doing t he analysis for th e user and
aut om at ically deter m ining w hether encryption is applicable or r equir ed. Channel- DLP technologies
ar e usually focused on a lim ited set of pr im ary use cases, m ainly regulatory com pliance. See
" Guidelines for Selecting Con tent - Aw ar e DLP Deploy m ent Option s: En ter pr ise, Ch annel or Lit e" for
a m ore detailed discussi on.
The enterprise con tent - aw ar e DLP m ar ket has ex per ienced st eady growt h during t he past seven years,
w it h content- aw are DLP deploy m ent s gr ow in g from 2010 ( $30 0 m illion) t o 2011 ( $42 5 m illion) t o 2012
( $535 m illion) . Gar tn er estim ates t hat this m arket w ill reach $6 70 m illion in 201 3.
Ret u rn t o Top
Magic Quadrant
Fi gur e 1 . Magic Quadrant for Content- Aw are Dat a Loss Prevent ion
EVIDENCE
This Magic Qu ad rant was dev el oped using Gar t ne r' s
w ell- def ine d m et hod ol og y . Th is process in cor po rat ed
t he foll ow in g t o gat her prim ar y da t a ab ou t each
v en dor 's of fering:
A cat egorizat io n sur v ey gat her ed a hi gh- lev el v iew
ab ou t which v endor s shoul d be in cluded an d
ex clude d f rom t he Magic Qu adr an t .
A full sur v ey w as used t o coll ect det ai led
in form at ion ab ou t t he v en dor an d it s offer in gs.
Dem os w er e condu ct ed t o v iew t he of fer in g in
act ion , an d v er ify el em en t s in t he su rv ey
respon ses.
Refer en ces w er e cont act ed t o gat her infor m at io n
ab ou t t he cust om er ex per ien ce, v er ify elem en t s in
t he sur v ey r esponses an d id en t ify an y ot her
elem en t s of int er est bey ond t hose cov er ed in t he
sur v ey .
Guidelines f or respon din g t o t he full sur v ey w er e
pr ov ided at t he t im e of issu e of t he sur v ey .
Responses wer e of v ar ia bl e qualit y . Respon ses t hat
wer e low er qu al it y ( for ex am ple , ign ored t he
qu est io n, poor gr am m ar , in ab ili t y t o ex plain k ey
concep t s, in abi li t y t o pr ov ide hi gh- qu al it y
ex pl an at ion s of use cases, an d inab il it y t o go
bey ond t echnical capa bi li t ie s an d dem on st r at e an
und er st and ing of t he business en v ir on m en t ) or did
not m eet t he guid el in es ge ner al ly t en ded t o scor e
lo wer . One v en do r decli ned t o prov id e a su r v ey
respon se or pa rt icipat e in an y ot her w ay . So m e
v en do rs decl ined t o an sw er cert ai n que st ion s
because of m ar k et r est rict ions an d, t her ef or e, di d
not far e as w ell under som e of t he scor ing cr it er ia .
Dem onst r at io ns w er e cr it ical , beca use t hey
il lu st r at ed po in t s t hat ar e diff icult t o m ak e in
wr it in g, an d prov id ed an op por t un it y t o illu st rat e
feat ur es not ot her wise cov er ed in t he sur v ey . All
sur v ey r esp on den t s pr ov ide d a pr od uct
dem onst r at io n using a for m al sc ript pr ov ided by
Gart ner . Dem on st rat ions w er e t er m inat ed af t er a
set per iod of t im e, r eg ar dless of whet her t he en t ire
scr ip t had been com ple t ed. The dem on st rat ion
scr ip t s w er e int ended t o be difficult , but po ssible,
t o com pl et e w it hi n t he t im e per iod in order t o force
a focus on t he k ey aspect s w it h few ir rel ev an t
di st ract ion s, an d also t o dem onst r at e w het her t he
pr od uct was easy t o work w it h. Dem onst r at ion
qu al it y v ar ied, r an gin g fr om v er y poor t o
ou t st andi ng.
We ask ed for fiv e r ef er en ces fr om each v en do r,
an d each r ef er en ce cust om er was su pp lied w it h a
st r uct ur ed sur v ey . Refer en ces w er e scor ed on t he
ba sis of t he qualit y of t he refer ence an d w hat t he
ref er en ce t ol d us. For each v end or , we t ak e in t o
accou nt com m en t s fr om t hat v endor ' s own
ref er en ces, an d w ha t ot her v en do rs' cust om er s
sai d ab ou t t hat par t icular v en dor . For ex am ple,
when sco ring Sy m an t ec, we t ook int o account what
Sy m ant ec' s own cu st om er s said , as w ell as w hat
t he cust om er s of ot her v en dor s said abo ut t heir
ex pe rien ces w it h Sy m an t ec — if t hey had an y .
Scor es for ea ch v en dor were norm al ized . I f w e
recei v e few er t han t hree ref er en ces for a v en dor ,
we scor ed m issi ng r ef er en ces as a "0." Vend or s
can be not ably af f ect ed by t he ina bi li t y t o hav e
sufficien t r ef er en ce cust om er s pr ov id e inpu t .

EVA LUATION CRITERIA DEFINITIONS

Ability to Execute
Pr odu ct / Se r vice : Cor e goods an d ser v ices of f er ed by
Source: Gartner (January 2013) t he v en dor t hat com pe t e in / ser v e t he def ined m ar k et .
This in cludes cur rent pr od uct / ser v ice capabilit ies,

http://www.gartner.com/technology/reprints.do?id=1-1DGZXGK& ct=130104& st=sb 18.02.2013

