Microsoft Word - Licensed Data Loss Prevention

.

........

. .

THE RADICATI GROUP, INC.

Data Loss Prevention --

Market Quadrant 2023

*

Radicati Market Quadrant

SM

is copyrighted March 2023 by The Radicati Group, Inc. This

report has been licensed for distribution. Only licensee may post/distribute. Vendors and

products depicted in Radicati Market Quadrants

SM

should not be considered an endorsement,

but rather a measure of The Radicati Group’s opinion, based on product reviews, primary

research studies, vendor interviews, historical data, and other metrics. The Radicati Group

intends its Market Quadrants to be one of many information sources that readers use to form

opinions and make decisions. Radicati Market Quadrants

SM

are time sensitive, designed to

depict the landscape of a particular market at a given point in time. The Radicati Group

disclaims all warranties as to the accuracy or completeness of such information. The Radicati

Group shall have no liability for errors, omissions, or inadequacies in the information

contained herein or for interpretations thereof.

The Radicati Group, Inc.

www.radicati.com

An Analysis of the Market for

Data Loss Prevention Revealing

Top Players, Trail Blazers,

Specialists and Mature Players.

March 2023

Data Loss Prevention - Market Quadrant 2023

TABLE OF CONTENTS

RADICATI MARKET QUADRANTS EXPLAINED ............................................................................... 4

MARKET SEGMENTATION – DATA LOSS PREVENTION ................................................................. 6

EVALUATION CRITERIA ................................................................................................................. 8

MARKET QUADRANT – DATA LOSS PREVENTION ....................................................................... 11

KEY MARKET QUADRANT TRENDS ............................................................................................ 12

DATA LOSS PREVENTION - VENDOR ANALYSIS .......................................................................... 12

TOP PLAYERS ......................................................................................................................... 12

TRAIL BLAZERS ..................................................................................................................... 26

SPECIALISTS ........................................................................................................................... 29

===============================================================

This report has been licensed for distribution. Only licensee may post/distribute.

Please contact us at [email protected] if you wish to purchase a license.

===============================================================

Data Loss Prevention - Market Quadrant 2023

RADICATI MARKET QUADRANTS EXPLAINED

Radicati Market Quadrants are designed to illustrate how individual vendors fit within specific

technology markets at any given point in time. All Radicati Market Quadrants are composed of

four sections, as shown in the example quadrant (Figure 1).

• Top Players – These are the current market leaders with products that offer, both

breadth and depth of functionality, as well as possess a solid vision for the future. Top

Players shape the market with their technology and strategic vision. Vendors don’t

become Top Players overnight. Most of the companies in this quadrant were first

Specialists or Trail Blazers (some were both). As companies reach this stage, they must

fight complacency and continue to innovate.

• Trail Blazers – These vendors offer advanced, best of breed technology, in some areas of

their solutions, but don’t necessarily have all the features and functionality that would

position them as Top Players. Trail Blazers, however, have the potential for “disrupting”

the market with new technology or new delivery models. In time, these vendors are most

likely to grow into Top Players.

• Specialists – This group is made up of two types of companies:

a. Emerging players that are new to the industry and still have to develop some

aspects of their solutions. These companies are still developing their strategy and

technology.

b. Established vendors that offer very good solutions for their customer base, and

have a loyal customer base that is totally satisfied with the functionality they are

deploying.

• Mature Players – These vendors are large, established vendors that may offer strong

features and functionality, but have slowed down innovation and are no longer

considered “movers and shakers” in this market as they once were.

a. In some cases, this is by design. If a vendor has made a strategic decision to move in

a new direction, they may choose to slow development on existing products.

Data Loss Prevention - Market Quadrant 2023

b. In other cases, a vendor may simply have become complacent and be out-developed

by hungrier, more innovative Trail Blazers or Top Players.

c. Companies in this stage will either find new life, reviving their R&D efforts and

move back into the Top Players segment, or else they slowly fade away as legacy

technology.

Figure 1, below, shows a sample Radicati Market Quadrant. As a vendor continues to develop its

product solutions adding features and functionality, it will move vertically along the “y”

functionality axis.

The horizontal “x” strategic vision axis reflects a vendor’s understanding of the market and their

strategic direction plans. It is common for vendors to move in the quadrant, as their products

evolve and market needs change.

Figure 1: Sample Radicati Market Quadrant

INCLUSION CRITERIA

We include vendors based on the number of customer inquiries we receive throughout the year.

We normally try to cap the number of vendors we include to about 10-12 vendors. Sometimes,

however, in highly crowded markets we need to include a larger number of vendors.

Strategic Vision

Functionality

Radicati Market Quadrant

SM

Top Players

Mature Players

Specialists Trail Blazers

•

Company L

•

Company B

•

Company G

•

Company F

•

Company D

•

Company H

•

Company J

•

Company Y

•

Company Z

•

Company E

•

Company A

•

Company C

Low High

High

Low

Data Loss Prevention - Market Quadrant 2023

MARKET SEGMENTATION – DATA LOSS PREVENTION

This edition of Radicati Market Quadrants

SM

covers the “Data Loss Prevention” (DLP) market,

which is defined as follows:

• Data Loss Prevention solutions – are appliances, software, cloud services, and hybrid

solutions that provide electronic data supervision and management to help organizations

prevent non-compliant information sharing. These solutions serve to protect data at rest,

data in use, and data in motion. Furthermore, these solutions are “content-aware” which

means they can understand the content that is being protected to a much higher degree

than simple keywords. Leading vendors in this segment include: CoSoSys, Fidelis

Cybersecurity, Forcepoint, Fortra, Microsoft, Next DLP, Safetica, Symantec, and Trellix.

• We distinguish between three types of DLP solutions:

o Full DLP solutions – protect data in use, data at rest, and data in motion and are “aware”

of content that is being protected. A full-featured content-aware DLP solution looks

beyond keyword matching and incorporates metadata, role of the employee in the

organization, ownership of the data, and other information to determine the sensitivity of

the content. Organizations can define policies to block, quarantine, warn, encrypt, and

perform other actions that maintain the integrity and security of data.

o Channel DLP solutions – typically enforce policies on one specific type of data, usually

data in motion, over a particular channel (e.g. email). Some Channel DLP solutions are

content-aware, but most typically rely only on keyword blocking.

o DLP-Lite solutions – are add-ons to other enterprise solutions (e.g. information

archiving) and may or may not be content-aware. DLP-Lite solutions will typically only

monitor data at rest, or data in use.

• This Market Quadrant deals only with Full DLP solutions, as defined above. Channel DLP

and DLP-Lite solutions are not included in this report as they are usually purchased as a

component of a broader security or data retention solution (e.g. Compliance and Data

Data Loss Prevention - Market Quadrant 2023

Governance).

• External threats to data exists in a myriad of forms through advanced persistent threats

(APT), espionage, and other attempts to gain unauthorized access to data. While external

threats are a problem, data loss from internal threats is also a significant concern. Internal

data loss can be malicious, such as a disgruntled worker copying sensitive data to a flash

drive, or it can be the result of negligence due to an honest mistake, such as an employee

sending a customer list to a business partner that shouldn’t have access to it.

• Increased worldwide regulations also support growing adoption of DLP solutions. Laws that

mandate the disclosure of data breaches of customer data, compliance with government and

industry regulations, as well as recent regulations such as the European General Data

Protection Regulation (GDPR) and the EU-US Privacy Shield affect organizations of all

sizes, across all verticals.

