Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/3/2008
03:36 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft, EMC's RSA Partner To Protect Data

The near-term arrangement will connect RSA's DLP Suite 6.5 with Microsoft Active Directory Rights Management Services in Windows Server 2008.

Microsoft and RSA, the security division of EMC, plan to strengthen their longstanding relationship on Thursday with a commitment to build RSA's data loss prevention technology into the Microsoft platform.

Data loss prevention, or DLP, aims to secure computer data while it's in use, while it's in motion across networks, and while it's being stored, using a combination of encryption, content analysis, and role-based access controls.

Done successfully, it allows organizations to protect data in accordance with information security policies and to meet compliance and corporate governance requirements.

But too many organizations protect their data poorly or not at all. The number of data breaches in 2008 has already exceeded the number reported for 2007, according to the Identity Theft Resource Center. And last year's total exceeded the number of data breaches reported in 2006.

"It's a problem that exists pretty much no matter where you look," said Chris Young, senior VP at RSA. "Governments in all parts of the world are starting to get involved."

The integration of DLP technology into Microsoft's platform will take place over many years. It will help make Microsoft's software content-aware, a necessary step for giving organizations more control over business-related content.

In the near term, the Microsoft-RSA arrangement will connect RSA's DLP Suite 6.5 with Microsoft Active Directory Rights Management Services in Windows Server 2008. This will allow organizations to implement DLP using established employee identities and access rights.

"For the first time, customers will be able to link together data access and use policies," said Douglas Leland, general manager of Microsoft's Identity and Security Business Group.

Leland characterizes the initiative as an effort to deal with the cost and complexity of deploying "point solutions."

Rich Mogull, founder of security consultancy Securosis, characterized the partnership as "a good start" and observed that "it could lead to opportunities for the other [DLP] vendors as well."

"First, it validates the DLP market and will likely help grow the overall market," he explained. "Second, unless Microsoft locks the other vendors out once they deploy the content aware/DLP technology, the other vendors might be able to use it themselves at some point down the road."

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15001
PUBLISHED: 2020-07-09
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when u...
CVE-2020-15092
PUBLISHED: 2020-07-09
In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most T...
CVE-2020-15093
PUBLISHED: 2020-07-09
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A ...
CVE-2020-15299
PUBLISHED: 2020-07-09
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is execu...
CVE-2020-4173
PUBLISHED: 2020-07-09
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure l...