Attacks/Breaches
1/22/2009
10:15 AM
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Data-Loss Prevention Software Takes Security Up A Notch

Vendors offer more options for protecting data throughout its travels. We'll put their claims to the test.

Not long ago, CIOs faced an uphill battle trying to convince their organizations of the need for enterprise spam protection. Today you'd be hard-pressed to find even a small organization that hasn't implemented some sort of integrated spam/virus protection strategy.

Antivirus protection is crucial, but the growing list of very public data leaks and their often-expensive aftermath show that stopping external attacks isn't the last word in protecting valuable information. The need for more safeguards has spawned a new class of protection, dubbed data-loss prevention, or DLP.

Granted, only a small percentage of businesses have to worry about safeguarding millions of records containing credit card data. But every organization holds confidential data of some sort that must be protected--whether it's a spreadsheet with payroll data or the design for a top-secret weapon being built by a defense contractor. Therefore, all organizations have significant motivation to protect key digital assets.

End-To-End Awareness
However, if the need for safer data is clear, the definition of DLP isn't. What constitutes DLP? Any piece of backup software, disk encryption software, firewall, network access control appliance, virus scanner, security event and incident management appliance, network behavior analysis appliance--you name it--can be loosely defined as a product that facilitates DLP.

For the purposes of this Rolling Review, we will define enterprise DLP offerings as those that take a holistic, multitiered approach to stopping data loss, including the ability to apply policies and quarantine information as it rests on a PC (data in use), as it rests on network file systems (data at rest), and as it traverses the LAN or leaves the corporate boundary via some communication protocol (data in motion).

Locking down access to USB ports or preventing files from being printed or screen-captured isn't enough anymore; organizations require true content awareness across all channels of communication and across all systems.

DIG DEEPER
Risk Meets Reality
Build a comprehensive vulnerability management program that works.
Forward-thinking firewall vendors like Palo Alto Networks are beginning to package DLP capabilities in their appliances, but generally speaking, you can't ask your Cisco PIX or Check Point firewalls to examine the content of a spreadsheet being sent via FTP to a business partner to determine if a business rule is being broken.

In an environment where IT is expected to beef up security while users demand increasingly liberal usage policies, how are IT managers supposed to ensure data integrity? Clearly, most corporate IT departments are in no position to implement strict usage policies. Implementing DLP at the endpoint only is the most practical approach. Most organizations, however, live in a big house with many open windows, so an increasing number of organizations are turning to vendors that offer protection and awareness of data as it moves through the network as well.

Prices for DLP run the gamut, ranging from around $30 per seat for endpoint encryption products to six figures and beyond for end-to-end systems.



(click image for larger view)

Illustration by Jupiter Images

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.