• Organizations of all sizes continue to invest heavily in DLP solutions to protect data and

ensure compliance. The worldwide revenue for DLP solutions is expected to grow from

nearly $2.2 billion in 2023, to nearly $5.6 billion by 2027.

Figure 2: DLP Revenue Forecast, 2023 – 2027

$2,221

$2,776

$3,498

$4,407

$5,597

$0

$1,000

$2,000

$3,000

$4,000

$5,000

$6,000

2023 2024 2025 2026 2027

DLP - Revenue Forecast, 2023-2027

Data Loss Prevention - Market Quadrant 2023

EVALUATION CRITERIA

Vendors are positioned in the quadrant according to two criteria: Functionality and Strategic

Vision.

Functionality is assessed based on the breadth and depth of features of each vendor’s solution.

All features and functionality do not necessarily have to be the vendor’s own original

technology, but they should be integrated and available for deployment when the solution is

purchased.

Strategic Vision refers to the vendor’s strategic direction, which comprises: a thorough

understanding of customer needs, ability to deliver through attractive pricing and channel

models, solid customer support, and strong on-going innovation.

Vendors in the Data Loss Prevention space are evaluated according to the following key features

and capabilities:

• Deployment Options – availability of the solution in different form factors, such as on-

premises, appliance and/or virtual appliance, cloud-based services, or hybrid.

• Platform Support – the range of computing platforms supported, e.g., Windows, macOS,

Linux, iOS, Android, and others.

• Data in use – the ability to assign management rights (manually or automatically) to files

and data that specify what can and cannot be done with them (e.g., read-only, print controls,

copy/paste controls, etc.). In addition, the ability to specify which devices and protocols (e.g.,

Bluetooth) can be used when accessing sensitive data. For devices, DLP solutions should be

able to specify the type and brand of authorized devices that can interact with sensitive data.

• Data in motion – web controls and content inspection that prevent the sending of sensitive

data through the web, email, social networks, blogs, and other communication channels.

Integration with secure web gateways and email gateways is an important aspect of this

function.

Data Loss Prevention - Market Quadrant 2023

• Data at rest – refers to data store scanning, fingerprint scanning and the ability to monitor all

stored data at regular intervals in accordance with established corporate data policies.

• Policy templates – built-in and easily customizable policy templates to help adhere to

industry regulations (e.g., HIPAA, PCI, and others) and best practices.

• Directory Integration – integration with Active Directory, LDAP, etc. to help manage and

enforce user policies.

• Enforcement visibility – employee alerts and self-remediation capabilities, such as

confirmations and justifications of data policy breaches.

• Mobile DLP – monitoring of data on mobile devices fully integrated with organization-wide

DLP controls. Integration with Mobile Device Management (MDM) / Enterprise Mobility

Management (EMM) capabilities, or partnerships with leading MDM/EMM vendors.

• Centralized Management – easy, single pane of glass management across all deployment

form factors, i.e., cloud, on-premises, hybrid, etc.

• Encryption – vendor-provided embedded encryption capabilities or through add-ons.

• Drip DLP – features to control the slow leaking of information by monitoring multiple

transfer instances of sensitive data.

• Cloud Access Security Broker (CASB) integration – either through the vendor’s own CASB

capabilities or through partners.

In addition, for all vendors we consider the following aspects:

• Pricing – what is the pricing model for their solution, is it easy to understand and allows

customers to budget properly for the solution, as well as is it in line with the level of

functionality being offered, and does it represent a “good value”.

• Customer Support – is customer support adequate and in line with customer needs and

response requirements.

Data Loss Prevention - Market Quadrant 2023

• Professional Services – does the vendor provide the right level of professional services for

planning, design and deployment, either through their own internal teams, or through

partners.

Note: On occasion, we may place a vendor in the Top Player or Trail Blazer category even if

they are missing one or more features listed above, if we feel that some other aspect(s) of their

solution is particularly unique and innovative.

Data Loss Prevention - Market Quadrant 2023

MARKET QUADRANT – DATA LOSS PREVENTION

Figure 3: Data Loss Prevention Market Quadrant, 2023

*

Radicati Market Quadrant is copyrighted March 2023 by The Radicati Group, Inc. This report has

been licensed for distribution. Only licensee may post/distribute. Vendors and products depicted in

Radicati Market Quadrants

SM

should not be considered an endorsement, but rather a measure of The

Radicati Group’s opinion, based on product reviews, primary research studies, vendor interviews,

historical data, and other metrics. The Radicati Group intends its Market Quadrants to be one of

many information sources that readers use to form opinions and make decisions. Radicati Market

Quadrants

SM

are time sensitive, designed to depict the landscape of a particular market at a given

point in time. The Radicati Group disclaims all warranties as to the accuracy or completeness of such

information. The Radicati Group shall have no liability for errors, omissions, or inadequacies in the

information contained herein or for interpretations thereof.

Radicati Market Quadrant

Top Players

Mature Players

Specialists

Trail Blazers

Low

High

•

Symantec

•

CoSoSys

Functionality

Strategic Vision

•

Z

e

Z

e

Trellix

Fortra

Forcepoint

•

Fidelis

Microsoft

Next DLP

Safetica

•

Data Loss Prevention - Market Quadrant 2023

KEY MARKET QUADRANT TRENDS

• The Top Players in the Data Loss Prevention market today are Symantec, Forcepoint, Trellix

and Fortra.

• The Trail Blazers quadrant includes Next DLP.

• The Specialists quadrant includes Safetics, Microsoft, CoSoSys, and Fidelis Cybersecurity.

• There are no Mature Players in this market at this time.

DATA LOSS PREVENTION - VENDOR ANALYSIS

TOP PLAYERS

SYMANTEC

1320 Ridder Park Drive

San Jose, California 95131

United States

www.broadcom.com

Symantec (a division of Broadcom Software) offers a wide range of security solutions (network,

endpoint, information and identity) for the enterprise market. Symantec operates one of the largest

civilian cyber intelligence networks, allowing it to see and protect against the most advanced

threats. Symantec is an operating division of Broadcom. Broadcom is publicly traded.

SOLUTIONS

Symantec DLP covers cloud, endpoint, network, and storage with on-premises and cloud hosted

management options. The solution comprises a number of components which are available

through a DLP Core and DLP Cloud solution.

Data Loss Prevention - Market Quadrant 2023

• DLP CORE extends data loss prevention across the enterprise, detects insider risks, and

protects critical information from exfiltration. It consists of:

o DLP for Endpoints – DLP Endpoint Discover scans local hard drives and gives

visibility into any sensitive data stored by users on laptops and desktops (Windows, Mac

and Linux) to establish a baseline inventory. It provides a number of responses including

quarantining files, flagging files for Symantec Endpoint Protection, as well as custom

response actions such as encryption, DRM, or redacting confidential information enabled

by the Endpoint FlexResponse API. DLP Endpoint Prevent monitors users’ activities and

enables fine-grained control over a wide range of applications, devices, and platforms. It

provides a wide range of responses including identity-based encryption and DRM for

files transferred to USB. Endpoint Prevent also alerts users to incidents using on-screen

pop-ups or email notifications. Users can override policies by providing a business

justification or canceling the action (in the case of a false positive).

o DLP for Storage – DLP Network Discover finds confidential data by scanning network

file shares, databases, and other enterprise data repositories. This includes local file

systems on Windows, Linux, AIX, and Solaris servers; HCL Notes and SQL databases;

