Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

5/5/2010
03:01 PM
John H. Sawyer
John H. Sawyer
Commentary
50%
50%

DLP Gets An Open-Source Boost

Data loss, or leakage, prevention (a.k.a. DLP) is a product class that includes data discovery, classification, and monitoring to prevent your sensitive data from falling into the wrong hands. Some implementations are configured to alert instead of block, but the basics are the same. You have sensitive data, you don't always know where it is, so you use DLP tools to find it and keep it safe.

Data loss, or leakage, prevention (a.k.a. DLP) is a product class that includes data discovery, classification, and monitoring to prevent your sensitive data from falling into the wrong hands. Some implementations are configured to alert instead of block, but the basics are the same. You have sensitive data, you don't always know where it is, so you use DLP tools to find it and keep it safe.Until last week, there really were no open-source agent-based DLP tools. There have been several open-source discovery tools, including Spider, Senf, and Find_SSN, but they had to be run on individual systems. Workarounds were created to use them in a distributed manner across many desktops, but the attempts were often very specific to a particular environment, kludgy, and required constant care and feeding.

A new agent-based DLP discovery tool was just released to Google Code last week called OpenDLP (follow the project on Twitter). Andrew Gavin made the announcement to various mailing lists and has posted version 0.1 to Google Code. The design is simple. A server runs a Web management interface that allows the deployment and management of agents, securely receives results from the agents, creates scan profiles, and more.

The agents currently run on Microsoft Windows systems and scan for sensitive information using regular expressions. The regular expressions are essentially pattern matching data based on known patterns, such as Social Security and credit card numbers.

Coming from an educational environment, money for security is often scarce, and being able to deploy DLP is difficult due to the high costs associated with the current solutions. I nearly jumped out of my seat when I first started reading about OpenDLP. It has a lot of great potential to help organizations who simply cannot afford commercial DLP solutions.

However, there's a problem. It's a first release, meaning there's a lot of desirable features that just aren't there yet. For example, the agent is limited in the file types it can read. There is no support yet for zip files, Office 2007, and OpenOffice files. It doesn't support data at rest inside databases. And it cannot do agentless scans. BUT those are features listed under "Future Plans" on the site. Of course, that raises the other question of how active is development and what's the time frame for those features?

The future is bright for open-source DLP. For example, combine OpenDLP with the new Sensitive Data preprocessor in Snort, and you're well on your way to detecting sensitive data at rest and in motion. Neither solution is perfect by any means, but it's a lot more than many organizations are already doing. Even with commercial DLP solution, a determined insider is going to get the data out one way or another.

Keep an eye on OpenDLP. And if you can give back to the project in any way, please do so because everyone will benefit.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of Lumu,  9/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25288
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitra...
CVE-2020-25781
PUBLISHED: 2020-09-30
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.
CVE-2020-25830
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.
CVE-2020-26159
PUBLISHED: 2020-09-30
In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c .
CVE-2020-6654
PUBLISHED: 2020-09-30
A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.