Data breaches pose a serious threat to organizations of all sizes, as the number of incidents and associated costs are on the rise. Whether a data leak was intentional or not, it can also cause permanent reputation damage to your organization. WatchGuard Data Loss Prevention (DLP) is a comprehensive service that helps keep your confidential data private. It prevents data breaches and enforces compliance by scanning text and files to detect sensitive information attempting to exit your network.
The big issue with data-loss protection is the end-to-end encryption between the user and whatever site they're connecting to. And that diminishes the effectiveness of the data loss protection because it can't inspect all of the data contents. Formatting is still reliant on numbers, letters, and sequences recognizable as credit cards, driver's license birthdays, etc. There's a lot of other sensitive material that could be at a client site, for example, that doesn't have a known methodology. It can be challenging to set it up to recognize instances of information unique to an environment. Unfortunately, it's even the case with a company like Microsoft. I would compare it to the data loss protection within Office 365 and say that it has the same inherent problems that you see with any encrypted email.
WatchGuard Data Loss Prevention catches so little. When I've implemented it, it just can't look at the traffic in a thorough enough manner to capture as much as it should. And I find that I'm disenchanted with all data loss protection solutions I've tested and looked at. WatchGuard certainly is not any better or worse than the others. It's just not a technology I have much faith in.
You can get awfully granular in the setup, but it reminds me of antivirus software. True antivirus software catches very little. It's rare that antivirus software identifies a true virus. Everything's becoming more complicated, so now you need to look at detection and correlated threat response systems that are more effective than traditional antivirus. Data loss protection, I'm afraid, is kind of in that space.
We've used Watchguard Data Loss Prevention off and on for several years depending on the client's needs.
Overall, I have utilized WatchGuard solutions for at least 20 years. I have been with them as they switched from private to public ownership and back again. So I've been a pretty faithful user for an excessive amount of time.
I find that their tech support is excellent. And as a reseller, my relationship with my point of contact is also strong. WatchGuard does a good job of maintaining that. So even if you are not getting the best response from support, you have a method to escalate it. I have so few incidents where I need to reach out to support. My most recent incident was handled very quickly, but with my experience, I don't have to call them often. At most, I maybe contact them once or twice a year. I have a lot of WatchGuard devices in service with my clientele.
It's a very simple setup.
I've never licensed it as a separate solution. It's always included in the licensing that would be appropriate for a medical facility, so I've never purchased DLP as an add-on to their basic licensing. I wouldn't say that I can give you a straight answer. It's never even come up in conversation to license it as a standalone solution.
I would rate WatchGuard five out of 10, but all of the data loss protection solutions I've looked at would be in that five range. I haven't found one that I would put much faith in.
Honestly, I think that data loss protection is just part of a whole configuration. Let's say you need granular control, reporting, and things of that nature. In that case, you need to do an extensive job configuring the firewall. It's probably insufficient to run the quick setup wizard and say that's good enough. So if you're looking to implement a feature like data loss protection, you probably need to have a relatively advanced technical person doing that configuration. So it's not difficult. But conceptually, to be effective, you need to have an excellent understanding of firewalls and firewall methodology.