Microsoft Exchange and SharePoint servers. DLP Network Protect adds file protection

capabilities on top of Network Discover. It automatically cleans up all the exposed files it

detects, and offers a broad range of remediation options, including quarantining or

moving files, copying files to a quarantine area, or applying policy identity-based

encryption and DRM to specific files. It achieves high throughput scanning on file shares,

and can also educate business users about policy violations.

o DLP for Network – DLP Network Monitor, captures and analyzes outbound traffic on

the corporate network, and detects sensitive content and metadata over standard, non-

standard and proprietary protocols. It is deployed at network egress points and integrates

with network tap or Switched Port Analyzer (SPAN). DLP Network Prevent for Email

protects sensitive messages from being leaked or stolen by employees, contractors, and

partners. It monitors and analyzes all corporate email traffic, and optionally modifies,

redirects, or blocks messages based on sensitive content or other message attributes. DLP

Network Prevent for Web protects sensitive data from being leaked to the Web. It

monitors and analyzes all corporate web traffic, and optionally removes sensitive HTML

Data Loss Prevention - Market Quadrant 2023

content or blocks requests. Networks Prevent for Web is deployed at network egress

points and integrates with HTTP, HTTPS or FTP proxy server using ICAP.

o User and Entity Behavior Analytics – Information Centric Analytics is a user and entity

behavior analytics (UEBA) platform that provides an integrated, contextually enriched

view of cyber risks in the enterprise. It collects, correlates, and analyzes large amounts of

security event data from across diverse sources, including all data exfiltration channels

(data telemetry), user access (identity telemetry), corporate asset data, and alerts from

other security systems (threat telemetry). Backed by patented machine learning, ICA

delivers rapid identification and prioritization of user and entity-based risks. Symantec

DLP allows adaptive policies to be created based on user risk (e.g. block access for high

risk users, while allowing access for lower risk staff).

o Sensitive Image Recognition – Optical Character Recognition provides the capability to

extract text from images, scanned documents, screen shots, pictures and more. Form

Recognition detects form images that contain sensitive data in a wide variety of image

formats including Microsoft Office documents, PDF and JPEG.

• DLP CLOUD safeguards data across cloud apps, email, and the web. It comprises:

o CASB Audit – Symantec CloudSOC Audit discovers and monitors every cloud app used

across the organization, identifies their users, and highlights any risks and compliance

issues they may pose. It provides visibility into Shadow IT, and blocks access to

unapproved cloud services.

o CASB for SaaS and IaaS – CloudSOC CASB for SaaS and CloudSOC CASB for IaaS

are cloud-based services that monitor and protect stored, transferred, and shared data.

Supported cloud applications include Microsoft Office365, Google Workspace, Box,

Salesforce, ServiceNow, and others.

o CASB Gateway – Symantec CloudSOC Gateway continuously monitors and controls the

use of cloud apps to enforce policies. It offers deep visibility into user activity across

thousands of cloud apps and services, and both tracks and governs activity of sanctioned

and unsanctioned cloud apps.

Data Loss Prevention - Market Quadrant 2023

o DLP Cloud Detection Service for CASB – Symantec DLP Cloud Detection Service

inspects content extracted from cloud app and web traffic and automatically enforces

sensitive data policies. Cloud to cloud integration with Symantec CloudSOC protects data

in motion and at rest across more than 100 unsanctioned and sanctioned cloud apps,

including Office 365, Google Workspace, Box, Dropbox, and Salesforce.

o DLP Cloud Detection Service for WSS – DLP Cloud Detection Service for WSS

integrates with Symantec Web Security Service to monitor even encrypted web traffic for

protection of roaming and mobile users.

o DLP for Email (with Office365 and Gmail) – Symantec DLP Cloud Service for Email

continuously monitors corporate email traffic, using built in intelligence and advanced

detection to minimize false positives. It protects against data leaks in real time with

automated message modification or blocking to enforce downstream encryption or

quarantine.

STRENGTHS

• Symantec DLP solutions are tightly integrated and available in two simple packages that

cover on-premises (DLP Core) and cloud-managed (DLP Cloud) form factors.

• Symantec offers a comprehensive DLP solution which can help meet the complex needs of

enterprises. The solutions can manage and enforce a single policy across all DLP channels

(cloud, endpoint, and on-premises) through a single pane of glass, optimized incident

response workflows, including End User Remediation through integration with ServiceNow,

and automated agent updating features.

• Symantec DLP offers a strong set of content detection technologies through advanced

capabilities such as machine learning, exact data matching, fingerprinting, image recognition,

structured data identifiers and tagging.

• Symantec’s DLP solution includes a number of key capabilities, such as CloudSOC (CASB)

support for data classification, encryption and digital rights management, and user entity

behavior analytics (UEBA).

Data Loss Prevention - Market Quadrant 2023

• Symantec DLP is fully integrated with key components of Symantec’s product portfolio, in

particular CloudSOC Mirror Gateway (agentless CASB support for unmanaged devices),

Email Security, Endpoint Security, and Web Security. This delivers a consistent policy

architecture and enforcement across multiple channels of potential data loss.

WEAKNESSES

• Symantec solutions are best suited for organizations with high end data security

requirements.

• Symantec would benefit from developing a unified single Symantec Enterprise Agent

management solution with a single agent for DLP, SEP and Web Proxy (both cloud and on-

premises managed). The vendor has this on its roadmap.

• While Symantec offers a broad portfolio of data security solutions, it can be somewhat

complex to manage for organizations with fewer resources. Smaller companies, however, can

rely on managed services offered through Symantec partners.

• While Symantec continues to innovate in this space and has strong brand recognition, it is

perceived to be more focused on the needs of enterprise customers than those of small to

mid-market customers.

FORCEPOINT

10900 Stonelake Blvd

3rd Floor

Austin, TX 78759

www.forcepoint.com

Forcepoint offers security and data protection solutions for endpoint, web, network, cloud

applications, email, and private cloud applications. Forcepoint data security focuses on data

discovery, classification, monitoring, and protection to provide a complete holistic security

solution. It also provides robust insider threat detection, and threat protection solutions to

organizations of all sizes. Forcepoint is owned by private equity firm Francisco Partners.

Data Loss Prevention - Market Quadrant 2023

SOLUTIONS

Forcepoint offers behavior-based solutions for DLP across all key channels or across all key

potential locations for unwanted data exfiltration. Forcepoint integrates context into all policies

through rich data identification (regex, classification, machine learning, natural language scripts

and large-scale fingerprinting) as well as continuous monitoring of risky behavior. This context

streamlines policy creation, incident management and helps limit false positives and false

negatives.

Forcepoint provides three types of DLP solutions:

• Forcepoint ONE Cloud – is cloud-native solution which delivers data protection across

cloud applications, web, and private cloud applications. Key DLP features include:

o Cloud Architecture – auto-scaling architecture on AWS lets organizations scan large

volumes of data at rest in cloud storage in hours.

o Unified Policy Management – allows data patterns to be defined once and apply in

multiple DLP policies for web, SaaS, and web-based private applications.

o Predefined Data Patterns – over 190 predefined data patterns are available out-of-box to

facilitate enforcement of regional and industry standards such as PII, PHI, personal

financial data and more.

o User Risk Monitoring – serves to automatically assign a user to a risky user group if the

user attempts to violate an upload or download DLP policy, thus minimizing insider

threat.

o BYOD Management – allows to easily manage BYOD devices as well as machines based

on non-conventional processors or form factors.