Magic Quadrant for Content-Aware Data Loss Prevention
Ret u rn t o Top
Vendor Strengths and Cautions
CA Technologies
CA Technologies cont inu es to have a solid offer in g but st ruggles t o ar t icu lat e its value proposit ion
clear ly out side of its core m arket of clients. CA Dat aMinder now incor porat es univer sal in dex ed
sear ch ing using Autonom y's I nt elligent Data Oper at ing Lay er , addressing one of t he caut ions from last
year's Magic Quadrant. CA Tech nologies is lookin g to build its m arket shar e by developing new offer ings
target ed tow ar d deploym ents ou tside t he U.S. and also for new t echn ologies, such as cloud ser vices
( for ex am ple, th rough the DLP- as- a- service of fer ing) .
St r e ngth s
CA Technologies' focus on th e relat ionsh ip betw een iden tit y m anagem ent and DLP is am ong t he
st ron gest .
Support for m essaging infrastr uct ures rem ains a strong value point , and CA Tech nologies has a
loyal cust om er base in the finan cial sectors.
Support this year for finger print ing/ data registration is a welcom ed addit ion to a com prehensiv e
and globally localized rich product featur e set and policy language.
Clients cont inu e to r epor t t hat CA Technologies' global sales and su ppor t ar e st rong buying
criteria.
Caut ions
Cust om er s com m ent th at CA Technologies' policy and ev en t m anagem ent funct ion is not as
int uit iv e or as easy to use as that of com pet it ors w it h sim ilar capability set s. Alth ough all t he
com ponent s required t o support com preh ensiv e ev ent m an agem ent and workflow ar e present in
the offer ing, t he interface lacks finesse and clarit y, resultin g in an of fer ing t hat appear s less than
full- feat u red.
Although its policy langu age is com prehensiv e, it is m inim ally docum ented, which result s in added
com plex ity in policy definition and t unin g tim e for advanced deploym en t sce nar ios.
CA Technologies' int er face, w hich w as a w eak point last year , has im pr ov ed in the past year an d
ref lects som e of t he com m on client feedback; however , it is st ill considered by Gar tn er t o be dat ed
in design, an d clients continue to repor t that it is dif ficult t o use.
Ret u rn t o Top
Code Green Networks
Code Green Netw orks continues t o lag behin d in the growt h and ev olution of it s pr oduct offer ing, as
com pared w ith oth er vendor s r ev iewed in th is Magic Quadrant. Alt hough Code Green has init iat ed
inv est m en ts int o creat ing an enter pr ise- grade ver sion of it s offering during th e past sev er al year s, it s
ov er all DLP product cont inu es to be pr im ar ily geared to sm all and m idsize deploym ents w it h low
com plex ity u se cases.
Code Green's ch an nel relat ionship w it h Blue Coat Syst em s is ex pan ding into a techn ology int egrat ion
w it h Blue Coat product s, in w hich Code Green's of fer ing will have a su ppor t ing role in a channel- DLP
deploym ent context. This chan nel-DLP appr oach seem s to be em erging as a m ore con sistent t hem e
ov er all in the way Code Green per ceives itself and it s value to clients.
St r e ngth s
Code Green im pr ov ed it s endpoint capabilit y in 20 12 to support aut onom ous local dat a discover y
scann ing, w it hou t requir ing a connect ion to an available net w ork appliance t o con duct th e actu al
content analy sis.
Code Green's sim ple- t o- use interface and w orkflow for USB control facilit at e th e t rigger ing of user
actions an d j ustificat ions when copying cont ent to USB.
I ts solu tion supports a nat iv e dat a encry ption capabilit y .
Caut ions
Minim al addition of advanced DLP capabilit ies or in tegration with relat ed risk com pliance, identity
and access m an agem ent , or enterprise digit al righ ts m anagem ent / infor m at ion rights m anagem en t
solut ions is resultin g in a basic DLP offer in g that supports only the core needs of a prim arily U.S.-
focused r egulatory com pliance client base.
Although Code Green previously h ad y ielded strong capabilities in DLP f or int er national
deploym ents, lack of cont inued in vest m ent h as all bu t st alled deploy m ent s beyon d Japan an d
I ndia.
Code Green's offer in g is best- su it ed for sm all an d m idsize deploy m ent s w ith low - com plex ity use
cases due to w eak repor t ing capabilit ies an d task- heav y quar antine functions, wh ich can
necessit at e m anual adm inistrative interven tion for each ev ent .
Ret u rn t o Top
Fidelis Cybersecurity Solutions
Fidelis Security System s w as acquir ed by Gen eral Dynam ics in August 2 012 ( see " Gen er al Dy n am ics
Deal Will Accelerat e Ev olution of Fidelis' Mar ket Focu s" ) an d renam ed Fidelis Cyber securit y Solutions.
This is t he only acquisition r epor ted in t he conten t- aw ar e DLP m arket in ov er t w o y ears. Fidelis w ill
continue to oper at e as a stand- alone com pany un der Gen er al Dynam ics and h as in tegrated Gen er al
Dy nam ics' security co nsulting organization as par t of its team of consu lt ant s.
Fidelis cont inues t o of fer one of t he strongest and h ighest- th rou ghput net w ork DLP capabilities available
in the m arket t oday . Clients report using Fidelis' content- aw ar e DLP of fer ing t o prot ect again st
infor m at ion loss from n et w or k com m unications going out side t heir ent er prise and from tar geted
ex t er nally sourced t hreats. Fidelis has been investing significant ly in enhancing its advanced per sistent
thr eat -m anagem ent- lik e capabilit ies t o ex pan d it s r ole in protecting against ex t er nal threat s.
Fidelis has an OEM par tner ship w it h Verdasys, w her e Verdasys of fer s integrat ed Fidelis DLP and
cyberthr eat def ense capabilities w ithin its m anagem ent console. Gen er al Dy n am ics, Fidelis an d
Verdasy s h av e all st ated publicly an d to Gar t ner their j oint int ent to cont inue th is relat ion ship. Although
http://www.gartner.com/technology/reprints.do?id=1-1DGZXGK& ct=130104& st=sb
Seite 2 von 11
qualit y , f eat ure set s, sk ill s an d so on, w het her offer ed
nat iv ely or t hroug h OEM ag r eem en t s an d par t ne rsh ip s,
as def in ed in t he m ar k et def in it ion and det ai le d in t he
su bcrit er ia .
Ov er a ll Via bilit y ( Bu si ne ss Un it , Fi n an ci al,
St r at egy , Or ga niz a t ion ) : An assessm en t of t he
ov eral l or ga ni zat io n's fin an cial hea lt h, t he fin an cial an d
pract ical su ccess of t he busine ss unit , an d t he
lik el ih ood t hat t he ind iv id ual bu siness un it w il l cont inue
inv est ing in t he produ ct , w ill cont in ue of fer ing t he
produ ct an d will ad v an ce t he st at e of t he ar t wit hin t he
or gan izat ion 's por t fol io of pr od uct s.
Sale s Ex ecu t ion/ Pr ici n g: Th e v en do r' s cap ab il it ies in
al l pr esales act iv it ies and t he st r uct ur e t hat suppor t s
t hem . Th is includ es deal m an agem en t , pr icing an d
neg ot iat io n, presal es suppo rt , an d t he ov er al l
ef fect iv en ess of t he sales chann el .
M a r k et Re sp onsi ve ne ss a nd Tr a ck Re cor d : Ab il it y
t o respon d, chang e direct io n, be flex ib le an d ach iev e
com pet it iv e succe ss as op po rt unit ies dev elop,
com pet it or s act , cu st om er needs ev olv e an d m ark et
dy nam ics ch an ge. Th is cr it er ion also consider s t he
v en dor 's hist or y of respon siv en ess.
M a r k et in g Ex e cu t ion : Th e clar it y , qua li t y , cr eat iv it y
an d ef ficacy of progr am s desi gn ed t o del iv er t he
or gan izat ion 's m essag e t o in fluen ce t he m ar k et ,
prom ot e t he brand an d business, incr ease aw ar en ess
of t he pr od uct s, an d est ab lish a posit iv e ident ificat ion
w it h t he pr od uct / br an d and organ izat ion in t he m in ds
of bu y er s. This m in d shar e can be driv en by a
com bi nat ion of pu bli cit y , pr om ot ion al in it ia t iv es,
t hou ght leader ship, w or d- of - m ou t h an d sale s act iv it ies.
Cu st om er Ex pe r ien ce : Relat ion ships, pr od uct s an d
serv ices/ pr og ram s t hat en ab le clien t s t o be successf ul
w it h t he pr od uct s ev al uat ed. Sp eci fical ly , t his includes
t he w ay s cust om er s r eceiv e t ech nical suppor t or
account suppo rt . This can also include ancill ar y t ools,
cu st om er su pp or t progr am s ( an d t he qu al it y t her eo f) ,
av ail ab il it y of user gr ou ps, SLAs and so on.
Op er a t ions: The ab ili t y of t he or ganizat io n t o m eet it s
goals an d com m it m en t s. Fact or s include t he qu al it y of
t he organ izat ion al st ruct ur e, in cludin g sk il ls,
ex per iences, progr am s, sy st em s an d ot her v eh icles
t hat en ab le t he or gan izat ion t o ope rat e ef fect iv el y an d
ef ficien t ly on an ongo in g ba sis.
Completeness of Vision
M a r k et U nde r st a nd in g: Ab ili t y of t he v en dor t o
unde rst an d bu y er s' w an t s and needs, an d t o t r an slat e
t hose int o produ ct s and ser v ices. Vendo rs t hat sh ow
t he high est degr ee of v ision list en an d un der st and
buy er s' wan t s an d needs, an d can sh ap e or en han ce
t hose w it h t hei r added v ision .
M a r k et in g St r at e gy: A clear , differ en t iat ed set of
m essag es consist en t ly com m unicat ed t hr ou gho ut t he
or gan izat ion an d ex t er nalized t hr ou gh t he w ebsit e,
ad v er t isin g, cu st om er pr og ram s an d posi t ion in g
st at em en t s.
Sale s St r a t e gy: Th e st r at eg y for selli ng pr od uct s t hat
uses t he app r op riat e net w or k of di rect an d indi rect
sale s, m ark et ing, serv ice, an d com m unicat ion af fil ia t es
t hat ex t en d t he sco pe an d dep t h of m ar k et r each ,
sk il ls, ex per t ise, t ech nologies, serv ices an d t he
cu st om er base.
Of f er in g ( Pr oduct ) St r a t eg y: Th e v en do r' s appr oach
t o pr od uct dev el op m en t an d del iv er y t hat em phasizes
diff er en t iat ion , funct io nalit y , m et hod ol og y an d feat ur e
set s as t hey m ap t o cur rent an d f ut ur e r eq ui r em ent s.
Busi ne ss M ode l: The soun dness an d log ic of t he
v en dor 's under ly in g bu siness pr op osit ion .
V er t ica l/ I nd ust r y St r a t e gy: Th e v en dor 's st r at eg y
t o di rect r esou rces, sk il ls an d of fer ings t o m eet t he
specific needs of ind iv id ual m ark et seg m en t s, in cludin g
v er t ical m ar k et s.
I n nova t ion: Di r ect , relat ed , com ple m en t ar y an d
sy ner gist ic lay out s of resou r ces, ex pe rt ise or cap it al for
inv est m en t , consolid at ion , def en siv e or pr e- em pt iv e
purposes.
Geogr a ph ic St r a t eg y: The v en do r' s st r at eg y t o direct
r eso urces, sk il ls an d of f er ings t o m eet t he specific
needs of geograph ies ou t side t he "hom e" or nat iv e
geograph y , eit her dir ect ly or t hr ou gh par t ner s,
ch an ne ls an d subsidiar ies, as ap pr op riat e f or t hat
geograph y and m ar k et .
18.02.2013
Magic Quadrant for Content-Aware Data Loss Prevention Seite 3 von 11
there are alw ays risks associated with acquisit ion s of this n at u re, it is Gar tner 's belief that t he ex isting
relat ion ship w ill con tin ue as is for at least the nex t 12 m ont hs. © 2 013 Gart ner, I n c. and/ or it s aff iliat es. All r ight s
r eser v ed . Gart ner is a regi st er ed t radem ar k of Gart ner ,
St r e ngth s I nc. or it s af filiates. This publicat ion m ay not be
r ep roduced or dist r ibut ed in an y fo r m without Gart ner ’s
Fidelis has one of the st rongest cont ent in spection and n et w ork t hroughput capabilit ies available in pr ior wr itt en pe rm issi on . Th e in fo r m at ion con tained in
a conten t- aw ar e DLP applian ce. t his publicat ion has be en obtained fr om sour ces believed
I ts dif fer entiat ing approach em phasizes prot ect ing from ex ternal t hreat sou rces, in addition to t o b e r eliab le. Gar tn er disclaim s all warr an t ies as t o t he
accu r acy, com plet en ess or ad eq uacy of su ch inform ation
tradit ional in ter n ally sou rced DLP.
and shall hav e no liab ilit y for er rors, om ission s or
I ts product road m ap pr ov ides ev idence of strong v endor responsiveness and a pr ocess th at inadeq uacies in su ch infor m at ion. Th is publicat ion
enables cust om er s to influence product direction. con sist s of t he op inions of Gart ner ’s r esea rch
organizat ion a nd sh ou ld not be constr ued as st at em en t s
Fidelis' m alware pr ot ect ion capabilities ar e a differ ent iator.
of fact . Th e opinions expressed her ein are subj ect t o
ch an ge wit hou t not ice. Alt hough Gart ner resear ch m ay
Caut ions include a discu ssion of r elat ed leg al i ssues, Gart ner doe s
not pr ovide leg al ad vice or ser vices a nd it s r esear ch
The Fidelis offer ing can easily suppor t sim ple DLP regu lator y com pliance deploy m ent use cases; sh ould not be const rued or u sed as su ch. Gar t ner is a
however , th er e ar e low er - cost an d sim pler alt er natives av ailable in th e m ar k et . public com pan y , an d it s sh ar eh older s m ay include firm s
Although t he product prov ides in du st ry- leading content detection and ev ent analysis, w or kflow and fun ds t hat have financial int er est s in en tities cov er ed
in Gar tn er r esear ch. Gar t ner ’s Boa rd of Dir ect or s m ay
and ot her adm inistrative funct ions ar e m or e basic in com parison w it h en ter prise cont ent- aware
include sen ior m anag ers of t hese firm s or fu nds. Gart ner
DLP v endors. r esear ch is pr od uced indep enden t ly by it s resea rch
Even t severit y is not granu lar an d does n ot take into accoun t event det ails to the ex t ent th at som e organizat ion w it hou t inpu t or influ en ce from t hese f ir m s,
ot her of fer ings do. funds or th eir m anag er s. For fur t her i nfor m at ion on t he
indepen den ce and int eg rit y of Gar t ner resea rch, see
Although Gen er al Dynam ics has an nou nced that t he relat ionsh ip bet w een Fidelis and Verdasys — “Gu iding Pr inciples on I ndep en de nce an d Ob ject ivit y” on
along with the cu rrent DLP road m ap — will not change, ex ist ing cust om er s sh ould under stand
that t her e ar e alw ay s inher ent risks durin g a change of ow ner ship.

