The analyst firm Radicati has taken a close look at the market for data loss prevention (DLP) software products. The CEO of e3 AG, Thomas Fürling, comments on the results.
In a report, The Radicati Group compares nine solutions for data loss prevention (DLP) in terms of functionality, market presence and future viability. The result is presented in a quadrant similar to that of Gartner.
The Swiss company e3 AG is the global specialist for data loss prevention. Founder and CEO Thomas Fürling adds a Swiss perspective to the assessments of the Radicati analysts and clarifies some general statements.
The report "Data Loss Prevention - Market Quadrant" can be downloaded free of charge from the Broadcom website. The reason: Symantec's parent company supplies the market-leading DLP application.
Strong demand for DLP
The analyst firm Radicati expects strong growth in DLP solutions. The global market volume is set to almost triple by 2027. "That is quite realistic. Because there are still many companies that don't yet have a solution," comments Fürling. According to him, financial and pharmaceutical companies in particular are making good progress. The insurance industry is currently evaluating solutions. The healthcare, retail and industrial sectors are still at the very beginning, while the automotive sector is currently "experimenting". "In public administration, we are even starting on a greenfield site," reports the e3 expert.
According to Fürling, regulation continues to be a growth driver in the Swiss market for DLP solutions. For example, the Swiss Financial Market Supervisory Authority FINMA requires Swiss banks to use a DLP application. The frequent cyber incidents in the recent past have prompted the authorities and the healthcare sector to actively engage with DLP, he adds.
Looking at the providers, the e3 CEO sees Microsoft on the winning track. The US manufacturer's solution is riding the wave of success of Microsoft 365, which is currently very popular.
The true cost of DLP
With Symantec, Forcepoint, Trellix and Microsoft, Radicati lists four solutions that are supported by e3. Fürling believes that the analysts' assessments of the strengths and weaknesses of the four applications are largely correct. However, he warns that a DLP solution is more than just channel coverage and search options. The expert names incident management as the biggest cost factor, which is responsible for 60 to 70 percent of runtime costs. "Most products still have potential for optimization when it comes to incident management," emphasizes Fürling.
According to the expert, the analyst report lacks a detailed description of the reporting functions of all solutions. They are also poorly developed in all applications. This could lead to major financial expenses, particularly in countries with high wage costs - such as Switzerland. According to Fürling, outsourcing is less sustainable because, on the one hand, regulations could change and, on the other, the cheaper locations would also become increasingly expensive. Instead, he recommends automation, which is sustainable and would pay off in the long term.
DLP solutions in detail
Symantec: the market leader
The provider Broadcom with the purchased Symantec applications is described by Radicati as the market leader. Fürling shares this opinion and adds: "Symantec practically always offers the best prices. However, Symantec requires an Oracle database, which is associated with additional costs and (personnel) expenses." However, many companies, especially smaller companies with up to 1000 employees, would rather reduce Oracle, which means that Symantec is no longer the first choice. The e3 expert sees a plus point in the fact that Symantec has so far been more committed than all other manufacturers to continuing to promote on-premises installations.
Forcepoint: the number two
Radicati ranks the solution from Forcepoint just behind Symantec. According to DLP specialist e3, the two applications are even closer to each other. "Forcepoint is currently undergoing the most further development. The integration of the cloud solution 'Forcepoint One', based on the former CASB Bitglass, is particularly promising. The integration should soon be on a par with Symantec," says Fürling.
The report does not give enough credit to Forcepoint's strength in the area of user risk. The former close cooperation with the classification solution BoldonJames was dissolved and another solution was integrated. This positive development is also missing from the analysts' assessment, says Fürling.
Forcepoint's weaknesses include its limited support for Linux endpoints and multi-tenant environments. The former is rarely a customer requirement, says the expert, which means that it cannot be described as a disadvantage. This also applies to multi-tenancy, which can only be implemented for all solutions with a great deal of experience and additional products.
Trellix: unjustified criticism
Number three in the market is the DLP from McAfee - now Trellix. Radicati also classifies this solution as the market leader. The e3 CEO knows that Trellix is very popular with various customers in Switzerland. However, winning new customers is difficult.
Trellix is criticized by analysts for the fact that OCR (Optical Character Recognition) does not work on the endpoint. The Swiss expert comments: "OCR on the endpoint does not work at market leader Symantec, for example. However, computationally intensive character recognition is typically only carried out on servers."
Fürling can confirm the shortcomings of Trellix in terms of management and usability. However, if a company has skills, it can work more adaptively with Trellix in complex infrastructure situations than with other solutions. One of Trellix's advantages, which is not mentioned in the analyst report, is the single-agent implementation. Here, the expert expresses the hope that it will remain in place even after the separation from McAfee. The classification solution praised by the analysts, on the other hand, is rather something for more modest requirements. After all, it is included virtually free of charge.
Fortra: Niche solution in Switzerland
According to Radicati, the fourth market-leading provider is Fortra Digital Guardian. The application is a niche solution in Switzerland, which is why e3 does not have it in its portfolio. Fürling knows: "Digital Guardian has long had the advantage that its endpoint is much more deeply integrated than that of its competitors. This made cool features possible, but put pressure on stability." Fortra now faces the challenge of integrating the acquisitions of BoldonJames, Clearswift, Titus, Vera etc. into a homogeneous, stable overall solution. If this succeeds, the expert is convinced that a very strong overall product will emerge. However, Fortra would then have to tap into the cloud world.
Microsoft: the high-flyer
Radicati classifies Microsoft as merely a "specialist" with a limited range of functions. While e3 agrees on the limited features, there is definitely a contradiction when it comes to market presence: "Microsoft's DLP solution is entering the market like a fast train, driven by the rollouts of Microsoft 365. This gives customers the feeling that an integrated solution is better or cheaper. However, these appearances are deceptive," warns Fürling. A good solution is not cheaper from Microsoft than from other manufacturers. Instead, Microsoft provides a simple solution that focuses primarily on Teams, email and the endpoint. Although it is indeed quick to set up, it does not offer all-round protection. For internationally active companies that have a Microsoft 365 tenant, there is the additional challenge of addressing this internal multi-tenancy. However, the DLP specialists have observed that Microsoft is developing rapidly, which sometimes affects the stability of the solution. Nevertheless, the programmers in Redmond are doing a good job, so that Microsoft will quickly catch up in terms of functionality.
Today, e3 recommends Microsoft DLP, especially for larger customers and primarily in combination with another DLP solution. The lack of coverage of the web channel is critical and is better addressed by the applications of market competitors.
The gaps in all DLP solutions
In times of working from home and remote work, Microsoft Teams has become synonymous with professional chats and virtual meetings. Sensitive information is often shared via the various Teams channels. A DLP would have to be vigilant here and point out offenses to Teams users who are being too funny. Microsoft's DLP also does this - in part. Fürling explains: "Chat is the killer app. Microsoft does not officially support interception, although the web channels actually could." However, a DLP is not allowed to remove the message itself, but must replace it with a warning such as "blocked by DLP". Otherwise, teams will attempt a resend for a long time, which could then lead to multiple events. This is where e3 believes the regulator has a duty to demand a DLP-compatible interface for Teams from Microsoft.
With all manufacturers without exception, Fürling misses efficient data protection for permitted cloud solutions. They are typically whitelisted by the DLP and CASB (Cloud Access Security Broker) solutions and the data traffic is then not monitored. However, if the provider is attacked, the channel to the customer is open. The e3 recommends not only encrypting the files, but also the application data.
Ultimately, DLP providers also need to move closer to the methods of artificial intelligence and quickly deliver suitable protective measures, warns Fürling. The data appetite of AI solutions is huge and the trained models can no longer be detected using conventional search patterns. A DLP supported by AI would face up to the danger and give control back to the data owner.