New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
2008 Best Deployment Scenario

 Data Loss Prevention Requirements Roadmap



The Orchestria Solution mitigates the risks from control-free electronic message, web, and file activity occurring in firms at huge scale on a daily basis.  This activity involves a wide range of data types including personally identifiable information (PII), intellectual property (IP), non-public information (NPI), personal health information (PHI), and any other type of sensitive or otherwise confidential data.  Orchestria enables Organizations to learn where their valuable electronic information is located, where it is being moved, the level of risk it represents, and to ensure that it doesn’t fall into the wrong hands, both inside and outside the organization. 

Info Security Products Guide
this article
COMPARE and print reports
RATE products
Tomorrow's Technology Today
Intellectual Property Protection


Orchestria Data Loss Prevention (DLP) is an enterprise class solution intended for use by the world’s leading organizations to actually prevent data loss and to meet all information security requirements in a single, fully integrated system.  It is designed to overcome the limitations of other DLP solutions by providing a truly comprehensive, accurate, and flexible solution that can analyze data and take corrective action at all relevant points of risk.   

First, the most vulnerable risk points must be identified and prioritized.  Unwanted internal and external disclosure of NPI (financial, HR, legal, and regulatory data), PII (social security numbers, credit card information, personal health data), and IP (patents, trademarks, design plans) can occur at many different points throughout your network.  And, the data being leaked can be structured (social security numbers) or unstructured (such as a free-form discussion in e-mail).  Orchestria addresses all risk points including corporate e-mail, removable storage devices, and Web activity at all important breach points including the network boundary, endpoint (desktop PCs,  laptops), and infrastructure servers used for messaging or file scanning. 

Orchestria detection and analysis goes far beyond matching simple key words and phrases by examining content-around-content and context, while considering the identity of the end users involved.  These detection techniques set Orchestria apart by identifying the genuine breaches that are occurring in the organization without flagging business-appropriate events.  For most systems, 9 out of every 10 events flagged as a violation are non-violations.  With Orchestria, this ratio is reversed, delivering operational efficiency along with the identification of severe risks in the enterprise.

Orchestria provides hundreds of accurate pre-built policies or rule sets.  These proven policies provide full coverage while enabling quick deployment.  Orchestria policies are as sophisticated as required, yet are completely customizable so that they meet a company’s exact needs.  Another important point is that Orchestria resolves a wide range of risk management issues beyond guarding sensitive personal information.  Many solutions only focus on this kind of protection – such as for social security numbers.  Orchestria’s flexibility enables it to analyze all types of data to ensure protection for what a firm requires today and what it may determine is needed in the future. 

Once an incident is detected, Orchestria responds in real time with the appropriate action such as a block, quarantine, or warn, and then provides suitable steps for immediate remediation.  Each response is gauged specifically to the type and severity of the violation.  Because Orchestria possesses the flexibility to take the right action for each breach, the incidents can be effectively prevented and not just monitored.  By interacting with end-users in the form of pop-up messages or in email, Orchestria provides on-going education by reinforcing correct behavior. 

Orchestria can accurately secure content in many forms throughout the enterprise – such as Intellectual Property or Non-Public Information in email, Web activity, a file being transferred, and even in static documents residing in file repositories.  Once the incident is detected (and prevented), Orchestria provides an efficient and decisive approach for resolving the breaches.  The Orchestria iConsole is a complete, secure, fully customizable review application that helps supervisors review, audit, escalate, annotate, report, and resolve problematic activity.  With Orchestria, there is no need to employ third-party case management tools or to process obscure system detection logs.  The originator of problematic content can be notified of incident status or required action via automated, secure messages sent from the iConsole.    

At the foundation of all of these capabilities is a rock-solid architecture built for flexibility, performance, and fault tolerance.  Orchestria can scale to process activity from hundreds of thousands of employees.  The agent-based architecture is modular, allowing enterprises to address their most pressing requirements while being able to add new controls as needs change in the future.  For example, if an enterprise only wanted to protect activity at the network boundary, the Orchestria Network Boundary Agent could be deployed.  In the future, if the organization then determined that protection at the desktop (or laptop) was needed, the Orchestria Client or Endpoint Agents could be added to the existing layout without the need for a “forklift” upgrade or re-deployment. 

Orchestria is managed centrally.  The Central Management Server stores all policy definitions and event metadata – including the events objects (email, files, etc.).  Orchestria Client Agents protect against user activity performed within applications such as Microsoft Outlook, Lotus Notes, Internet Explorer, and many others where data can be improperly sent, saved or printed.  Orchestria Server Agents reside at message servers or on file scanning servers where data can be analyzed and captured for review.  And, Orchestria Network Boundary Agents (NBA) protect against IP, PII, NPI, and other sensitive or confidential data from leaving the enterprise.  The Orchestria NBA can monitor many protocols including HTTP, SMTP, FTP, IM formats, and others – agnostic of the port number.  Orchestria accurate policy is securely and automatically deployed to all appropriate agents throughout the deployment as updates and new policies are made available.  Content throughout the enterprise, including intellectual property, can be accurately identified and protected – regardless of the location or the transport mechanism used to “leak” the content.  


Orchestria protects enterprises from data loss risk across all “channels” by detecting and preventing the true violations from occurring and causing extensive financial, legal, and brand damage.  For incidents identified by the system, industry-leading accurate analysis avoids the need to investigate numerous false-positives, enabling organizations to concentrate remediation efforts on genuine breaches.

Orchestria Corporation
437 Madison Ave.  33rd Fl.
New York, NY 10022  USA
Tel: +1 (212) 364-5300
CLICK HERE to download whitepaper