Ret u rn t o Top

GTB Technologies
GTB Technologies provides a com plet e cont ent -aw ar e DLP solution set t hat offers capabilit ies to suppor t
bot h regulatory com pliance and intellectu al property ( I P) use cases using endpoint, netw or k an d
discover y . Most deploym ents ar e w it hin sm all or m idsize bu sin esses ( SMBs) that rely on a r elatively
sm all t eam of adm inistrators to su pport their users.

St r e ngth s
Clients repor t that GTB is very responsive and adaptive to th eir deploym ent needs.
GTB is am ong a ver y sm all set of con tent - aw ar e DLP v endors that have int egrat ed enter prise
digital rights m anagem ent/ in for m at ion r ights m anagem ent rem ediation capabilit ies dir ect ly within
their DLP solutions.
GTB's inv est m ent in enhan cem ent s t o their UI h as result ed in im proved ease of use w hen
deploying policies acr oss any com bin at ion of net w or k, endpoint or discover y.
The v endor is focusing on m ak ing t he solution clou d-r eady.
GTB's content- aw are DLP capabilities for a vir t ualized envir onm ent w er e high ly r at ed by client s.

Caut ions
GTB's produ cts are focused on techn ical capabilit ies, rat her than w or k flow an d providing sim plif ied
m eans of addr essing business concer ns ov er dat a loss. Alt hou gh th is approach has it s m er it w ith
sm aller or ganizat ions, lar ger deploy m en ts m ust em phasize the business unit's role in content-
aw ar e DLP deploym ents, w hich can be m or e dif ficult t o r ealize w ith t he ex isting offer in g.
Although GTB m ade significant im provem ent s in its UI , Gartner assesses that t he over all solution
m aint ains an inconsistent look and feel across the var ious pr oduct com ponent s.
Gar tn er assesses th at the reporting and au dit logging ar e basic w hen com par ed to com pet itors
selling t o lar ge en ter pr ises. The solut ion only provides access t o event s, rather th an prov iding a
relat ion ship w it h risk- based reportin g.

Ret u rn t o Top

InfoWatch
I nfoWat ch is a Russi an- based conten t- aw ar e DLP vendor t hat has sold solutions in Russia since 2 004.
I nfoWat ch began it s internat ional sales expansion du ring the past year , and is showing good product
capabilit y dev elopm ent, innovat ive features and a relat iv e high lev el of m at urit y for a n ew product .
Although it is not quite ready t o be called enter prise- grade, it prov ides signif icant ly m ore capabilities
than m ost DLP- lite offer ings in the m arket .

I nfoWat ch has established an ear ly t rack record of happy cust om er references, w hich included ty pical
content- aw are DLP adopters in t he banking sect or , bu t also included ent er tainm ent an d m edia
or ganizat ions, w hich is not as typical. As w ou ld be ex pected, I nfoWat ch's cu st om er base was prim ar ily
located out side of North Am er ica, but efforts are being put into place t o su pport sales ex pansion via
par t ner s and reseller s.

St r e ngth s
I nfoWat ch offer s st rong language and in ter n at ion alization support.
I t supports USB dev ice m onit or ing.
I ts color- codin g of ev ent type and sev er ity is inn ov ativ e.
Sensitiv e data substitution is suppor ted u sing sh adow copies of files. The or igin al is ret ained, yet
the sensitive con tent is r em oved before it hit s t he presentation lay er .

Caut ions
Although its over all of fer ing dem onst rat es prom ise, it is st ill in an early stage, w it h basic netw or k
and endpoint capabilit ies and no cu rrent support for dat a discov ery.
I nfoWat ch's product does not have built- in policies. I t prov ides in dust ry- specif ic content filtering
dat abases, w hich clien ts can either use t o creat e th eir ow n policies or engage w ith t he vendor t o
build policies on their behalf.
I ts console and policy engin e are basic. Con tent inspection and det ection ar e lim ited and do not
inclu de adv anced det ection m echanism s. I nfoWatch uses a m ultistep scr ipt ing pr ocess using a flat

http://www.gartner.com/technology/reprints.do?id=1-1DGZXGK& ct=130104& st=sb 18.02.2013

Magic Quadrant for Content-Aware Data Loss Prevention Seite 4 von 11
file containing policy definit ions. The process r equir es contact ing v endor suppor t to create new it s web sit e,
policies. This can r esu lt in sev er e client dissatisfact ion over the disclosure of the nature of t he
content- aw are DLP in spection clien ts want to per for m .
Logging relies on Oracle Dat abase and is not nat iv ely int egrat ed.

Ret u rn t o Top

McAfee
Now part of I ntel, th e McAfee content- aw ar e DLP solu tion h as under gone signif icant im prov em ents
since th e publishing of the prev ious content- aw ar e DLP Magic Quadrant. Alt hough the over all of fer ing
does n ot possess som e of th e im pressive niche use-case feat ures provided by som e of it s com pet ition,
sever al of the st andard feat u res inclu ded w it hin the produ ct of fer ing are bet t er t han it s com pet it ors.

The k ey different iator , out side of t he McAfee ePolicy Orchestrator ( ePO) int egration, rem ains the
capture dat abase. This cent ralized inven tor y of act iv ity data is used in t he testing an d st ream lining of
new policies to address possible false positiv es and t o reduce deploym ent t im e.

