Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

7/25/2006
08:45 AM
50%
50%

Practicing Safe Data

Worried about data protection? You should be

Are you starting to get dragged into discussion about which data leakage product is the best? Are you forming an incident response team to address a recent report of a lost or stolen laptop? Have you just banned iPods from the workplace? You're not alone.

Data protection is worth worrying about. It's not an easily addressable problem, like spam or spyware. Countering those threats usually involves evaluating a few products and making a purchasing decision.

Data protection is much harder. The threats come from both the outside and the inside. On the outside, you have overzealous teenagers in Canada, competitors, and crime syndicates based in Russia. On the inside, you have engineers packing up to join a competitor, sales people squirreling away customer lists, and fraudsters mining for gold – not to mention the oft-cited disgruntled employee.

Think Ignacio Lopez, the infamous purchasing czar at General Motors who quit one evening and took dozens of boxes of strategic documents with him as he set up shop at Volkswagen. Or the Indian Security Agency flunky who delivered a USB thumb drive, purportedly loaded with information on India’s nuclear program, to a U.S. embassy operative.

There are three facets to data protection: encryption, device control, and leak prevention. Some types of information have to be encrypted while they are at rest, such as credit card information. You would not want to suffer the fate of CardSystems Solutions Inc. that went out of business last fall due to the loss of a huge number of records to a hacker. Besides, the credit card associations stop just short of requiring encryption if you want to handle their cards.

But do you want encryption everywhere else? Do you want the headaches of handling keys for all those files, users, servers, and backup devices? I don’t think so. Look for tactical opportunities to exploit the power of encryption. Cyber-Ark Software and Ingrian Networks, for example, have created manageable tools for encrypting valuable information.

Device management – the ability to set and enforce policies on the types of devices that can be attached to the network – is something most organizations have not even begun to look at. Centennial Software, Safend, and SecureWave provide centrally managed solutions that can see every USB device that is attached to the network. Policies can be created by device and user, allowing or disallowing the use of a particular device. So, no more worries about 30 gigs of data being downloaded to an iPod on an employee’s last day.

Leak prevention is all about monitoring the network for suspect activity that indicates someone is misappropriating or misusing data. It can be deployed in existing network attached devices, such as an email gateway like Proofpoint's or an IPS device like Force10’s P series. But several emerging companies also are addressing the leakage issue: PortAuthority, Reconnex, Tablus, Vericept, and Vontu among them.

At this early stage, the keys to choosing a leak prevention solution are:

  • Ease of deployment. A solution that requires you to set granular policies and manually identify critical information will be too cumbersome and expensive to deploy. The ideal solution should be capable of operation on the first day, and should start generating useful results immediately. Spiders that crawl the network, indexing and fingerprinting data, can ease the data discovery phase. Default policies based on activity monitoring will get a solution up and running quickly.
  • Accuracy. The underlying algorithms that decide when data is being leaked should minimize false positives. Every alert sets off a forensic response. False positives waste time and lead to embarrassing investigations. Too many false positives and the tool will no longer be used.
  • Reporting. Yawn. Gotta have it.

I believe that the ability to actively block is not critical at this early stage. Making insiders aware of your ability to monitor their activity will curtail over 90 percent of the data leakage you are probably experiencing today. Blocking real traffic could cause more problems than it solves, especially if a network device is configured to fail in that situation. Finding and disciplining the people who are abusing your data is the most important step to take in data protection.

Encryption, device management, and leak prevention work together to diminish the risk of data loss. Encrypting data at rest protects it from outsiders and unauthorized insiders, as well as inadvertent loss off the back of a delivery truck. Quickly deployed and well managed leak prevention can help to control insiders’ behavior. Device management blocks the insider who is determined to steal data via a thumb drive or iPod.

Of course, none of this can stop the determined industrial spy – just use your cellphone's camera to take a picture of the unencrypted data on the computer screen, and you've foiled all of these defenses. But the combination of these three technologies will reduce your exposure and put you in compliance with the industry's best practices.

— Richard Stiennon is founder of IT-Harvest Inc. Special to Dark Reading

  • Centennial Software Ltd.
  • Cyber-Ark Software Ltd.
  • Force10 Networks Inc.
  • Ingrian Networks Inc.
  • PortAuthority Technologies Inc.
  • Proofpoint Inc.
  • Reconnex Corp.
  • Safend Inc.
  • SecureWave S.A.
  • Tablus Inc.
  • Vericept Corp.
  • Vontu Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Sodinokibi Ransomware: Where Attackers' Money Goes
    Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
    Data Privacy Protections for the Most Vulnerable -- Children
    Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-13545
    PUBLISHED: 2019-10-18
    In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution.
    CVE-2019-13541
    PUBLISHED: 2019-10-18
    In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.
    CVE-2019-17367
    PUBLISHED: 2019-10-18
    OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
    CVE-2019-17393
    PUBLISHED: 2019-10-18
    The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and pa...
    CVE-2019-17526
    PUBLISHED: 2019-10-18
    ** DISPUTED ** An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').pop...