Attacks/Breaches
1/22/2009
10:15 AM
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Data-Loss Prevention Software Takes Security Up A Notch

Vendors offer more options for protecting data throughout its travels. We'll put their claims to the test.

Not long ago, CIOs faced an uphill battle trying to convince their organizations of the need for enterprise spam protection. Today you'd be hard-pressed to find even a small organization that hasn't implemented some sort of integrated spam/virus protection strategy.

Antivirus protection is crucial, but the growing list of very public data leaks and their often-expensive aftermath show that stopping external attacks isn't the last word in protecting valuable information. The need for more safeguards has spawned a new class of protection, dubbed data-loss prevention, or DLP.

Granted, only a small percentage of businesses have to worry about safeguarding millions of records containing credit card data. But every organization holds confidential data of some sort that must be protected--whether it's a spreadsheet with payroll data or the design for a top-secret weapon being built by a defense contractor. Therefore, all organizations have significant motivation to protect key digital assets.

End-To-End Awareness
However, if the need for safer data is clear, the definition of DLP isn't. What constitutes DLP? Any piece of backup software, disk encryption software, firewall, network access control appliance, virus scanner, security event and incident management appliance, network behavior analysis appliance--you name it--can be loosely defined as a product that facilitates DLP.

For the purposes of this Rolling Review, we will define enterprise DLP offerings as those that take a holistic, multitiered approach to stopping data loss, including the ability to apply policies and quarantine information as it rests on a PC (data in use), as it rests on network file systems (data at rest), and as it traverses the LAN or leaves the corporate boundary via some communication protocol (data in motion).

Locking down access to USB ports or preventing files from being printed or screen-captured isn't enough anymore; organizations require true content awareness across all channels of communication and across all systems.

DIG DEEPER
Risk Meets Reality
Build a comprehensive vulnerability management program that works.
Forward-thinking firewall vendors like Palo Alto Networks are beginning to package DLP capabilities in their appliances, but generally speaking, you can't ask your Cisco PIX or Check Point firewalls to examine the content of a spreadsheet being sent via FTP to a business partner to determine if a business rule is being broken.

In an environment where IT is expected to beef up security while users demand increasingly liberal usage policies, how are IT managers supposed to ensure data integrity? Clearly, most corporate IT departments are in no position to implement strict usage policies. Implementing DLP at the endpoint only is the most practical approach. Most organizations, however, live in a big house with many open windows, so an increasing number of organizations are turning to vendors that offer protection and awareness of data as it moves through the network as well.

Prices for DLP run the gamut, ranging from around $30 per seat for endpoint encryption products to six figures and beyond for end-to-end systems.



(click image for larger view)

Illustration by Jupiter Images

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5426
Published: 2014-11-27
MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message.

CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?