Cust om er sat isfaction was an issue in prev ious Magic Quadrant s for McAfee, and the ven dor continues
to score relativ ely low in this ar ea. Clients also r epor ted con cer ns ov er long- term product innovation
under I ntel' s ow ner sh ip of McAfee. At th e en d of 20 11, th er e was a significant r educt ion in t he over all
size of th e cont ent - aw ar e DLP t eam becau se of in ter n al realign m en t. This is in shar p contr ast w it h other
vendors in this m arket that m ade an d continue to m ak e signif icant inv est m en ts in their core t eam and
adj acen t product head cou nt. Alth ough this situat ion h as been corrected during 20 12, an d the dedicated
st aff count has increased, it cont inu es to be sign ificantly below t he lev els of other vendor s in t he
Leader s quadr ant .

St r e ngth s
McAfee's case m anagem en t w orkflow is one of th e st rongest in t his m ar ket, an d enables both
com m ent s and extra docum ents t o be added or delet ed from the case recor d as requ ir ed in the
dif fer ent st ages of ev ent m an agem ent .
Detection on non tex t cont ent ( for ex am ple, pictu res) is based on both the content and m et adat a.
I ts endpoin t DLP product can be deployed in a st and- alone configuration.
Feat ures geared t ow ar d em er gin g platform s, such as social m edia and m obile dev ices, w er e
notably good.
The capt ure database, wh ich allow s for prev iou sly captur ed dat a to be u sed for an aly sis and
testing new rules, is an innovat iv e an d distinct iv e featur e th at has been w ell- received by clien ts
and continues t o be reported as a leadin g feat ur e for client s adoptin g the McAfee con tent - aw ar e
DLP solution .

Caut ions
The r edaction function eit her encrypts sensitive conten t ( netw or k ) or replaces files w it h
placeh olders ( endpoint) . I t does not m ain tain t he integrit y of t he conten t, because it sim ply
replaces the sen sitiv e portion with substitut ed t ex t.
McAfee cont inu es to have a basic offering for virtualized env ir onm ents. Alt hough Gar t ner obser ves
that t he technology is u sed in vir t ualized envir onm ent s by som e cu st om er s on an ex per im ental
basis, it was not officially suppor ted by McAfee at the tim e of this analy sis. McAfee's approach t o
vir tualizat ion is not as w ell- ar t iculated as som e of its com petit or s.
Cust om er s hav e expressed to Gar tn er som e frust ration w ith McAfee's support for th e m anagem ent
of in cidents — in t er m s of both capacit y an d or ganizat ional capabilities.
A var iet y of m inor issues reported by client s suggests room for im provem ent in qualit y assu ran ce,
inclu ding r epor ts that u pdates, for exam ple, have on occasion brok en existin g feat ur es, and t hat
produ ct docum entation is not t o t he standar d of its peer com pet it or s because of out dat ed or
incom plete conten t.

Ret u rn t o Top

Palisade Systems
Palisade Sy stem s' Packet Su re DLP offer ing has h ad only m inor capability enhancem en ts in the past
year. Product capabilities rem ain firm ly w ithin th e t raditional regulatory com pliance segm ent of content-
aw ar e DLP deploym ents. The offer ing su ppor t s n et w ork, endpoint and agent- based discov ery funct ions.
The Packet Sure DLP appliance solution com bines URL filt er ing, I M proxy, applicat ion filter ing and
em ail/ Web proxy in a single offer in g at an SMB- friendly price. Leading cust om er deploym ents include
presence in t he h ealthcar e, financial services and edu cat ion sect or s.

St r e ngth s
Sim plicity of deploy m ent an d in tegration with Web an d m ail secur it y services rem ains a h igh not e
for Palisade client s.
Palisade provides a reasonably com prehensive list of def ault policies that is directly applicable in a
regulat or y com pliance deploym ent use case.
Palisade su ppor t s em ail encr yption solu tions ( for ex am ple, Pret t y Good Priv acy , Volt age Securit y
and Cisco- I ronPor t ) for autom ated rem ediation.
Although t he Palisade of fer ing is not as t ech nically soph isticat ed as t hat of other vendor s,
cust om ers tend to be v er y happy with their deploym ents.

Caut ions
Although t he product is com petit iv e w it h in the SMB space, lack of signif icant in vestm ent in t he
dev elopm ent of m or e adv anced capabilities and m ore stream lin ed m anagem ent r esu lt s in a
produ ct that h as lim ited appeal beyond low- com plex it y SMB deploym ents.
Gar tn er assesses th at the m anagem ent inter face is not as intuitive or as easy t o use as it could be
for t he SMB m arket segm ent.
Defau lt policy m odificat ions and policy updat es ar e reported as som ew hat aw kw ar d and can be
confu sin g for t he t ypical par t- tim e adm inistr at ors in an SMB envir onm ent .
The m askin g of sensitive data from unauthorized users in t he m anagem ent in ter face is st ill not
supported.

http://www.gartner.com/technology/reprints.do?id=1-1DGZXGK& ct=130104& st=sb 18.02.2013

Magic Quadrant for Content-Aware Data Loss Prevention Seite 5 von 11
The m ar k et in the low- com plex it y DLP deploym ents is becom ing cr ow ded w ith offer ings from
channel- DLP and DLP-lit e solution provider s ( see The Tren d for Channel- DLP and DLP- Lite
section ). Alt hou gh Palisade cont inu es to represen t v alu e t o its client base, Gar tner believes
signif icant capabilit y and pricing pressu res for t he n ew of fer ings w ill have a direct im pact on
Palisade's abilit y t o grow its client base.

Ret u rn t o Top

RSA, The Security Division of EMC

The offer ing from RSA, The Security Division of EMC, has had significant im provem ents since t he
prev iou s con tent - aw ar e DLP Magic Qu adrant. I nt egrat ion of the DLP solution w it h Ar cher an d
NetWitness provides a notable v alu e t o client s alr eady using t hese offerings w it hin their environm en ts.
The u pdated UI appears to be the result of a deep rev iew an d an aly sis of h ow cust om er s ty pically use
the product . Alt hough repor t capabilities h av e advanced, they ar e not quit e yet at t he stage w here t rue
risk- based repor t ing is av ailable out of the box. The OEM agr eem ent with Cisco's I ron Port em ail
encryption of fer ing continues to be st ron g, and a sim plif ied upgrade pat h fr om the I ronPort RSA of fer ing
to th e full RSA ent er prise solut ion h as been av ailable since ear ly 20 12.

St r e ngth s
The stated RSA v ision an d product dev elopm ent plans ar e am ong th e m ost com plete of any
vendor. I f well-executed, t hey could present a seriou s ch allenge t o Sym ant ec ov er t he n ex t few
years.
Flex ibilit y and scalabilit y of RSA's data discover y capabilit ies cont inu e to be am on g the best in t he
m arket .
RSA has a st ron g focus on virtu al desk top infrastru ctu re and m obile with good virtualized
environm ent capabilit ies. I t dem on str at ed a clear under standin g of th e issues ar ound DLP
capabilit ies in t he cloud.
I ts new m an agem ent int er face is significan tly im proved and provides new capabilities t hat ar e
focused on assistin g large or ganizat ional deploy m ent s, in addition to m ore com prehensiv e opt ions
for def ining adm inistrativ e roles.
Repor t ing capabilit ies out of the box target line of business (LOB) audiences, in addition to ot her
tradit ional audiences ( for ex am ple, techn ology practit ioner s) .

Caut ions
RSA is on e of a few DLP solut ions that do not digit ally sign their logs and records, w hich is odd for
a vendor w it h a st rong focu s on Ar ch er and NetWit ness integrat ion .
Substitut ion of sensit iv e infor m at ion occurs during th e presen tat ion of t he ev en t record and is a
w eaker appr oach than som e other ven dor s.
The endpoint agent cont inu es to be basic, and clients reported per for m an ce and accu racy issues
w it h using som e of the advanced cont ent finger printing capabilities on the endpoint .

Ret u rn t o Top

Symantec
Sym ant ec ret ains a leadership position again for this y ear; how ev er , the com pet ition is closing the
technical gap. The product offering continues t o be com posed of a solid base of com ponen ts, and it also
prov ides a st ron g m ix of new feat u res focused on integrat ing DLP capabilities in disr uptive t echnologies,
such as cloud, m obility and virtu alized en vir onm ents. Although Sy m antec had a significant focus on
regulat or y com pliance deploym ent use cases in t he past , produ ct enhancem en ts hav e pushed I P
prot ection w ith this con tent - aw ar e DLP offer ing as a st rong value.

I ts product road m ap vision has been developed with signif icant custom er en gagem ent and is am on g
the m ost aggr essiv e in th is m arket . As a result , client ex pect at ion s are v er y high for fort hcom ing
enhancem ents. Alt hough Sy m antec is sim ilar to other vendors in that plan ned product road m ap
featur es occasionally ar e delay ed, the im pact of t hese delay s t end to be m or e com poun ded in th e m inds
of Sy m antec clients. Clients ar e rem inded t o alw ays consider any pr oduct acquisition based on ex istin g
fun ction ality to ensure that all t heir requ ir em ent s ar e m et w it h t he cu rrent capabilit y set. Sy m an tec's
new CEO has in dicated that t he com pan y plans to roll out new st rat egies in the fir st quar ter . At t his
tim e, Gar tner does n ot believ e th at these will im pact Sym ant ec' s cu rrent conten t- aw ar e DLP of fer ing.