• Forcepoint Data Security Suite – is a comprehensive on-premises DLP solution covering

endpoint, cloud applications, network, web, and email through a unified policy. Key DLP

features include:

Data Loss Prevention - Market Quadrant 2023

o Policy Library – includes a library of over 1600 pre-defined templates and classifiers that

simplify and accelerate deployment of DLP.

o Unified policy enforcement – management through a single console to help define and

apply security enforcement for data in motion and data discovery policies across all

channels, i.e., cloud, network, web, email, and endpoints.

o Secure regulated data – offers a single point of control for all the applications in use to

create, store, and move data. Regulatory coverage enables organizations to meet and

maintain compliance with regulatory requirements across 83 countries and 150 regions

globally.

o Protect intellectual property – advanced DLP helps analyze how people use data,

coaches users to make good decisions with data, and prioritizes incidents by risk.

o Risk-Adaptive Protection – serves to alert organizations of risky behavior, and helps

reduce the risk associated with insiders. It collects user behavior and Forcepoint DLP

incidents then computes the user’s risk using Forcepoint’s Indicator of Behavior (IoB)

analytic models. This risk score is actively communicated to DLP policies to automate

policy enforcement directly based on user risk levels across endpoints, cloud

applications, web, and email.

• Hybrid DLP – provides organizations with two options for deploying DLP in a cloud

environment.

o Cloud hosted – In conjunction with specific partners, on-premises DLP can be hosted in

the cloud, removing the need for companies to manage the supporting hardware

infrastructure.

o Fully managed – Also through partners, on-premises DLP is hosted in the cloud and fully

managed by the partner. This includes policy management and day-to-day incident

management.

Forcepoint DLP technology integrates with Forcepoint Data Classification and Forcepoint

Data Visibility, providing optimized data discovery and classification for data-in-use and data-

Data Loss Prevention - Market Quadrant 2023

at-rest leveraging AI/ML models that have been trained by hundreds of millions of files across

all key industries. Models are also continually learning and can be trained to provide high

classification accuracy. Forcepoint Data Visibility helps strengthen DLP efficacy through

advanced Data Access Governance and other data security focused data governance use cases

(e.g., ROT data, dark data management, permissions management). Additional technologies

available for Forcepoint DLP are RBI (remote browser isolation), ZT CDR (Zero trust content

disarm and reconstruct for steganography use cases), FIT (Forcepoint Insider Threat – providing

DVR capabilities for even stronger forensics), Zero-Day Control for any application, and Device

Control (direct management of removable devices beyond what is provided within the DLP

policies).

STRENGTHS

• Forcepoint supports deployment of DLP management and data classification components

across a wide set of channels including endpoint, web, network, email and cloud including

public cloud (i.e., Microsoft Azure, and Amazon AWS). This allows for a unified policy

strategy with centralized management, that can be deployed across all channels.

• Integration with Forcepoint CASB enables DLP policies to be extended to enterprise cloud

applications via a cloud hosted service. This is a hybrid approach which enables incident and

forensic data to be secured in a private data center, while policy enforcement can be done in

the cloud.

• Forcepoint provides detection of Drip DLP across endpoint, cloud, email and network DLP

components.

• Forcepoint provides an integrated security analytics solution which is used to identify high

risk interactions with sensitive data and present a prioritized view of DLP cases with risk

scores to help guide security operations teams.

WEAKNESSES

• The Forcepoint DLP Endpoint capabilities for Linux are not currently as developed as those

for Windows and macOS.

Data Loss Prevention - Market Quadrant 2023

• Mobile DLP support is based on cloud reverse proxy which some organizations may find

cumbersome.

• Deployment of Forcepoint in multi-tenant environments could be improved through

enhanced administrative controls.

• Forcepoint solutions are best suited for mid to large organizations with high end data security

requirements.

TRELLIX

6220 America Center Dr.

San Jose, CA 95002

https://www.trellix.com/

Trellix is a cybersecurity company founded in 2022 when a consortium led by Symphony

Technology Group (STG) acquired and merged McAfee Enterprise and FireEye. Trellix offers

security solutions, threat intelligence and services that protect business endpoints, networks,

servers, the Cloud and more. Trellix is privately held.

SOLUTIONS

Trellix Total Protection for Data Loss Prevention (DLP) is a suite of DLP components to

discover, monitor and prevent data loss on endpoints, network, and cloud to create a

comprehensive DLP solution to help organizations apply consistent data security policies across

their entire environment. Trellix Total Protection for Data Loss Prevention includes the

following components:

• Trellix DLP Discover – identifies and protects data at rest for both network storage and

endpoint storage. The solution indexes content at rest within the network, including

CIFS/NFS shares, databases, Microsoft SharePoint, Box, and endpoints. Discover allows

administrators to see how the data is used, who owns it, where it is stored, and more. Trellix

DLP Discover also offers fingerprint-based detection for unstructured data and Exact Data

Matching for structured data, such as sensitive data stored in an excel sheet in the database.

Data Loss Prevention - Market Quadrant 2023

Optical Character Recognition (OCR) functionality is included to recognize and protect text

in scanned images and forms. Trellix DLP Discover can classify/declassify, fingerprint

unstructured documents, move, and apply Microsoft Information Protection Label for Rights

management.

• Trellix DLP Prevent – encrypts, redirects, quarantines, or blocks sensitive data being

transferred via email, IM (instant messaging), HTTP/HTTPS, FTP transfers, and other

methods. DLP Prevent scans inbound and outbound network traffic across all ports, multiple

protocols, and various content types. Emails sent from mobile devices are automatically

inspected for sensitive content when integrated with the mail gateway and for web content

inspection. Mobile devices need to be configured to route their traffic via a web proxy

integrated with Network DLP Prevent. DLP Prevent also offers fingerprint-based detection

for unstructured data and Exact Data Matching for structured data, such as sensitive data

stored in an excel sheet in the database. Optical Character Recognition (OCR) functionality is

included.

• Trellix DLP Monitor – identifies, tracks, and reports data-in-motion in an organization. The

solution monitors all outbound network data by integrating with egress devices over

SPAN/TAP. DLP monitor is available as a physical or a virtual appliance, that can detect and

manage over 300 content types. DLP Monitor offers fingerprint-based detection for

unstructured data and Exact Data Matching for structured data, such as sensitive data stored

in an excel sheet in the database. Optical Character Recognition (OCR) functionality is

included.

• Trellix DLP Capture – acts as a digital recorder of all enterprise traffic through their edge

devices irrespective of DLP rules. This aids in forensic investigations where incidents were

not triggered due to lack of rules. The information stored in the Capture database gives

administrators insight into a company’s historical data to help set accurate DLP policies and

reduce false positives.

• Trellix DLP Endpoint – controls data transfers that happen on endpoints via applications,

removable storage devices, web, email, clipboard, screen capture, network sharing, as well as

cloud. It can block, alert, notify, encrypt, quarantine, and perform other actions on sensitive

data on an endpoint. DLP Endpoint provides Web Post support for Google Chrome browser.

It is available for both Macs and PCs.

Data Loss Prevention - Market Quadrant 2023

• Trellix Device Control – manages and controls the copying of data to removable media and

storage devices, such as USB drives, CDs, DVDs, Bluetooth, imaging equipment, and more.

Transfers can be blocked based on content, context, or device type. It is available for both

Macs and PCs.

Trellix ePO (ePolicy Orchestrator) is Trellix’s administrative console which can be used to

deploy, upgrade, uninstall products, set policies, manage incidents and workflows, develop

compliance dashboard and reporting for all network and endpoint DLP components. It also

includes out-of-box regulatory and compliance policies such as GDPR, PCI, HIPAA, and others.

