02:43 PM

Fidelis Snags Anti-WikiLeaks Contracts

Security vendor is working with several federal agencies to prevent classified information on the Web from reaching unclassified government networks.

The federal government is working with a security company to help block Wikileaks and other classified content from being accessed by unclassified government networks.

Boston-based Fidelis Security Systems, which among other things makes security software to prevent data breaches, said it's working with several federal agencies to prevent employees from being able to access confidential U.S. documents that are leaked to the Internet.

"That information is classified and the fact that it's in the public domain does not declassify it," said Kurt Bertone, Fidelis' vice president and security strategist. He said he was not permitted to name the agencies that are asking for the technology.

Fidelis has been working with the federal government since 2005 to prevent data breaches and provide other security solutions.

However, in the wake of a data breach known as Cablegate, in which 250,000 confidential diplomatic cables were published on Wikileaks and other websites, federal agencies have refocused some of their work with the firm, he said. Now they are using Fidelis software to keep classified information that reaches the Web from traveling back onto government networks that aren't authorized for classified data.

In a controversial move, the Air Force already has taken similar action by preventing its personnel from accessing the global news agencies -- including the New York Times, the United Kingdom's Guardian and France's Le Monde -- that published the Wikileaks cables.

However, Bertone said this kind of measure doesn't solve the entire problem for a couple of reasons. One, it blocks access to unclassified information that doesn't need to be filtered; and two, it doesn't prevent access to classified information that may be present on other websites.

Fidelis' technology, called deep session inspection, sets policies that search data for keywords and other identifiers to separate classified information from nonclassified information, he said.

"Basically we look at the content and make a content-based decision," Bertone said. He added that there are keywords and certain character sequences in the confidential data posted on the Wikileaks site that makes it identifiable with a high rate of accuracy.

Once the technology is in place, it's up to the agency whether they want to block someone's access to the classified information, or merely send an alert to the user and to network administrators that the information is being accessed.

While the focus of the current project is on Wikileaks content, ostensibly the company's work with the feds is to prevent any classified content from traveling on unclassified networks, Bertone said.

"The general problem is classified information -- not just Wikileaks, not just cables, but any classified information that leaks out in the public domain and goes flying all over the place," he said.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio