Feature
|
miniOrange
|
GTB DLP
|
|
PRODUCT ARCHITECTURE & DEPLOYMENT
|
| Product Type |
- Standalone, purpose-built DLP platform. Covers Email DLP, Endpoint DLP, and Cloud DLP as an integrated suite, with no dependency on another product.
|
- Enterprise data security suite assembled from separately licensed modules.
|
| Plan Accessibility |
- All DLP features are included across plans without forced upgrades.
|
- Licensed by module and by user or endpoint count, so full channel coverage depends on which modules are bought.
|
| Deployment Options |
- Full Cloud and On-Premise deployment supported across both Email DLP and Endpoint DLP.
|
- On-premises (hardware or virtual appliance), hybrid, and cloud native deployment, with agent-based or agentless options depending on the channel.
|
| Scalability |
- Supports enterprise-scale environments with flexible, cost-effective pricing.
|
- Built exclusively for large enterprise scale.
|
|
DLP CHANNEL COVERAGE
|
| Email DLP |
- Dedicated Email DLP Scans outbound emails, attachments, and message content in real time. Integrates natively with Gmail, Outlook, Zoho and Exchange.
|
- Email is handled at the network layer through the Inspector's onboard Mail Transfer Agent (MTA) acting as a smart host for On-premise mail servers.
|
| Endpoint DLP |
- Dedicated Endpoint DLP covering USB drives, Bluetooth, external HDDs, Printers, network devices, and web uploads with OCR support. Supports Windows, macOS, and Linux.
|
- Endpoint Protector provides content aware data in use inspection, device control, and on or off network protection across Windows, macOS, and Linux.
|
| Cloud & Web App Control |
- Blocks file uploads to unapproved platforms. HTTP traffic monitoring with allow/block domain policies and time-based access controls.
|
- Monitors and controls cloud storage (OneDrive, Dropbox, Google Drive, Box, SharePoint), web uploads via browsers, and Microsoft 365 (Exchange Online, SharePoint Online, Teams, OneDrive).
|
| Agentless Protection |
- Email DLP is fully agentless, hence no agent is required on user devices.
|
- Endpoint protection requires the agent on each device, and even GTB's agentless email rides on the Inspector appliance, so customers always deploy either an agent or hardware.
|
| Personal Email Access Control |
- Restricts access to personal email accounts (Gmail, Yahoo) on corporate endpoints.
|
- No dedicated control to block access to personal email accounts on corporate devices. GTB can only inspect webmail content as it passes over the network, not enforce account level access on the endpoint.
|
|
OPERATING SYSTEM & PLATFORM SUPPORT
|
| Windows |
- Full Windows support across all Endpoint DLP features.
|
- Windows is supported, but coverage is delivered through separately licensed network, endpoint, and discovery modules rather than one platform, so full Windows protection means buying and managing several components.
|
| macOS |
- Full macOS support, device control, file monitoring, and policy enforcement.
|
- macOS is supported, but independent reviews report deployment friction on Mac and no ability to push agent updates from the console, so Mac rollouts carry extra operational cost.
|
| Linux |
- Linux is listed as a supported OS for Endpoint DLP.
|
- Linux endpoint support is available.
|
| Mobile Device Support |
- Extends DLP policies to iOS and Android via MDM integration.
|
- No support for mobile devices
|
|
DEVICE MANAGEMENT & PHYSICAL SECURITY
|
| Remote Lock |
- Administrators can instantly lock endpoint devices remotely.
|
- No remote device lock. GTB is a data security tool and does not handle device lifecycle actions.
|
| Remote Wipe |
- Securely erases sensitive data from lost, stolen, or decommissioned devices remotely.
|
- No remote wipe. Data at rest is addressed only through encryption, not device erasure.
|
| Geo-Tracking |
- Real-time device location tracking from the admin console, combined with remote lock/wipe.
|
- No device location tracking. GTB offers only network and IP-based access rules, not device geolocation.
|
| Device Remote Access |
- Administrators remotely access endpoints to diagnose issues and enforce policies without physical access.
|
- No remote device administration or diagnostics.
|
| USB & Removable Media Control |
- Monitor, audit, and log every data transfer from removable storage. Device blocklisting and temporary policy relaxation.
|
- Monitors, audits, and logs removable media transfers, but only through the agent and without temporary policy relaxation features.
|
| Advanced Device Control |
- Granular control of USB, printers, external HDDs, and network devices with blocklisting.
|
- Policy-based device control, but delivered as part of a detection-only endpoint module with no device management layer around it.
|
|
EMPLOYEE MONITORING & ACTIVITY CONTROL
|
| Employee Activity Monitoring |
- Comprehensive monitoring, AD session tracking, login monitoring, unusual session capture, and camera/screenshot policies.
|
- Limited to file activity monitoring. No session tracking, login monitoring, or screenshot policy layer.
|
| Screenshot & Camera Policies |
- Policies can restrict screenshots and screen recording to help prevent sensitive information from being shared visually.
|
- Can only inspect screen-captured content via OCR after the fact. No control to actually restrict screenshots or screen recording.
|
| Login Monitoring |
- Tracks login activity across endpoints to detect suspicious behaviour.
|
- No dedicated login monitoring. The platform centres on data movement, not user access events.
|
|
DATA DISCOVERY, CLASSIFICATION & INTELLIGENCE
|
| Data Discovery & Classification |
- Identifies and classifies sensitive data on endpoints and applies security policies automatically.