Trellix also offers a cloud-native version of the ePO platform which can serve as a centralized

administrative console. Customers can choose between on-premises, or SaaS based ePO.

STRENGTHS

• Trellix DLP is integrated with Skyhigh Security’s Cloud DLP which helps organizations

easily extend DLP policies into the cloud.

• Trellix ePO and Skyhigh integration provide single pane of glass incident workflow

management, as well as allows for common policy management across endpoint, network,

and cloud DLP.

• The Capture database included in the Trellix DLP solution logs all data in motion and

delivers valuable analytics to administrators about how data is being used and sent, which

makes it also useful for forensic purposes.

• The Trellix DLP solution offers both automated and manual classification by end-users. The

Manual Classification, which is included free in the DLP Endpoint license helps increase

end-user data protection awareness and alleviate administrative burden.

WEAKNESSES

• Trellix DLP does not provide agent support for Linux.

• Trellix DLP does not offer specific features for Drip DLP detection. While such detection

can be set up through rules, this can be somewhat cumbersome. Trellix is addressing this as

Data Loss Prevention - Market Quadrant 2023

part of its roadmap.

• Trellix does not yet provide OCR functionality on the endpoint. The vendor has this on its

roadmap.

• Trellix does not yet provide support for Microsoft Teams. The vendor has this on its

roadmap.

• While offering a rich set of features, Trellix DLP requires an experienced IT team to properly

install and maintain the solution in a way that fully leverages its capabilities.

FORTRA’S DIGITAL GUARDIAN

11095 Viking Drive, Suite 100

Eden Prairie, MN 55344

www.digitalguardian.com

Fortra’s Digital Guardian provides data loss prevention software aimed at stopping internal and

external threats across endpoint devices, corporate networks, servers, databases and cloud-based

environments. In 2021, Digital Guardian was purchased by Fortra (previously HelpSystems).

Digital Guardian Data Loss Prevention, Titus Data Classification, and Vera Digital Rights

Management together make up the Fortra Data Protection solution, aimed at protecting sensitive

data. Fortra is owned by private equity firms TA Associates, Charlesbank, HGGC and Harvest

Partners.

SOLUTIONS

Digital Guardian provides a data protection platform purpose-built to stop both malicious and

unintentional data loss from insiders and malicious data theft from outside attacks. The platform

performs across the corporate network, traditional endpoints, and cloud applications, leveraging

a big data security analytics cloud service, powered by AWS, to enable it to see and block all

threats to sensitive information. The Digital Guardian platform comprises the following

components:

Data Loss Prevention - Market Quadrant 2023

• Digital Guardian Data Protection Platform – the platform, powered by AWS, is designed

to operate on traditional endpoints, across the corporate network, and cloud applications, in

order to see and block threats to sensitive information. It is available either as SaaS solution,

or as a managed service deployment.

• Digital Guardian for Endpoint Data Loss Prevention – captures and records events at the

system, user, and data level, both when connected to the corporate network, or offline.

Granular controls allow organizations to fine tune responses based on user, risk level, or

other factors. It is available for Windows, macOS, and Linux endpoints.

• Digital Guardian for Network Data Loss Prevention – helps support compliance and

reduce risks of data loss by monitoring and controlling the flow of sensitive data via the

network, email or web. Digital Guardian DLP appliances inspect all network traffic and

enforce policies to ensure protection. Policy actions include allow, prompt, block, encrypt,

reroute, and quarantine.

• Digital Guardian for Cloud Data Loss Prevention – allows organizations to adopt cloud

applications and storage while maintaining the visibility and control needed to support

compliance. It integrates with leading cloud storage providers to scan repositories, enabling

encryption, removal, or other automated remediation of sensitive data before the file is

shared in the cloud. Data already stored in the cloud can also be scanned and audited at any

time.

• Digital Guardian Analytics & Reporting Cloud (ARC) – is an advanced analytics,

workflow and reporting cloud service that delivers no-compromise data protection.

Leveraging streaming data from Digital Guardian endpoint agents and network sensors, ARC

provides deep visibility into system, user and data events. This visibility powers security

analyst-approved dashboards and workspaces to enable data loss prevention and endpoint

detection and response through the same console.

• Digital Guardian for Data Classification – is designed to automatically locate and identify

sensitive data then apply labels to classify and determine how the data is to be handled. A set

of comprehensive data classification solutions, from automated content and context-based

classification to manual user classification, are optimized for regulatory compliance,

Data Loss Prevention - Market Quadrant 2023

intellectual property protection, and mixed environments.

• Digital Guardian for Data Discovery – provides visibility and auditing of sensitive data at

rest across the enterprise. Digital Guardian’s data discovery appliances use automatic,

configurable scanning of local and network shares using discovery specific inspection

policies to find sensitive data wherever it is located. Detailed audit logging and reports help

demonstrate compliance, protect confidential information and reduce data loss risk.

STRENGTHS

• Digital Guardian’s data protection platform protects sensitive data against both internal and

external threats using the same agent, network appliance and management console. It also

allows enterprises to mark data as confidential based on the context in which it was created,

and then relies on this contextual information to 'follow' data so that appropriate controls can

be applied to avoid the egress of sensitive information.

• Digital Guardian offers a range of deployment options, including a SaaS-based platform,

powered by AWS, or delivered as a fully managed solution. An on-premises option is also

available.

• Digital Guardian provides a rich set of policy templates (policies and rules with configurable

parameters) for a wide range of use cases via the DG Content Server, a securely protected

server in its MSP environment.

• Digital Guardian protects against Drip DLP, through the detection of slow leaks of small

amounts of sensitive data across multiple instances of transfers across different protocols by

leveraging stateful rules on the endpoint to monitor for suspicious activity over time, and

reporting which summarizes trends of user activity over time.

• Digital Guardian offers easy integration with Microsoft Purview Information Protection

(MPIP), as well as leading solutions for SIEM, SOAR, threat intelligence, and more.

Data Loss Prevention - Market Quadrant 2023

WEAKNESSES

• Digital Guardian has limited mobile DLP capabilities, so customers would need to rely on

third party MDM/EMM solutions.

• Digital Guardian does not offer its own CASB solution. However, it provides out-of-the-box

ICAP integration with third-party CASB solutions.

• Following the acquisition by Fortra, Digital Guardian now makes up the Fortra Data

Protection suite alongside Titus and Vera acquisitions. Fortra is enhancing integration

between these products, as well as developing a platform to deploy all the products in

tandem. Customers should check carefully on the level of integration of features and

functionality.

TRAIL BLAZERS

NEXT DLP

Huckletree West, Mediaworks,

191 Wood Lane,

London W12 7FP

United Kingdom

www.nextdlp.com

Next DLP is a provider of data protection solutions aimed at uncovering user risk, educating

users and fulfilling security, compliance, and regulatory requirements. The company is privately

held.

SOLUTIONS

Next DLP’s platform, Reveal, is a cloud-based subscription service which offers a low-profile,

self-auditing endpoint agent which can co-exist with other endpoint applications. Reveal

leverages machine learning on the endpoint to analyze user behavior and stop data loss. Through

Data Loss Prevention - Market Quadrant 2023

real-time classification and automated user guidance, it reinforces data security at the point of

risk.

Reveal offers the following key features and capabilities:

o Machine Learning (ML) on the Endpoint – Reveal uses ML to profile users. Behavioral

analysis works autonomously on the endpoint and does not require a network connection to

collect data, establish patterns, analyze behavior, and enforce policies.

o Lightweight Endpoint Agent – The Reveal agent delivers continuous visibility and protection.