St r e ngth s
Cont ent -aware DLP for tablet s has been signif icantly im proved and is on e of t he top capabilit ies
discussed by clients.
Cont ent ex t raction capabilit ies have also been advanced and prov ide a m or e com prehen sive
solut ion t o address I P pr ot ect ion deploy m ent s.
I ntegrat ion of native DLP capabilities within other Sy m antec product s (such as Dat a I n sigh t) is
reported as a key acquisit ion cr it erion by clients.

Caut ions
Sym ant ec has an im pressive road m ap, but clien ts report concer ns with on- t im e deliv ery of som e
road m ap feat ures. Sym ant ec ex plains that it pr iorit izes agilit y t o n ew m arket conditions over a
fixed road m ap; how ev er , client ex pectations ar e not alw ay s r ecalibrat ed accordingly as changes
occur .
Although t he m an agem ent console is fully funct ional, it is n o lon ger com pet itively th e st andout in
Gar tn er - obser ved select ion s.
Many of Sym antec' s refer ence cu st om er s com plained t o Gar tner th at support for th e past 12 to 18
m onth s h as not fully m et their expectat ions. Concerns were r aised over tr ouble t icket s rem aining
w it h first -lin e su ppor t for longer periods than w ould be ex pected before bein g escalat ed. Although
Sym ant ec has incr eased its su pport st aff by 29% in 2 012 ov er 20 11 lev els, it w ill t ak e som e tim e
for t he r am p- up to result in bet ter satisfact ion sco res.
Final deal pricing continues t o be at t he upper- prem ium end wh en com par ed to alt ernat iv es.

Ret u rn t o Top

Trustwave

http://www.gartner.com/technology/reprints.do?id=1-1DGZXGK& ct=130104& st=sb 18.02.2013

Magic Quadrant for Content-Aware Data Loss Prevention Seite 6 von 11
Trust wave obt ain ed a com prehensiv e set of endpoint , net work and discov ery capabilities wh en it
acquir ed Vericept in 2009 ; however , t he product h as seen very lit tle in term s of u pdates or
enhancem ents since. Trust wave tar gets the cor e com pliance deploym ent m arket w it h th is of fer ing,
w hich has rem ained very stable in t er m s of requirem ents in t he past sever al y ear s.

St r e ngth s
Core technology at the heart of the of fer ing t hat can support com plex use cases.
Trust wave int egrat es it s secure Web gat ew ay , SI EM and conten t- aw ar e DLP of fer ings int o a single
security solut ion.
I ts m anagem en t con sole prov ides good dashboar ds an d w or k flow .
Although t he offer ing com es with predef ined regu lat or y com pliance an d accept able use- case
policies, the CANDL scripting language can be used t o creat e cu stom policy sets; however ,
Trust wave' s current tar get m ar k et will ty pically only lever age t his capability in a m inim al w ay.

Caut ions
Trust wave' s pr oduct still does n ot su pport dou ble- byt e char act er set s.
Gar tn er sees t he Trustw av e client base as focused prim ar ily w it h in regulat ory com plian ce use
cases and m or e specif ically with a sw eet spot on PCI requ ir em en ts. I n vest m ent in pr oduct
enhancem ents that would ex t end cor e capabilities beyon d th is target m ar ket has been m inim al —
thu s, lim iting its appeal t o ot her pot ential clients.
I ts prepackaged su it e of policies is lim it ed. Addit ional policies ar e only offer ed on a dem and basis.

Ret u rn t o Top

Verdasys
Verdasy s con tin ues to focus on I P u se cases w it h an offering that provides str ong auditin g and
w or kflow. Managem ent console in tegration with Fidelis applian ces provides a fu lly rounded set of
endpoint , net work and discovery capabilities. A new m anaged ser vice offerin g increases t he appeal of
the solu tion to or ganizat ions that do not want to operat e a DLP solut ion in- hou se.

Verdasy s h as an OEM partn er sh ip w ith Fidelis, w her e Verdasys of fer s integrat ed Fidelis DLP and
cyberthr eat def ense capabilities w ithin its m anagem ent console. Fidelis w as acquir ed by Gen er al
Dy nam ics in Au gust 20 12. Gen eral Dy nam ics, Fidelis and Verdasys hav e all st at ed publicly and t o
Gar tn er t heir j oint inten t t o continue this r elationsh ip. Alt hough there ar e always risks associat ed w it h
acquisit ions of this nat u re, it is Gartner's belief that the ex isting r elationsh ip will cont inue as is for at
least th e next 12 m on ths.

St r e ngth s
Verdasy s h as a str ong capabilit y set for supporting com plex I P protection deploym ents.
I ts new investigat ion m odule provides nat iv e capabilit ies for str eam linin g and supporting
inv est igations.
I t offer s adv anced loggin g an d auditing fu nct ions, and has bu ilt- in support for EU privacy cont rols.
I ts su ppor t for Linux an d Apple deskt ops is a unique capability in this m ar ket .
Verdasy s offer s st ron g su pport for virtu alized en vir onm ent deploym ents.
Managem ent console suppor t t o m an age Fidelis appliances cr eat es a full- featured offer ing with
best - of -br eed com pon ents.
Verdasy s h as a m an aged ser v ice offering opt ion for or ganizat ions that do not w ant t o operat e a
DLP deploym ent.

Caut ions
Gar tn er client s h av e reported situations w her e som e issu es hav e taken a long tim e to resolv e an d
that external assist ance can be requir ed to bring outst anding issues t o resolution.
Becau se of deep int egrat ion of Ver dasys capabilities within endpoint OS and applicat ion
environm ents, Gar tner clients report that softw ar e updates an d upgrades typically require m ore
testing t han with ot her softw ar e offerin gs t o ver ify capabilit y support and to ensu re m inim al
im pacts of ch anges on oper ations.
Although Gen er al Dynam ics has an nou nced that t he relat ionsh ip bet w een Fidelis and Verdasys —
along with the cu rrent DLP road m ap — will not change, ex ist ing custom er s sh ould under stand
that t her e ar e alw ay s t he u sual inher ent risks during an y change of own er sh ip.

Ret u rn t o Top

Websense
Websense's DLP offer in g has im proved consist ently for the past sev eral years and has been am ong th e
m ost fu ll- feat ured DLP solutions available in t his m ar k et . I t of fer s a good blend of endpoint , net w ork
and dat a discover y capabilities. This y ear, it has in troduced enhanced capabilities t o support m obile
dev ices and also t he abilit y to use advan ced per sist ent th reat feat u res w it h in the DLP solution to bet ter
ev aluate risks.

St r e ngth s
Websense of fer s a fu ll-feat ured DLP solution that supports endpoint , net work and data discover y .
I ts " drip DLP" feat ure m onit or s for slow leaks of inform at ion over a long per iod of tim e.
Websense has a st rong policy engine w it h good r em ediat ion options.
I ts opt ical ch ar acter recognit ion ( OCR) capabilit ies identify sensit iv e cont ent within sca nned
docum ents.

Caut ions
I ts redact ion capabilities ar e only supported for dat a at rest .
Websense has been in a leader ship role within t he conten t- aw ar e DLP m arket for sev eral years;
however , it appears t o Gartner th at it s product road m ap is show in g signs of slow er feat ur e
adoption when com par ed to th ose of its com pet itors. This cou ld im pact it s futur e appeal to clients
and it s over all position in t he m ar ket .

http://www.gartner.com/technology/reprints.do?id=1-1DGZXGK& ct=130104& st=sb 18.02.2013

Magic Quadrant for Content-Aware Data Loss Prevention Seite 7 von 11
Ret u rn t o Top

Vendors Added or Dropped

We review and adj ust our inclusion crit er ia for Magic Quadrants and Market Scopes as m ar k et s ch ange.
As a result of t hese adj ust m en ts, t he m ix of vendor s in any Magic Quadran t or Mar ketScope m ay
change ov er tim e. A v endor appear ing in a Magic Quadrant or Mar ket Scope one year and not t he nex t
does n ot necessar ily in dicate that w e hav e ch anged ou r opinion of th at vendor. This m ay be a ref lection
of a change in the m arket and, t her efore, ch anged ev aluation criter ia, or a ch ange of focu s by a vendor.

Ret u rn t o Top

Added
I nfoWat ch, based in Russia, is a new entr ant in the 20 13 Magic Quadran t.