|
- Discovery is a separately licensed module (eDiscovery) that relies on data registration and tuning to deliver its fingerprinting and Exact Data Match accuracy, adding cost, setup time, and specialist effort.
|
| Insider Threat Detection |
- Identifies unusual email and device patterns indicating insider threats. Real-time alerts on suspicious activity.
|
- Insider detection is limited to anomaly scoring on data events. No login, session, or behavioural layer behind it.
|
| OCR / Image DLP |
- Uses Optical Character Recognition (OCR) to detect sensitive text within images and enforce data protection policies on image content.
|
- OCR is capable but only delivered through the relevant licensed modules.
|
| File Upload Restrictions |
- Prevents upload of unauthorised file types and content classification (PDF, DOCX, XLSX, ZIP, EXE) to unapproved platforms.
|
- Content-aware upload control, but without explicit, granular file type allow and block lists.
|
| Google Drive Data Classification |
- Classifies sensitive data stored in Google Drive and applies protection policies automatically, delivered natively within miniOrange Cloud DLP.
|
- They can cover and secure Google Workspace, but cloud data classification is delivered through its separately licensed discovery module and native API integration, adding components, cost, and setup.
|
|
INTEGRATIONS & ECOSYSTEM
|
| Email Platform Integration |
- Direct native integration with Gmail, Microsoft Outlook, and Exchange for real-time outbound email scanning.
|
- No native integration with Gmail or Zoho. Email runs through the Inspector appliance and proxy or ICAP layer.
|
| IAM Integration |
- Native Identity and Access Management (IAM) integration, miniOrange's own IAM platform provides single-vendor security.
|
- No IAM product or integration at all. GTB is a data security specialist only.
|
| CASB Integration |
- Cloud Access Security Broker (CASB) integration provides cloud data visibility across SaaS applications.
|
- Relies on third-party integrations such as Netskope and Skyhigh rather than native CASB, with more products to license and connect.
|
| MDM Integration |
- Mobile Device Management (MDM) integration extends DLP policies to mobile and BYOD devices.
|
- No MDM integration. Mobile and BYOD coverage is left unaddressed.
|
| Active Directory (AD) |
- Active Directory integration for both Email DLP and Endpoint DLP, enabling user-based policy enforcement.
|
- Integrates with AD and LDAP for agent deployment and user policy.
|
| AD Self Service Password Reset |
- Supports Active Directory self-service password reset through miniOrange's native identity platform, letting users securely reset their own passwords without helpdesk involvement.
|
- No self-service password reset functionality.
|
| Unified Security Platform |
- DLP + IAM + CASB + MDM on a single miniOrange platform, one vendor for complete coverage.
|
- No IAM and no MDM, so a full identity, device, and data stack needs additional third-party products.
|
| Netskope Interoperability |
- Supports integration with Netskope products.
|
- Limited support with Netskope.
|
|
COMPLIANCE & REGULATORY COVERAGE
|
| Regulatory Frameworks |
- Supports compliance requirements for GDPR, HIPAA, ISO, PCI DSS, and RBI regulations.
|
- Covers the major global frameworks but does not address India-specific RBI guidance.
|
| Audit Logs & Reporting |
- Comprehensive audit logs for email and endpoint events. Real-time alerts and compliance-ready dashboards.
|
- Console reporting is tied to each licensed module, with MS 365 traceability through a separate add-on.
|
| Role-Based Access Control |
- Granular RBAC for dashboards across Email and Endpoint DLP. Custom roles and module-level permissions.
|
- Console level admin access, with granular per module RBAC not documented publicly.
|
|
INDUSTRY USE CASES
|
| Healthcare |
- Patient records and sensitive healthcare information are protected across email and endpoint channels, helping organisations meet healthcare data security and privacy requirements.
|
- Protects PHI across its modules, but only on the channels and devices it covers, with no mobile or BYOD reach.
|
| BFSI / Finance |
- Financial data and cardholder information are secured with controls aligned to industry and banking regulatory standards, including PCI DSS and RBI requirements.
|
- Covers PCI DSS, GLBA, and SOX, but not India-specific RBI requirements.
|
| Manufacturing |
- Prevents blueprints, designs, and R&D documents from being emailed or transferred externally.
|
- Protects IP across the network and endpoint, but only via separately licensed modules and with no mobile coverage.
|
| Remote Workforce |
- Cloud email and endpoint policies for distributed teams. Supports corporate-managed and BYOD devices via MDM.
|
- Off-network endpoint protection only. No mobile or BYOD support is a real gap for distributed teams.
|
| IT & Technology |
- Detects code fragments shared via email; prevents code cloning or exfiltration from development machines.
|
- Detects code exfiltration on the channels it covers, but with no email platform integration and no mobile reach.
|
| Education |
- Protects student and staff data from accidental email disclosure and unauthorised endpoint transfers.
|
- Protects records across its modules, but without native email integration or mobile coverage for student and staff devices.
|
|
SUPPORT, ADMINISTRATION & ONBOARDING
|
| 24/7 Support |
- 24×7 global technical support is included across all support plans.
|
- Support via knowledge base and MSSP programs, with no clearly stated 24x7 global support tier.
|
| Deployment & Onboarding |
- Fast deployment with guided onboarding included as part of the setup services. Consultation and implementation assistance are provided for all customers.
|
- Markets a minimum change Inspector, but independent reviews report deployment needs technical expertise, with friction on Mac and no console-based agent updates.
|
| Admin Dashboard Customisation |
- Fully customisable admin dashboard with white-label branding options and configurable widgets.
|
- Central console only. Product-level white-label branding and configurable widgets are not documented.
|