It provides user and entity monitoring, incident-based training, advanced content inspection,

machine learning, and automated policy enforcement. Reveal supports Windows, macOS,

and Linux.

o Policy-free Visibility and Real-time Data Classification – Reveal autonomously evaluates

content and context to classify data as it is created, used and moved. Content level inspection

automatically identifies patterns for PII, PHI, PCI, and other fixed data types. Contextual

inspection identifies sensitive data in both structured and unstructured forms without the need

for predefined policies.

o MSSP Console and White Labeling – Reveal supports MSSP partners with a white-labeled

management console which provides a single pane of glass to deploy, manage and bill end

customers.

o Privacy by Design – Reveal uses pseudonymization while detecting and mitigating threats to

avoid compromising user privacy and limiting bias in user monitoring. Security analysts are

shielded from knowing who the user is until risk thresholds are met and formal investigations

are initiated.

o Incident-based Training – Reveal’s incident-based training helps users make safer decisions.

Real time user dialogs help reinforce corporate policies and can require acknowledgement of

policies or block actions.

o Out-of-the-Box & Customizable Policies – Reveal offers out-of-box policy templates for

common DLP and Insider Risk use cases which detect sensitive PII, PHI, and other data

Data Loss Prevention - Market Quadrant 2023

types in adherence with regulations (e.g., GDPR, HIPAA, and PCI). All devices, protocols,

and applications are monitored and may inform custom policies.

o Integration to Azure AD and LDAP – serves to synchronize users and provide useful context

for investigations. This allows for policy assignment based on user attributes, i.e., user

department, location, group membership, employee lifecycle changes, and more. Integration

to Microsoft Information Protection (MIP), SIEM and other 3rd parties is also available via a

bi-directional open API and webhooks.

STRENGTHS

• Next DLP offers a low-profile endpoint agent that delivers protection via personalized user

behavior analytics and machine learning on the endpoint. The agent is also self-auditing and

automatically generates performance reports for inspection by system administrators.

• Reveal provides visibility into endpoint activities without the need for policies. Policies can

be added at any time to define activities and data types that need more robust monitoring and

controls placed around them.

• Next DLP supports all leading platforms, Microsoft Windows, macOS, and Linux endpoints

and servers.

• Reveal provides a single management console for all product capabilities including agent

deployment, reporting, analysis, ongoing system administration, and more. For MSSP

partners it also provides the ability to manage multiple customers/tenants using a common

white labeled MSSP Console.

• Next DLP also offers Managed Services, through a team of experienced security analysts,

that can act as an extension to the customer security team and manage their DLP needs on a

day-to-day basis.

• Next DLP’s solution is well aimed at the DLP needs of mid-market organizations which may

not already have extensive DLP policies in place.

Data Loss Prevention - Market Quadrant 2023

WEAKNESSES

• Reveal is a cloud-based subscription service. Customers requiring on-premises or hybrid

deployments will need to look elsewhere.

• Reveal does not offer data at rest scanning, which the vendor considers a vestige of legacy

DLP solutions. Reveal relies instead on content inspection "on-the-fly", which the vendor

feels removes the need for scanning and fingerprinting of data at rest.

• Reveal currently offers only CASB-Lite capabilities, which include “file-based” visibility

and control for cloud storage and collaboration engines (i.e., Box, Slack, and others) however

it does not address the needs of SaaS applications like Salesforce.com which require “field-

level” data protection. Full CASB capabilities through API integration with third party

solutions are on the vendor’s roadmap.

• Reveal offers only limited Mobile DLP capabilities. While the Reveal agent can support

deployment on tablets running Windows OS, it does not support iOS or Android devices,

therefore requiring integration with third party MDM solutions.

• Customers indicated that the administrative interface and reporting capabilities could be

improved.

SPECIALISTS

SAFETICA

Laubova 1729/8, 130 00 Prague 3

Prague, Czech Republic

www.safetica.com

Safetica offers data loss prevention and insider threat protection solutions available on-premises

and in the cloud, aimed at helping organizations secure internal data, guide employees on data

protection, and stay compliant with regulations. Safetica is a Czech company with worldwide

distribution and a global customer base. The company is privately held.

Data Loss Prevention - Market Quadrant 2023

SOLUTIONS

Safetica ONE is an “all-in-one" data loss prevention and insider threat protection solution that

helps to prevent human mistakes and malicious acts to secure sensitive data while maintaining

efficient business operations. It is available in three tiers: Safetica ONE Discovery for data audit,

classification and workspace analysis; Safetica ONE Protection with DLP & insider threat

protection features; and Safetica ONE Enterprise with third party integrations, workflow control,

and AD support for multi-domain environments. It can be deployed on-premises, or on public or

private cloud servers.

Safetica NXT is a cloud-native SaaS insider threat prevention solution that helps companies

detect data security risks and investigate incidents from day one. The backend infrastructure runs

in Microsoft Azure cloud, while data security is executed by clients on endpoints. It is based on a

multi-tenant architecture suitable for both self-managed and MSP service offerings.

Safetica ONE and NXT, are both available for Windows and macOS platforms and integrate

with Microsoft 365.

Safetica also offers the following optional add-on modules:

• Safetica UEBA – offers deeper insights in user activities, helps uncover behavior anomalies

and offers detailed resource usage information.

• Safetica Compliance – introduces templates of data categories tailored to specific data

privacy regulations (GDPR, HIPAA, PCI-DSS and more) to further enhance and simplify

data classification capabilities.

Endpoint protection can be deployed either manually, or automatically via standard remote

management tools such as GPO policy, LanDesk, or specialized tools such as ESET Remote

Administrator. While Safetica is distributed as a single package, each part of the system can be

configured individually.

The Safetica product portfolio covers following data security scenarios:

Data Loss Prevention - Market Quadrant 2023

o Data flow discovery and risk detection – Safetica ONE and Safetica NXT audit and record

any attempt to leak data intentionally, or unintentionally. Safetica's risk analysis helps

administrators detect and investigate how company data could be leaked or stolen.

o Data protection – can analyze insider risks, detect threats, and help to mitigate threats

swiftly, also through instant notifications and policy enforcement. It is available in both

Safetica ONE and Safetica NXT solutions.

o Employee guidance – notifications in Safetica ONE and Safetica NXT about how to treat

sensitive data can help raise awareness around data security and educate employees.

o Regulatory compliance – helps organizations detect and prevent regulatory violations and

investigate incidents to comply with regulations and data protection standards like GDPR,

HIPAA, SOX, PCI-DSS, GLBA, ISO/IEC 27001, or CCPA.

o Workspace & behavior analysis – workspace and user behavior analysis provides an extra

level of detail to detect internal risks. It also provides control over organization assets by

understanding how employees work, print, and use hardware and software licenses, which

allows organizations to optimize costs and increase operational efficiency.

The Safetica ONE web console offers centralized policy handling, and is used to maintain

Safetica installations, set security policies, manage deployed endpoints or display monitored data

to administrators.

STRENGTHS

• Safetica ONE and Safetica NXT are easy to deploy and maintain. Both solutions have low

hardware requirements for endpoints and servers.

• Safetica ONE and Safetica NXT are designed to address a broad set of use cases, including

intellectual property protection, regulatory compliance, advanced user behavior and

workspace analysis, and security audits with data flow discovery and risk detection.