Ret u rn t o Top

Dropped
Trend Micro has been in t he process of w in ding dow n its st and- alon e en ter pr ise DLP solut ion and
has announced end- of- sale for t his product . Trend Micr o has m igrat ed t o a strategy of em beddin g
it s DLP capabilities w ithin its endpoint an d gat ew ay solut ions. This is consider ed a chan nel-DLP
approach and, at this tim e, does not m eet the in clusion criter ia for t his Magic Quadr ant .
Safend was acqu ir ed by Wave Sy st em s and did not m eet th is year's in clusion criter ia.

Ret u rn t o Top

Inclusion and Exclusion Criteria

This Magic Quadr ant is restr ict ed t o enterprise conten t- aw ar e DLP produ cts.

Vendor s are included in this Magic Quadrant if t heir offerings:

Can detect sensit iv e cont ent in at least tw o of netw or k tr affic, data at rest or endpoint oper at ions
Have a relat ively soph ist icat ed, cen tralized policy an d ev ent m an agem ent console
Can detect sensit iv e cont ent using at least three of the follow ing content- aw ar e det ection
techniques, including partial and ex act docum en t m at ching, st ruct ured dat a finger pr int ing,
st at ist ical analy sis, ex t ended regular expression m atch ing, and conceptu al and lex icon analysis
Can support t he det ection of sensitive data cont ent in st ruct ured and u nst ructured dat a, using
registered or descr ibed dat a def initions
Can block, at m inim um , policy violat ions that occur v ia em ail com m un ication
Wer e gener ally available as of 29 February 2 012

Vendor s m ust also be det erm ined by Gar t ner t o be significan t play ers in the m arket , because of m ar ket
presence or t ech nology inn ov ation:

Although Fidelis does not str ictly m eet these cr iter ia because it is a netw or k- only cont ent- aware
DLP appliance solution , we hav e included Fidelis in the Magic Quadrant for th e follow ing reasons:
Fidelis' product has a particular ly im pressiv e det ection capability.
Client inquiries and deploym ents su pport Fidelis as being a viable alt ernat iv e to enter pr ise
DLP offer ings.
The r elationship bet w een Verdasys and Fidelis is su ch that inclusion is w ar r ant ed.

Vendor s are excluded from t his Magic Quadr ant if th eir of fer ings:

Use only sim ple dat a det ect ion m ech anism s ( for ex am ple, supporting only key word m at ch ing,
lexicons or sim ple regular ex pression s)
Have netw or k -based functions t hat su pport few er th an fou r protocols ( for ex am ple, em ail, inst ant
m essaging and HTTP)
Prim arily su ppor t DLP policy enforcem en t via conten t t ags assigned t o obj ects

Ret u rn t o Top

Evaluation Criteria
Ability to Execute
Ability t o Execute is ranked according to a vendor's ability to provide to th e m ar ket a cont ent- aware
DLP pr oduct t hat m eets cust om er feature/ funct ion capabilit y requirem ent s, as w ell as their abilit y to
deliver and ex ecut e t he product w it h a high lev el of ser vice guarant ee and cu stom er support.

Vendor rat ings ar e m ost influenced by the vendor ' s under st anding of the m arket , it s pr ocesses for
solicitin g cu stom er feedback, an d the ex perience of th e cu st om er . We also take into accoun t t he
av ailabilit y of solut ions for em er gin g platform s, such as clou d and m obile dev ices.

Weigh ts ar e su bj ect iv e an d contextual. Reader s w ho conduct th eir ow n RFI s m ay ch oose t o change

w eight s to suit the needs of t heir business an d their industry :

Pr oduct / Se r v ice com par es t he com pleten ess an d appropriateness of core cont ent - aw ar e DLP
technology capability. This is the m ost ex haustive of all of the assessed criteria.
Sa le s Ex e cu t ion / Pr icing com par es t he strength of a vendor's sales, par tner ships, sales
channels, deploym ent plans, pricing m odels and indust ry su ppor t.
M a r k e t Re sponsiv e ne ss a nd Tr a ck Re co rd reflects how vendors respond to custom er feedback
by assessing per form ance again st prev iou s pr oduct r oad m aps, cont ent of fut ure produ ct road
m aps and t he cultiv at ion of strat egic advant ages.
Custom e r Ex pe r ie nce is a com bined rat ing of the m ater ials prov ided t o custom ers w hen t hey
purchase t he t echnology and, m or e significan tly , what cu stom er s t ell us about their ex per iences —
good or bad — w it h each ven dor .

http://www.gartner.com/technology/reprints.do?id=1-1DGZXGK& ct=130104& st=sb 18.02.2013

Magic Quadrant for Content-Aware Data Loss Prevention Seite 8 von 11
Ope r a t ion s assesses the ability of the vendor t o prov ide support acr oss all aspects of th e
cust om er en gagem ent dom ain.

Ta ble 1 . Ab ility to Execut e Ev aluat ion Crit er ia

Eva lua t io n Crit er ia W e ig h t in g

Prod uct/ Ser vice High

Over all Viabilit y ( Business Unit , Financial, St rat egy, Or ganizat ion ) No Rating

Sales Execut ion/ Pricing High

Market Responsiven ess an d Track Recor d St an dard

Market ing Execution No Rating

Cust om er Experience High

Oper at ion s High

Source: Gartner (January 2013)

Completeness of Vision
The Gar tner scor ing m odel fav ors providers t hat dem on str at e Com plet eness of Vision — in t er m s of
st rat egy for the fut ure — and th e Ab ility to Execut e on t hat vision. Gar tner continues t o place stronger
em phasis on technologies t han on m arket ing and sales st rat egies.

Com plet eness of Vision is ranked accor ding t o a v endor's ability t o show a com m it m ent to con tent -
aw ar e DLP technology developm ents in an ticipation of user w ant s and needs th at turn ou t t o be on
target with the m arket . A clear under st anding of the business needs of DLP cu st om er s — even those
that do not fully recognize those needs them selv es — is an essen tial com ponent of t hat vision. This
m eans that vendors should focus on enter pr ises' business- and r egulation- driven needs t o ident if y,
locate and control the sensitiv e data st or ed on their net w orks and passin g their boun dar ies.

Our Com plet eness of Vision w eightings ar e m ost influ enced by four basic cat egor ies of capability:
net work per form ance, endpoint per for m an ce, discovery perform ance and m anagem ent consoles.
Weigh ts ar e su bj ect iv e an d contextual. Reader s w ho conduct th eir ow n RFI s m ay ch oose t o change t he
w eight s to suit the needs of t heir business an d their industry :

M a r k e t Unde r st a nding is rank ed th rou gh obser v at ion of th e degr ee to wh ich a ven dor's
produ cts, road m aps and m issions ant icipat e leading- edge thinkin g about buyer s' w ants an d
needs. I ncluded in this criter ion category is how buyer s' wants an d needs are assessed and t hen
brou ght t o m arket in a product ion- ready of fer ing.
M a r k e t ing St ra te gy assesses wh et her a ven dor under stands it s differ entiat ion from its
com petit or s and how w ell th is fits in w it h how it thinks th e m ar ket w ill ev olv e.
Sa le s St r a t e gy ex am ines the ven dor ' s strategy for sellin g produ cts, in clu ding t heir pricing
st ruct ure and their partnersh ips within t he DLP m ar k et place.
Offe r ing ( Pr oduct ) St r a t e gy assesses t he differ en tiation of it s pr oducts from it s com pet itors,
and how it plan s t o dev elop these pr oducts in the fu ture.
I nnova t ion looks at the in nov at ive features t hat vendor s have developed to assess w het h er t hey
ar e th ought leader s or sim ply follow ing the pack, and also th e ex tent to w hich their pr oducts ar e
able t o com bin e w it h other relevant disruptive technologies.
Ge ogra phic St r a te gy is an assessm ent of the ven dor' s u nder standing of the needs and nuances
of each region, and how the product is positioned to suppor t th ose nu ances.

Ta ble 2 . Com pleteness of Vision

Evaluation Criteria

Eva lua t io n Crit er ia W eigh t in g

Market Underst anding St an dard

Market ing Strat egy St an dard

Sales St r at egy St an dard

Offering (Produ ct) St rat eg y High

Business Model No Rating

Vertical/ I ndu stry Strat eg y No Rating

I nno vat ion High

Geogr ap hic Strat egy St an dard

Source: Gartner (January 2013)

Quadrant Descriptions
Leaders
Leader s have pr oducts that w ork w ell for Gar t ner client s in m idsize and lar ge deploy m ent s. They hav e
dem onstrated a good under standing of client n eeds an d generally offer co m preh ensive capabilit ies in all
thr ee functional areas — net work, discov ery and en dpoint. They hav e st rong m anagem ent int er faces,
and hav e tight int egration w ith oth er product s within t heir brand or t hrough w ell- established
par t ner ships and tight int egrat ion. They of fer aggressive road m aps and usually deliv er on t hem . Their
DLP pr oducts ar e w ell- known to clients and ar e frequen tly found on RFP sh or t lists.

