Recently, Internet-Scale Event and Attack Generation Environment (ISEAGE), a testing facility built to simulate any network architecture, benchmarked a number of DLP providers, including Palisade Systems.

While we love it when we are benchmarked against others in our space – we know we are a leader in DLP for small and medium sized enterprise companies, and that we provide an easy-to-use, robust solution – the review itself had a few errors and misconceptions that we would like to correct.

Or, in blog parlance – we're fisking that article. The italicized, indented portions are from the article, with our response in bold.

The DLPs were set up inline (except for Code Green's Content Inspector, which doesn't support in-line mode) between a simulated WAN and LAN and were configured with a set of 10 rules. We then ran about 1,100 files through each device, waiting about a minute between each file, to determine how accurately the device detected and blocked a total of 276 "bad" files and to what degree network performance was affected by the inline DLP.

Palisade Systems' PacketSure product does support an inline configuration but this configuration is not recommended for use in a DLP deployment. In rare cases, it is needed with protocol management features supported by PacketSure. If a corporation is going to deploy a Palisade Systems solution, we make recommendations for the optimal set-up.

Also, in our testing the rules did not always work as expected. For example, one "content analysis checkbox" means packet analysis and another content analysis checkbox actually reassembles the data stream before it analyzes it (similar to all the other products).

The PacketSure appliance supports features for both Protocol Management and Data Loss Prevention, but nowhere in the interface do we have a check box for “Content Analysis” representing analysis at the packet level (protocol management). This phrase is used to represent the inspection we do after streams have been reassembled.

PacketSure seems to have a "phone home" functionality enabled out of the box. After turning on the device, it immediately started attempting to connect to a remote Citrix server (to assist with setup). For a vendor that is providing a device to rein in data leakage, this seems an odd default setting, but this could be a useful tool for optional troubleshooting

Palisade supports a Citrix server plug-in that communicates to the PacketSure appliance. Log messages were misunderstood as a “phone home” when in actuality these messages are the result of the service on the PacketSure that is listening for the Citrix server communication. They have nothing to do with a “phone home” attempt.

PacketSure, possibly because it seems to contain two products in one, was the slowest product, performing at only 55% of the allowable bandwidth.

Performance numbers reflect the “inline” installation, which is not recommended.

… When you combine the two, problems emerge, creating unexpected results. For example when you try to limit content analysis to a certain protocol, you have to choose between using a weaker content analysis system (which won't reassemble the stream) or not limit your blocking based on protocols.

While this is technically true, ISEAGE used the wrong set-up. The Protocol Management features within PacketSure are primarily used to block entire protocols. However, there are extended features that allow for blocking based on total size and custom content on a per packet basis. These features can be used to match connections based on size, and file based on name and type. Theses extended features are not compatible with the PacketSure DLP analysis that allows for matching based on SSN, credit card numbers, PHI, PFI, fingerprinted documents, elements uploaded from a database, custom ERE’s, and custom lexicons. So what you have to choose between is searching for DLP based on size, name and type or based on types of content.

Palisade's PacketSure could set up fingerprinting, but could only do it using flat files.

PacketSure fingerprinting allows for the upload of any file type that Autonomy supports. We have an interface that allows data from a database to be uploaded and matched on, this interface is limited to a flat file.

At Palisade Systems, we take a customer-centric view on our products and services. We fully believe our solution is the best solution for small and medium sized enterprise corporations, to the point that we offer a “taste test” and a post-analysis of the system: what we catch, what you need to monitor, etc.

The review brings up some great points – we are a great solution. Don’t rely on a review that got it half right, but test the system yourself.