Attacks/Breaches
1/22/2009
10:15 AM
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Data-Loss Prevention Software Takes Security Up A Notch

Vendors offer more options for protecting data throughout its travels. We'll put their claims to the test.

Not long ago, CIOs faced an uphill battle trying to convince their organizations of the need for enterprise spam protection. Today you'd be hard-pressed to find even a small organization that hasn't implemented some sort of integrated spam/virus protection strategy.

Antivirus protection is crucial, but the growing list of very public data leaks and their often-expensive aftermath show that stopping external attacks isn't the last word in protecting valuable information. The need for more safeguards has spawned a new class of protection, dubbed data-loss prevention, or DLP.

Granted, only a small percentage of businesses have to worry about safeguarding millions of records containing credit card data. But every organization holds confidential data of some sort that must be protected--whether it's a spreadsheet with payroll data or the design for a top-secret weapon being built by a defense contractor. Therefore, all organizations have significant motivation to protect key digital assets.

End-To-End Awareness
However, if the need for safer data is clear, the definition of DLP isn't. What constitutes DLP? Any piece of backup software, disk encryption software, firewall, network access control appliance, virus scanner, security event and incident management appliance, network behavior analysis appliance--you name it--can be loosely defined as a product that facilitates DLP.

For the purposes of this Rolling Review, we will define enterprise DLP offerings as those that take a holistic, multitiered approach to stopping data loss, including the ability to apply policies and quarantine information as it rests on a PC (data in use), as it rests on network file systems (data at rest), and as it traverses the LAN or leaves the corporate boundary via some communication protocol (data in motion).

Locking down access to USB ports or preventing files from being printed or screen-captured isn't enough anymore; organizations require true content awareness across all channels of communication and across all systems.

DIG DEEPER
Risk Meets Reality
Build a comprehensive vulnerability management program that works.
Forward-thinking firewall vendors like Palo Alto Networks are beginning to package DLP capabilities in their appliances, but generally speaking, you can't ask your Cisco PIX or Check Point firewalls to examine the content of a spreadsheet being sent via FTP to a business partner to determine if a business rule is being broken.

In an environment where IT is expected to beef up security while users demand increasingly liberal usage policies, how are IT managers supposed to ensure data integrity? Clearly, most corporate IT departments are in no position to implement strict usage policies. Implementing DLP at the endpoint only is the most practical approach. Most organizations, however, live in a big house with many open windows, so an increasing number of organizations are turning to vendors that offer protection and awareness of data as it moves through the network as well.

Prices for DLP run the gamut, ranging from around $30 per seat for endpoint encryption products to six figures and beyond for end-to-end systems.



(click image for larger view)

Illustration by Jupiter Images

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4231
Published: 2015-07-03
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.

CVE-2015-4232
Published: 2015-07-03
Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.

CVE-2015-4234
Published: 2015-07-03
Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.

CVE-2015-4237
Published: 2015-07-03
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv0...

CVE-2015-4239
Published: 2015-07-03
Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCus84220.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report