Ret u rn t o Top

Challengers

http://www.gartner.com/technology/reprints.do?id=1-1DGZXGK& ct=130104& st=sb 18.02.2013

Magic Quadrant for Content-Aware Data Loss Prevention Seite 9 von 11
Challen gers hav e com pet itiv e visibilit y an d ex ecut ion su ccess in specific industry sectors that are bet t er
- dev eloped than Niche Play er s. Challenger s offer all th e cor e feat ur es of cont ent- aware DLP, but
typically th eir vision, road m aps or product deliv ery is nar r ow er than th e Leader s. Challenger s m ay
hav e difficulty com m unicat ing or deliver ing t heir vision in a com pet it ive way outside their core industry
sector.

Ret u rn t o Top

Visionaries
Visionaries m ak e investm ents in broad funct ionalit y and plat for m su ppor t, but their com pet it ive clout ,
visibility and m ar k et share don't reach th e lev el of Leaders. Visionar ies m ake plann ing choices that w ill
m eet futu re bu yer dem ands, and th ey assu m e som e risk in the bar gain, becau se ROI tim in g m ay not
be cer t ain . Com panies that pursue visionar y activit ies w ill not be fully credit ed if th eir actions ar e not
generat ing n ot iceable com pet itiv e clout, and ar e not influencing other vendor s.

Ret u rn t o Top

Niche Players
A vendor is con sider ed a Niche Play er w hen it s product is not w idely visible in com pet ition, and w hen it
is j udged to be relat ively narrow or specialized in breadth of functions and platfor m s — or, for other
reasons, t he v endor's ability t o com m unicat e v ision an d featur es does not m eet Gar tner 's prev ailing
view of com petitiv e t rends. Nich e Player s m ay, nev er th eless, be st able, reliable and long- ter m vendor s.
Som e Niche Player s w ork from close, long- t er m relat ionships with their bu yer s, in which cu stom er
feedback sets the prim ar y agenda for new features and enhancem ent s. This appr oach can generat e a
high degree of cust om er satisfaction , bu t also resu lt s in a narrow er focus in t he m ar k et (w hich would be
ex pected of a Visionary) . I n t his Magic Quadrant , Niche Player s m ay also be v endor s t hat did not
prov ide answers to all, or any, questions asked during th e vendor su rvey .

Ret u rn t o Top

Context
This Magic Quadr ant is a m arket sn apsh ot that rank s v endor s accor ding t o com pet it iv e buying cr it eria.
Vendor s in any sect or of th e Magic Quadrant , as w ell as t hose not ranked on the Magic Quadrant, m ay
be appropr iat e for you r en ter pr ise's needs and budget. Ever y com pany should consider content- aw ar e
DLP as par t of its infor m at ion secu rit y m anagem en t program , so t hat th e value of st rategic inform at ion
asset s m ay be pr eserved and also so th at the or ganizat ion m ay av oid fraud, loss or harm ar isin g from
loss of other for m s of sen sitiv e inform ation.

Ret u rn t o Top

Market Overview
Cont ent -aware DLP t ools en able the dynam ic application of policy based on the classif icat ion of cont ent
det erm ined at the tim e of an operat ion. Cont ent- aware DLP descr ibes a set of t echnologies an d
insp ection t echniqu es used to classify infor m at ion cont ent contained w it hin an obj ect — su ch as a file,
em ail, packet , applicat ion or data st or e — while at rest (in storage), in u se (du ring an oper at ion ) or in
transit (across a net work) ; and t he abilit y to dyn am ically apply a policy — su ch as log, report, classify,
relocat e, tag and encrypt — an d/ or apply ent er prise digit al rights m anagem en t protection s. Con tent -
aw ar e DLP solut ions prov ide capabilit ies to su ppor t regulatory com pliance and I P use.

This is different from non- conten t- aw ar e DLP solut ions. These ar e of ten j ust r efer red t o as " DLP" in
vendor offer ings. Non- content- aw ar e DLP solu tions apply a policy w it hout r ev iew ing t he conten t or
context of wh at is being m onitored. As a result, these DLP so lut ions can not adj u st a policy respon se
based on t he con tent or cont ex t . An ex am ple of th is type of capability is of ten found in USB port control
tools. Technically , t hese t ools can pr ev ent t he loss of dat a becau se they can block users from copying
any an d all inform at ion to a nonapproved USB drive, w hich is w hy t hey refer t o this capability as a DLP
solut ion. However , because these solution s can not det er m ine a differ ence in conten t or cont ex t , they do
not offer any flex ibilit y in t he applicat ion of the policy. Wit h a content- aw ar e DLP solu tion t hat is used
for USB cont rol, a policy could be created so that a user would be able to sav e docum ents th at do not
contain any sensitive inform ation on any USB driv e, and save specific t ypes of sensit ive infor m at ion
( such as client dat a) only on a com pany- approved USB dr iv e that h as built- in encrypt ion. Highly
sensitiv e t ypes of inform ation (such as HR records) w ould not be allowed to be sav ed on any USB drive
at all.

Cont e nt - Aw a r e D LP Ought t o Ch a nge Be ha v ior

Used t o it s full capability, cont ent- aware DLP is a nont ranspar ent con trol, w hich m eans it is in tent ionally
visible t o an end user with a pr im ar y value pr oposition of changing user beh av ior . This is ver y dif fer ent
from transparent contr ols, such as firew alls an d ant iv irus program s, w hich are unseen by end users.
Non tran spar ent contr ols r epresent a cultural shift for m any or ganizat ions, and it is critical to get
business involv em ent in t he requirem ents planning st ages and as par t of ongoing long- t er m operat ions
of th e cont ent -aw ar e DLP syst em . Specifically, the rev iew of conten t- aw ar e DLP ev ents needs t o be
per for m ed by LOB per sonn el ver sus I T or I T secur it y per son nel, because the LOB per son nel ar e
responsible for m aking a bu sin ess decision on t he acceptabilit y of an incident w it h in the business
context.

As cont ent- aware DLP t ools m atur e, use cases for m anaging sensitive dat a ar e becom in g m ore
sophisticated. The use cases associated w ith vir t ualizat ion, cloud, m obile and social m edia hav e becom e
m ore com m on, as h av e those in volving operat ions wh en t he com put er is not connected to t he
corpor at e netw or k. An exam ple of th is would be detecting t he post ing of sensitiv e data to social m edia
sites using a t ablet or lapt op wh ile in a coffee shop or airpor t t er m inal. Feat ures t hat su pport these use
cases include endpoint and net w ork con tent - aw ar e DLP funct ions, as w ell as Web prox y integr at ion and
the ability to resolve a syst em to I P address or MAC address with a user nam e. Su pport for t hese
featur es hav e becom e com m on, but they do requ ir e int egration with Microsoft Act iv e Dir ectory or ot her
services.

Many vendor s h av e begun ex per im enting w it h alt ernat iv e deliv ery m odels such as cloud, softw ar e as a
service and m or e tr adit ional m anaged ser vice of fer ings, w here t he vendor is r esponsible for sett ing up
the sy stem and ensu ring that t he policies m eet client ex pect at ion s. Gar t ner has had conver sat ions w it h
clien ts lever aging m anaged ser vice offerings, and they report a t ypically faster tim e to value in th eir
deploym ents versu s t raditional internally m anaged deploym ent s. They also report that t hey ar e m ore

http://www.gartner.com/technology/reprints.do?id=1-1DGZXGK& ct=130104& st=sb 18.02.2013

Magic Quadrant for Content-Aware Data Loss Prevention Seite 10 von 11
w illin g to ex tend the initial scope of deploy m ent and lever age m or e advanced use cases, because th e
vendor exper ience and suppor t capabilities giv e them m or e confiden ce that t he deploym ent will operat e
as th ey intended.

Fidelis Security System s w as acquir ed by Gen eral Dynam ics in August 2 012 . This is the only m aj or
acquisit ion report ed in th e cont ent -aw ar e DLP m ar k et in m ore t han tw o years. The last m aj or
acquisit ion w as McAfee's acquisition of Reconnex .

M obile D e v ice s St ill Po se a Ch a lle nge

Mobile dev ices — specifically tablet s — hav e becom e com m onplace w it hin or ganizat ions; how ev er ,
Gar tn er client s con tin ue t o report t hat th ey are str uggling to establish appropriate ter m s of use and
security ov erlays to m anage an d protect t he sensit iv e in for m ation being accessed and used on these
dev ices. Becau se of lim itations in OS API s, the variabilit y of OS configurat ions, differin g com put ing
capabilit ies and bat ter y life ex pect at ions, content- aware DLP vendor s have not been capable of
inst alling n at ive content- aw ar e DLP soft ware n at ively on t ablet s or sm ar tphones. I nst ead, t hey leverage
m obile device m anagem ent configurat ions to force a VPN connection back t o the hom e net w ork, w her e
all t raf fic bound for sites ex ter n al to th e organ izat ion ar e scan ned by the content- aware DLP netw or k
solut ions they host at t he perim et er of t he n et w ork. This does not addr ess th e risk s associated w ith a
user disablin g the VPN conn ect ion or t et herin g the m obile device t o a t hir d-party system , su ch as a
hom e PC o r via Bluet oot h t o rem ov able m edia.

