Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Guard against info leaks, sabotage, law-breaking email, and other facts of modern life
6 Min Read
Imagine the following scenarios:
A disgruntled manufacturing employee prints out a secret formula for her company's product and faxes it to the competition.
An administrator in a hospital's admissions department emails his list of patient data to another department, breaching HIPAA security rules.
A salesman at a retail cellphone store pilfers a customer's Social Security number while upgrading her service on the store's computer.
An engineer IMs his wife, also an engineer, with details about a project he's working on late at the office.
An account representative at a pharmaceutical firm downloads a list of client data to his laptop before walking off the job.
All of these can and do happen with enough regularity that a new market segment's arisen to deal with them. Products are emerging in what's generally called the content monitoring and filtering arena to help IT pros ensure that in-house messaging won't have unpleasant or even catastrophic consequences.
Much of this is new territory for many companies. One systems administrator at a Pennsylvania hospital had a typical reaction after an internal audit showed several emails contained information that could have gotten the facility in trouble with regulators. "That audit was a real eye-opener for us," said Jeri Sample of Meadville Medical Center in a prepared statement earlier this year. "The possibility of the HIPAA violations quickly justified the cost of buying a solution to handle the problem."
The solution the Meadville team chose was from an outfit called Proofpoint, which specializes in anti-spam and virus control and recently added a module called Proofpoint Regulatory Compliance to its wares. The software, working on a dedicated appliance, controls messages going out of the organization as well as those coming in.
Other IT pros, making their own disconcerting discoveries, are taking similar action. Roger McIlmoyle, director of technical services at TLC Vision, a multi-site laser eye-surgery provider based in Mississauga, Ontario, says he started looking for a product after he realized that "some staff may actually be emailing information that in my opinion should not be sent in the clear over the Internet."
McIlmoyle realized the employees weren't aware of any problems with their actions. "We have a number of companies that work very closely together and staff may mistakenly believe [that] just because we trust the destination you can send anything, without realizing that that information is still traversing the Internet and a slight addressing error could result in a loss of information," he states.
McIlmoyle chose a package called PortAuthority, which also includes a turnkey appliance for use on corporate networks. Software agents on email systems and servers peer into messages and documents to locate items such as protected health information (PHI), social security numbers, credit card numbers, and source code.
PortAuthority execs predict the market for products like theirs will top $2 billion by 2009, as organizations of all kinds look to keep the lid on internal communications. That may sound outrageous, until one looks at the scope of emerging solutions.
Indeed, the number of products designed to automatically monitor and deal with outgoing electronic messaging is growing, and it's likely that larger players will get involved in short order. As well, expect a slew of related products, including ones in the storage and security arenas, to grow integral content control functions.
This trend has already started in the email arena, where products are being touted for solving outgoing messaging risk. (See Email Looms as IT Threat and Stop That Email!) Products are also emerging in line with the growing interest in enterprise data classification and search. (See Demystifying Data Forensics.)
So the choices are already confusing. Still, there is a small and growing niche of products dedicated to content filtering. While most offer similar features, there are enormous differences, and an array of confusing partnerships that promise to make settling on one a fairly rigorous process.
Commonalities in content filtering products include the ability to locate information that may be circulated in presentations, IM, email messages, intranet exchanges, and other organizational communication conduits. Using predefined policies, the programs earmark messages containing certain content and then either quarantine, destroy, forward, or flag messages as required.
Table 1: Content Monitoring & Filtering Sampler
Vendor | Product | Description |
Mathon Systems Inc. | Mathon Integral Product Suite | Appliance in storage network |
OpenService | Security Management Center 4 | Server-based software; runs under Windows, Unix, AS/400, other |
PortAuthority Technologies | PortAuthority | Turnkey appliances for internal communications control and information management; also agent software for email and print servers |
Proofpoint Inc. | Proofpoint Protection Server | Turnkey appliance with antispam and antivirus modules as well as control for outbound email and messaging |
Reconnex | iGuard | Turnkey appliance |
Tablus Inc. | Content Sentinel 2 | Windows software downloads temporary agents to other Windows servers |
Vericept Corp. | Vericept's Content 360º RiskManagement Platform | Software sold standalone or preinstalled on Dell computer |
Vontu | Vontu 6.0 | Software or software with optional appliance |
Points of differentiation are many. Some products require special hardware, others don't. While most can access data stored on Windows-based email and document servers, not all can work with data on storage devices like NAS filers. Some don't deal with data except "at rest" on servers. Others deal with data in transit as well.
Among the more obvious differentiators are features and functions like:
Ability to work with metadata as well as full text of documents or messages.
Presence of algorithms to reduce false positives when finding messages corresponding to specific criteria.
Availability of industry-specific lexicons.
Control of inbound messages and spam.
Encryption.
Partnerships with other kinds of software vendors.
Pricing for content monitoring and filtering tools vary, but most are surprisingly low in cost: software-only solutions can run as low as $10,000, while appliance-based wares typically start at twice that. And of course, most implementations will include more than one appliance or software package. What's more, nearly every product on the market includes multiple modules that must be added in to achieve the desired result.
Bottom line? Where content monitoring and filtering are concerned, this is only the tip of an emerging iceberg.
— Mary Jander, Site Editor, Byte and Switch
About the Author(s)
You May Also Like
More Insights
Webinars
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