Data Loss Prevention - Market Quadrant 2023

• Safetica ONE and Safetica NXT offer high visibility into the data flow and any related

security risks, with advanced capabilities, such as hidden mode, protection against agent

manipulation, administrative audit logs, and more.

• Safetica ONE enables seamless integrations with IT security stack. It also provides reporting

API for integration with analytic services like Power BI or Tableau.

• Safetica benefits from a highly developed partner network, to help integrate the solution fully

with customer environments.

• Safetica is attractively priced for mid-size and SMB environments.

WEAKNESSES

• Safetica lacks Drip DLP detection, however it does provide alerts for cumulative DLP

violations. Enhanced Drip DLP functionality is on the vendor’s roadmap.

• Safetica does not offer dedicated Mobile DLP, however, it allows for some data loss

prevention scenarios to be addressed through integration with its CASB add-on module.

• Safetica ONE and Safetica NXT currently lack support for Linux endpoints.

• Safetica currently only provides basic CASB functionality through an add-on module for

DLP enforcement in Office 365 environments. More advanced CASB functionality is on the

vendor’s roadmap.

MICROSOFT

1 Microsoft Way

Redmond, WA 98052

www.microsoft.com

Microsoft offers products and services for businesses and consumers, through a portfolio of

solutions for office productivity, messaging, collaboration, and more.

Data Loss Prevention - Market Quadrant 2023

SOLUTIONS

Microsoft offers DLP as part of its larger Purview suite of solutions which address risk and

compliance for Microsoft 365 services, including Teams, SharePoint, OneDrive, Exchange, and

others. Purview combines the former Azure Purview and Microsoft 365 compliance solutions

and services into a single brand.

Purview allows organizations to implement data loss prevention strategies by defining and

applying DLP policies which can identify, monitor and protect sensitive items across:

• Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive.

• Office applications such as Word, Excel, and PowerPoint.

• Windows 10, Windows 11 and macOS endpoints.

• Non-Microsoft cloud applications.

• On-premises file share and on-premises SharePoint.

DLP detects sensitive items through deep content analysis which includes primary data matches

to keywords, evaluation of regular expressions, internal function validation, machine learning

algorithms, and other methods to detect content that matches existing DLP policies.

The Microsoft Purview Compliance Center (formerly Microsoft Compliance Center)

provides a central policy management console that allows administrators to define and manage

DLP policies across different services. DLP policies can be set up to monitor user actions on on

sensitive items at rest, in transit, or in use and protective actions can be taken accordingly. All

DLP monitored activities are recorded to the Microsoft 365 Audit log, which can be viewed and

searched from the Microsoft Purview Compliance Portal, and are routed to Activity explorer,

which provides a historical view of activities on labelled content. When a user performs an

action that meets the criteria of a DLP policy, and alerts are configured, DLP provides alerts in

the DLP alert management dashboard. A DLP on-premises scanner solution extends DLP

protection to on-premises file shares and SharePoint document libraries.

DLP policies can be applied to data at rest, in use, or in motion in locations, such as:

• Exchange Online email

• SharePoint Online sites

Data Loss Prevention - Market Quadrant 2023

• OneDrive accounts

• Teams chat and channel messages

• Microsoft Defender for Cloud Apps

• Windows 10, Windows 11, and macOS (three latest released versions) devices

• On-premises repositories

• PowerBI sites

Microsoft Purview Double Key Encryption helps secure sensitive data that is subject to the

strict protection requirements. The use of a Microsoft Purview Customer Key helps meet

regulatory or compliance obligations for controlling root keys, and explicitly authorizes

Microsoft 365 services to use the given encryption keys to provide value added cloud services,

such as eDiscovery, anti-malware, anti-spam, search indexing, and others.

The Microsoft 365 E3 license includes DLP protection for SharePoint Online, OneDrive and

Exchange Online. It also includes protection for files shared through Teams because Teams uses

SharePoint Online and OneDrive to share files. DLP protection in Teams Chat requires a

Microsoft 365 E5 license.

STRENGTHS

• Microsoft has made compliance and data protection a priority in recent years and is diligently

introducing a rich set of features and functionality across its entire Microsoft 365 product

offering.

• DLP comes mostly native, free of charge with many Microsoft Office 365 plans (in particular

enterprise plans such as E3 and E5), where an additional fee is required, it is usually very

small.

• Microsoft solutions are well thought out to help organizations meet compliance requirements,

as well as reduce the risk of data loss through exfiltration or malicious tampering.

Data Loss Prevention - Market Quadrant 2023

WEAKNESSES

• Microsoft’s DLP solutions are still a work in progress and are evolving rapidly, which can

make it difficult for customers to understand how the various features match up with their

own compliance goals and how to plan for future growth.

•

Microsoft offers DLP features with many different plans at different price points, but it is

often difficult for customers to understand exactly what features they are getting with what

plans.

• Microsoft offers a rich ecosystem of compliance solutions, however, integrating all

components correctly and maintaining them fully integrated throughout Microsoft’s

continuous upgrade cycle can be daunting for many organizations.

•

Microsoft customers we spoke to as part of this research, often indicated that they view

Microsoft’s DLP and compliance functionality as a steppingstone to a more complete

compliance deployment that involves additional solutions from other vendors.

COSOSYS

213 Fayetteville Street, 1st Floor

Raleigh, North Carolina

27601, United States

www.endpointprotector.com

CoSoSys offers solutions for Data Loss Prevention (DLP), including Device Control,

eDiscovery, Content Aware Protection, and Enforced Encryption. The company is privately held.

SOLUTIONS

CoSoSys’ Endpoint Protector is a comprehensive and cross-platform Data Loss Prevention

(DLP) solution for Windows, macOS and Linux. The solution focuses on avoiding unintentional

data leaks, protects from malicious data theft and offers seamless control of portable storage

devices, even when employee endpoints are offline. It covers all major exit points such as email,

cloud file uploads, messaging apps, printers, portable storage devices and more. It offers content

Data Loss Prevention - Market Quadrant 2023

monitoring and filtering capabilities, for both data at rest and in motion, ranging from file type to

predefined content based on dictionaries, regular expressions and machine learning. It supports

key data protection regulations such as GDPR, CCPA, HIPAA, PCI DSS, NIST and others.

Administrators can define detection patterns based on proximity, dictionaries, regular

expressions, and more. The movement of valuable data to unauthorized external individuals is

monitored and controlled through the exit points and administrators are alerted in the case of a

policy violation. Endpoint Protector enables seamless management of all organization endpoints,

regardless of operating system, from a single dashboard.

Endpoint Protector is offered in various form factors, including as a virtual appliance, as well as

an instance on AWS, Azure and Google Cloud. The virtual appliance supports all popular

hypervisors, e.g., VMware, HyperV, Citrix XenServer, and others. Endpoint Protector is also

available as a CoSoSys hosted SaaS solution.

Endpoint Protector features four specialized modules that can be mixed and matched based on

client needs. The modules comprise:

o Content Aware Protection – gives organizations detailed control over sensitive data leaving

their computers. Through close content inspection, transfers of PII, PHI, PCI, or important

company documents are blocked, logged and reported. File transfers can be allowed or

blocked based on predefined company policies, and can be applied to web, mail, instant

messaging apps, file shares, and more. Contextual Detection is also available which offers an

advanced way of inspecting confidential data based on both content and context. The Deep

Packet Inspection functionality currently available on Windows, macOS and Linux allows

network traffic inspection at an endpoint level and offers a detailed content examination of

file transfers. A User Remediation feature is also available.

o Device Control – gives organizations granular control over USB devices, Bluetooth and

peripheral ports’ activity on employees’ computers through a simple web interface.

