Check Point Planning Network-Based Data-Leak Protection
Shwed's keynote address offered few details about any upcoming product, but did suggest that Pointsec's full disk encryption and I/O port management offerings represent the endpoint-based component of a broader strategy, which would also include a gateway-based component to address data leakage over the network.
"Yeah, I was wondering about that," said Chris Boykin, senior security consultant at Friendswood, Texas-based Got Net Security. "They mentioned data leaks on a some of those slides; does that mean that's where they're going? It peaked people's curiousity. We're seeing an issue around e-mailing or IMing out information, but that's not covered under Check Point's current stuff."
In discussions after his keynote, Shwed was more explicit. "We look at data security as having two parts: data at rest, and data in motion. Disk encryption gives us the data at rest part. For data in motion, you need to have some kind of inspection at the gateway."
Shwed was more cagey, however, about whether they planned to create a DLP product in-house or acquire an existing player. While acknowledging that it was "watching" some companies in the DLP space, he suggested that Check Point may be attempting to develop something entirely new.
"What we do won't necessarily look like what's already on the market," he said. "There are other companies out there already doing interesting things, and we don't necessarily feel we have to compete with them. We can bring something different to the market, and work with the companies already out there."
The DLP market is relatively small but growing fast. Garter esimates total 2006 sales in the space at $50 million, while predicting 2007 sales of $120 to $150 million. Symantec, McAfee, and Trend Micro have all announced new DLP products in the past 6 months.