Vir t ua liz a t ion, OS Suppor t a nd Risk Re por t ing Ar e St ill La gging

The u se of content- aware DLP for v ir t ual env ir onm ents has becom e m ore pronounced in t he past 12
m onth s; how ev er , capabilit ies vary significan tly am ong vendor offer ings. Som e do not su pport t he
inst allat ion of th eir DLP solut ion w it hin a v ir t ual m ach ine, w hereas others only su ppor t t he sca nning of
vir tual drives w hen not in use. Many of the cu rrent solutions involve the in stallat ion of vendor DLP
solut ions on each VM, as w ould be t he case of a t raditional phy sical syst em , r at her t han prov idin g a
com m on service lay er. Cloud deploy m ent of con tent - aw ar e DLP solut ion also sh ould be consider ed at an
ear ly stage of the deploym ent. Gartner ex pect s t his to ch an ge over the nex t 12 m ont hs, becau se m ost
vendors reported aggressive plans for m or e advanced su ppor t of virtu al environm en ts in their product
road m aps.

Window s con tin ues to be the OS of choice for vendor support in t his Magic Quadrant . As in prev iou s
years, m any vendors prom ised support for Apple's OS X if dem and w as high enough . Most vendors
suggest they suppor t OS X by being able to per for m local dat a discov ery usin g a net w ork appliance or a
soft ware agent not locally inst alled on th e OS X syst em . Only one deliver ed content- aw ar e DLP
capabilit ies t hat ar e deploy ed locally on t he OS X sy stem . Gar t ner does n ot ant icipat e t hat th is situation
w ill lik ely change for the nex t 1 2 to 1 8 m ont hs. Linu x cont inues to be com pletely ignor ed by all but on e
vendor, an d no other ven dor has an y plans for t his platfor m . Unt il clients m ak e it a buyin g criterion t o
hav e su ppor t for these plat form s, vendors will cont inue to speak of t hem in fut ure ter m s.

Cont ent -aware DLP deploym en ts ar e seen m ore and m or e as business tools by t he busin esses units
them selves to address com pliance and I P pr ot ect ion m andates th an in t he past , wh er e it w as of ten seen
as an I T/ I T security solut ion lookin g for a need. As a resu lt , con tent - aw ar e DLP business cases now
typically in clude r isk m anagem en t as one of th e corn er st on e driver s; however , few ven dor of fer ings
support nat iv e reporting capabilities that are business- and risk- m anagem ent- focu sed. Out - of- t he- box
reporting cont inu es to be focused on list ing the num ber and t ype of ev en ts that h av e been det ect ed,
rat her than t ak ing a risk- or ien ted v iew t hat looks at an accum ulated point- in -t im e risk linked to th e
type an d value of the in form ation asset that h as been ex posed or the value of th e busin ess process that
has been com prom ised by the ev ent. This r equir es a m in dset that goes bey ond linkin g reports to t he
w ay in w hich the content- aware DLP tool w orks to dev eloping reports linked to th e w ay in wh ich th ey
w ill be used outside of the I T an d I T secur it y departm ents.

Ga r t ne r I nquir y D a t a a nd Obse rv a t ions About Cont e nt - Aw a r e D LP

Gar tn er inquiry data through 2012 in dicat es several m aj or obser v at ion s t hat sh ould help organ izat ion s
dev elop appropriate requirem ent s and select the right t echnology for t heir needs:

Gar tn er inquiries su ggest t hat w e are n ow get ting bey ond basic DLP use cases. DLP as a cont rol
for t he protection of I P has been gr ow ing signif icantly, repr esenting roughly 12 % of all DLP
inqu ir ies up from 5% in prev ious year s.
The EMEA m arket , wh ich has been difficu lt to navigate by cont ent- aware DLP vendor s — prim ar ily
because of r egulatory com pliance, privacy legislation and w ork cou nsel requir em en ts — has begun
to pick u p, with not able adv ances in deploym ents in France, Ger m an y, Sw it zerland, Ru ssia, Turk ey
and Sau di Ar abia.
The t rend for th e Asi a/ Pacific region an d Japan has pr im arily been for content- aw are DLP
deploym ents su ppor tin g I P prot ect ion; how ev er , client s in som e j urisdictions ( su ch as Aust ralia,
I ndia and Singapore) ar e prim ar ily focused on r egulatory com pliance m andates.
About 35% of ent er prises led th eir content- aw are DLP deploy m ent s with net w ork r equir em ents,
20% began with discover y requirem ent s, an d 45% st ar ted w it h en dpoin t r equir em ents.
Ent er prises th at began w it h net work or endpoint capabilit ies n early alw ay s deployed data
discover y fun ction s n ex t. The m aj or it y of lar ge ent er prises purch ase at least tw o of t he t hree
prim ar y ch annels ( net work, en dpoin t and discov ery) in an in it ial purchase, but few deploy all of
them sim ult aneously .
Many en ter pr ises str uggle to def ine their str at egic content- aw are DLP needs clear ly and
com prehensiv ely . We continue to recom m end t hat ent er prises post pone their invest m en ts until
they are capable of ev aluating ven dor s' offer ings against in dependently dev eloped, ent er prise-
specif ic requ ir em ent s.
Fur therm ore, m any or ganizations cont inue to m ak e the m ist ak e of assigning th e daily
m anagem ent of con tent - aw ar e DLP ev ent s to I T an d I T secur it y per son nel, or t hey initiat e th eir
DLP solution deploy m ent as part of an I T and I T security m an dat e, rat her than focu sin g on
establishing their DLP deploy m ent as a business process.
Although t he prim ar y appeal of endpoint DLP continues to be the protection of I P and ot her
valuable enterprise data from insider theft and accidental leakage, t her e has been grow ing appeal
in the past 1 2 m on ths for t he u se of endpoint DLP to addr ess regu lat or y com pliance use cases.
Most content- aw are DLP solu tions cont inue to focus on tex t- based cont ent in their analy sis.
Although t her e w er e signif icant capabilit y updates by a few vendor s for OCR su ppor t, ch em ical
form u la not at ion suppor t an d sch em at ic analy sis, m ost ven dor s st ill str uggle with nontex t data —
ev en w it h finger pr int ing support.

http://www.gartner.com/technology/reprints.do?id=1-1DGZXGK& ct=130104& st=sb 18.02.2013

Magic Quadrant for Content-Aware Data Loss Prevention Seite 11 von 11
Lack of support for finger pr int ing on endpoints cont inu es to be the dir t y lit t le secret of t he
indu str y. Although a few vendors of fer this capabilit y in som e form , the m aj or it y that do only
support a coar se init ial high- level scan at the endpoin t and th en lev erage a ph one hom e capabilit y
to a locally av ailable n et w or k appliance for t he act ual finger pr int m atchin g analy sis.
Many deploy m en ts ar e sold on the basis of being a tool t o assist in r isk m anagem en t act iv ities;
however , m ost con tent - aw ar e DLP solut ions do n ot of fer reporting, dashboard or ev en gener alized
feedback relev ant for th is fun ction .
I ncu m ben t antivir u s and endpoint prot ect ion vendor s con tin ue t o lead clients' RFP shortlists.

The Tr e nd for Ch a nne l- D LP a n d D LP- Lit e So lut ion s

Ther e is a grow ing m ar ket t rend for DLP- en abled offer ings to suppor t m any com ponent s m ak ing up an
ent er prises' I T ecosy stem . Som e vendor s provide cont ent -aw ar e DLP capabilities that are quit e
advanced, while other s only su ppor t basic regist er ed ex pression m at chin g. The follow ing list of v endor s
represen ts an ov erview of th e t ypes of ch annel- DLP and DLP- lite solut ions that Gar t ner will investigat e
in fut ure research :

Cont ent Keeper Technologies

I dent it y Finder
Next Labs
Proofpoint
Rayth eon Oak ley Syst em s
Sophos
Wav e Syst em s
Wor k share
Xbridge Sy st em s
Zscaler

Additional research cont ribut ion and review w er e provided by Rob McMillan.

Ret u rn t o Top

ht t p: / / www .gar t ner .com / t ech nology/ abou t / om bu dsm an / om b_guide2 .jsp.

About Gar tn er | Car eer s | New sr oo m | Policies | Sit e I ndex | I T Glo ssar y | Con t act Gart ner

http://www.gartner.com/technology/reprints.do?id=1-1DGZXGK& ct=130104& st=sb 18.02.2013