Organizations can implement strong device use policies that will scan data transfers to

portable storage devices, or block their usage (or certain features, e.g. allow charging of

iPhones but not data transfer) in order to protect sensitive data.

o Enforced Encryption – can be automatically deployed or manually installed on USB devices

in the root folder, after which any data copied onto the device will be automatically

Data Loss Prevention - Market Quadrant 2023

encrypted with government-grade 256 bit AES CBC-mode encryption. The encrypted data

can be accessed both on Windows and macOS endpoints.

o eDiscovery – offers the possibility to scan sensitive data at rest, stored on employees’

endpoints based on specific file types, predefined content, file name, regular expressions or

compliance profiles for regulations such as HIPAA, GDPR, PCI DSS and others. Scans can

also take into account the proximity to dictionary keywords or Regular Expressions, as well

as various thresholds. Based on the scan results, remediation actions can be taken, such as

encrypting or deleting files that violate policies for data breach protection.

CoSoSys also offers sensitivity.io, a data loss prevention API for developers which allows them

to discover and protect sensitive data, and easily design HIPAA, PCI and other compliance

policies into their apps. It is available as distinct modules, with specific SDKs, for data loss

prevention and data classification.

STRENGTHS

● CoSoSys’ Endpoint Protector offers strong coverage for Windows, macOS and Linux, with

feature parity across platforms, zero-day support and a lightweight agent. This makes it a

good choice for organizations running mixed OS environments.

● Endpoint Protector enables seamless management of all company endpoints from a single

dashboard.

● CoSoSys offers diverse deployment options, including virtual appliances, thus meeting the

needs of customers with a wide range of infrastructures.

● CoSoSys Endpoint Protector is easy to install and deploy through flexible policy

management and an intuitive user interface.

● CoSoSys’ Endpoint Protector solution is designed to also be easily managed by non-

specialized technical personnel.

Data Loss Prevention - Market Quadrant 2023

WEAKNESSES

● CoSoSys offers OCR image analysis capabilities, but they only cover a limited number of

languages.

● CoSoSys does not currently offer support for mobile DLP, or integrations with leading EMM

or MDM solutions.

● CoSoSys does not currently offer capabilities for detecting Drip-DLP. The vendor has this on

its future roadmap.

● CoSoSys does not currently offer or integrate with CASB capabilities. The vendor has this on

its future roadmap.

FIDELIS CYBERSECURITY

4500 East West Highway, Suite 400

Bethesda, MD 20814

Fidelis Cybersecurity offers automated threat detection, hunting and response solutions.

The company was originally known for its network DLP solutions, however, it has broadened its

portfolio to the Automated Threat Detection and Response solutions for network, endpoint and

cloud. The company is owned by Skyview Capital, a global private investment firm.

SOLUTIONS

Fidelis offers network DLP as part of its Elevate platform, which comprises network, endpoint,

deception, extended detection and response (XDR), cloud access security broker (CASB)

modules which can be deployed in various form factors including on-premises, cloud, and hybrid

models. Fidelis Elevate offers only DLP in motion through monitoring of application, protocol,

and content data in sessions. The solution is largely OS agnostic.

Data Loss Prevention - Market Quadrant 2023

Fidelis provides network DLP analysis through five network layer sensor locations (direct,

internal, cloud, email and web) with the last two designed to integrate with third party email

appliances and web proxy solutions as follows:

o Fidelis Network Mail – integrates in the SMTP conversation by providing full SMTP support

through Fidelis' embedded MTA, as well as a Milter interface as an additional integration

method for email hygiene solutions like Microsoft 365, Cisco, Proofpoint, SendMail and

Postfix. It can be deployed in the Microsoft 365 cloud to provide DLP for mail, as well as

email threat prevention and detection.

o Fidelis Network Web – integrates with third party Web Proxy and CASB solutions through

an ICAP interface to add a DLP capability for proxy solutions like Broadcom, Trellix,

Netskope, and others. The Fidelis Network sensor also allows monitoring of social networks

for DLP, such as Twitter and Facebook, through its session inspection technology.

o Fidelis Network Collector – is an add-on component that stores network and content

metadata for over 300 attributes plus custom tags from the sensors providing visibility into

data leaks that occurred in the past. The Collector allows users to search, pivot and hunt on

content and context for leakages on-demand or create scheduled automations. It also

integrates with IP-to-ID solutions allowing for user attribution.

o Fidelis Network Sensors – include direct sensors at gateways for ingress and egress

monitoring, indirect sensors for data center and internal monitoring, plus cloud sensors for

virtual machine monitoring. Fidelis leverages Microsoft’s VTAP (virtual network TAP) to

Azure to monitor cloud network traffic natively between virtual machines without an agent.

Fidelis also supports Amazon’s VPC Traffic mirror for cloud apps natively without an agent.

The Fidelis Cybersecurity Threat Research Team (TRT) regularly make streaming policy

updates available to customers based on ongoing research and machine learning. The policy

updates are delivered to customers automatically via the Fidelis Insight Cloud service.

The Fidelis Elevate network sensors are configurable from a single management UI, called

Command Post, that can be deployed on premises, in the cloud, or provided by Fidelis as a

managed cloud service.

Data Loss Prevention - Market Quadrant 2023

STRENGTHS

• Fidelis solutions can be deployed in various form factors including on-premises, cloud, and

hybrid models, or as a managed detection and response (MDR) service.

• Fidelis offers a good set of out-of-the-box policies and rules for securing sensitive

information. It has added OCR support to its email DLP capabilities.

• Fidelis offers DLP as part of a broader solution for network, endpoint, and deception post

breach threat detection and response, which will appeal to organizations that want to deploy

an integrated solution for compromise intelligence, detection and response automation.

WEAKNESSES

• Fidelis does not offer DLP for data-at-rest, or data-in-use, focusing instead on DLP for data in

motion, and bringing that together with its broader threat automation detection and response

capabilities.

• Fidelis does not integrate with mobile security solutions and does not offer endpoint DLP.

• Fidelis does not offer visibility into encrypted traffic.

• Fidelis has lost some mindshare in the DLP space, as it has pivoted its focus on its automated

threat detection and response solutions.

Data Loss Prevention - Market Quadrant 2023

THE RADICATI GROUP, INC.

http://www.radicati.com

The Radicati Group, Inc. is a leading Market Research Firm specializing in emerging IT

technologies. The company provides detailed market size, installed base and forecast information

on a worldwide basis, as well as detailed country breakouts, in all areas of:

• Email

• Security

• Social Media

• Instant Messaging

• Archiving & Compliance

• Wireless & Mobile

The company assists vendors to define their strategic product and business direction. It also

assists corporate organizations in selecting the right products and technologies to support their

business needs.

Our market research and industry analysis takes a global perspective, providing clients with

valuable information necessary to compete on a global basis. We are an international firm with

clients throughout the US, Europe and the Pacific Rim. The Radicati Group, Inc. was founded in

1993.

CONSULTING SERVICES

The Radicati Group, Inc. provides the following Consulting Services:

• Strategic Business Planning

• Management Advice

• Product Advice

• TCO/ROI Analysis

• Investment Advice

• Due Diligence

MARKET RESEARCH PUBLICATIONS

The Radicati Group, Inc. develops in-depth market analysis studies covering market size, installed

base, industry trends and competition.

To learn more about our reports and services,

please visit our website at www.radicati.com