TrueDLP

When it comes to network data loss prevention solutions monitoring SSL encrypted traffic a lot depends on the transparency of the web/ICAP proxy and how it is configured to handle SSL certificates. Some proxies are better at this than others.  Pretty much all the network DLP solutions utilize ICAP integration with a web proxy for inspecting SSL traffic and are somewhat/very successful.

When it comes to endpoint data loss prevention solutions monitoring SSL encrypted traffic there are issues.

1. You can’t monitor traffic from systems that don’t have the endpoint solution on them, for example guest machines, contractors, visitors, etc. Or the endpoint solution may not be available for all the different endpoint operating systems and browsers used on your network. A network based solution monitors/controls anything going through the gateway regardless.
2. The endpoint solution has to have its inspection/control happen prior to the data being SSL encrypted by the web browser. This can be difficult to build and not all endpoint solutions can do this. If the endpoint solution is built to handle IE browsers you may need to lock the endpoint down to prevent other browsers (chrome, safari, etc) from being installed and used.
3. The deployment and management issue – network DLP is much easier and less disruptive to deploy and manage than installing an endpoint DLP agent on every desktop in your organization.

I’m not against endpoint DLP, it’s one of the products Code Green offers, but network DLP is a much better solution for web traffic monitoring and control.