Attacks/Breaches
1/22/2009
10:15 AM
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Data-Loss Prevention Software Takes Security Up A Notch

Vendors offer more options for protecting data throughout its travels. We'll put their claims to the test.

Not long ago, CIOs faced an uphill battle trying to convince their organizations of the need for enterprise spam protection. Today you'd be hard-pressed to find even a small organization that hasn't implemented some sort of integrated spam/virus protection strategy.

Antivirus protection is crucial, but the growing list of very public data leaks and their often-expensive aftermath show that stopping external attacks isn't the last word in protecting valuable information. The need for more safeguards has spawned a new class of protection, dubbed data-loss prevention, or DLP.

Granted, only a small percentage of businesses have to worry about safeguarding millions of records containing credit card data. But every organization holds confidential data of some sort that must be protected--whether it's a spreadsheet with payroll data or the design for a top-secret weapon being built by a defense contractor. Therefore, all organizations have significant motivation to protect key digital assets.

End-To-End Awareness
However, if the need for safer data is clear, the definition of DLP isn't. What constitutes DLP? Any piece of backup software, disk encryption software, firewall, network access control appliance, virus scanner, security event and incident management appliance, network behavior analysis appliance--you name it--can be loosely defined as a product that facilitates DLP.

For the purposes of this Rolling Review, we will define enterprise DLP offerings as those that take a holistic, multitiered approach to stopping data loss, including the ability to apply policies and quarantine information as it rests on a PC (data in use), as it rests on network file systems (data at rest), and as it traverses the LAN or leaves the corporate boundary via some communication protocol (data in motion).

Locking down access to USB ports or preventing files from being printed or screen-captured isn't enough anymore; organizations require true content awareness across all channels of communication and across all systems.

DIG DEEPER
Risk Meets Reality
Build a comprehensive vulnerability management program that works.
Forward-thinking firewall vendors like Palo Alto Networks are beginning to package DLP capabilities in their appliances, but generally speaking, you can't ask your Cisco PIX or Check Point firewalls to examine the content of a spreadsheet being sent via FTP to a business partner to determine if a business rule is being broken.

In an environment where IT is expected to beef up security while users demand increasingly liberal usage policies, how are IT managers supposed to ensure data integrity? Clearly, most corporate IT departments are in no position to implement strict usage policies. Implementing DLP at the endpoint only is the most practical approach. Most organizations, however, live in a big house with many open windows, so an increasing number of organizations are turning to vendors that offer protection and awareness of data as it moves through the network as well.

Prices for DLP run the gamut, ranging from around $30 per seat for endpoint encryption products to six figures and beyond for end-to-end systems.



(click image for larger view)

Illustration by Jupiter Images

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant