Categories

• Automation
• Compliance
• Consolidation
• Data Protection
• Networking News
• News
• RAID
• Security News
• Sencilo News
• Storage News
• Uncategorized
• Vendor News
• Virtualization

Archived by Date

• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008

Leaking sensitive information can pop the balloon on your company's reputation. DLP tools can mitigate incidents and offer insight into where data lives. - February 12, 2008

It's the call you've feared. The phone rings at 9 a.m. on a Sunday. You're the CISO of a medium-sized retailer, and weekend calls aren't all that unusual. But within 30 seconds of picking up the phone, you know your weekend, if not your job, is over. One of the customer service managers accidentally emailed an Excel file of all the clients acquired last quarter to an external distribution list while trying to send it to his personal Gmail account to work on over the weekend. Worse yet, the file contains full credit card and verification numbers.

The really bad news? You recently signed off on your self-assessment for your Payment Card Industry Data Security Standard audit and affirmed that you don't keep card numbers in an unencrypted format. No one told you about the nightly database extract the customer relations team runs with the credit card number as the primary key. Your external audit is scheduled for next month, making this about the worst time possible for an accidental disclosure. It's not like you can blame this one on evil hackers.

This situation is hypothetical, but it illustrates the pressures companies are under. Data protection grows more critical every day as our sensitive information faces increasing scrutiny from regulators and business partners. It's no longer just a matter of keeping the bad guys away from data. Businesses now are expected to handle it responsibly, often in accordance with contractual or legal requirements. Yet the average organization typically has little idea of where its sensitive data is, never mind how it's really being used. 

Over the past five years, a new category of tools emerged to address this problem, Q1 Labs. Data loss prevention (DLP) products help companies understand where their sensitive data is located, where it's going, how it's being used, and can sometimes enforce protective policies. "The technology may not always stop evil hackers, but it offers considerable help in protecting a business from internal mistakes and in cost-effectively managing compliance", states Brian McCarthy CEO and Security Expert for Sencilo Solutions of Orlando Florida.

Knowing where sensitive content is located protects the organization and may reduce the time and cost of audits; a company can prove that its data is appropriately secured and show real-time controls to detect violations. By gaining considerable insight into how data is communicated internally and externally, odds are that an organization will identify a number of risky business processes--like the above nightly database dump and use of personal email accounts. It also gains the ability to prevent accidents and eliminate bad habits, like improper use of USB drives. DLP won't make you compliant, but its combination of risk reduction, insight and potential audit cost reduction is compelling.

Yet while DLP tools have significant potential to reduce an organization's risk of unapproved disclosures of sensitive information, they are among the least understood and most over-hyped security technologies on the market. Organizations that take the time to understand the technology, define their processes and set appropriate expectations will see significant value from their DLP investment, while those that make snap purchases or set their expectations inappropriately high will struggle with this powerful collection of tools.
 
DEFINING DLP
DLP is one of a dozen or so names for this market; others are information leak prevention and content monitoring and filtering. To further complicate matters, data loss prevention is so generic a term it could easily apply to any data protection technology; everything from encryption to port-blocking tools is hopping on the DLP bandwagon. While early tools were tightly focused on preventing data leaks on the network, the market is rapidly evolving toward robust solutions that protect data in motion on the network, at rest in storage and in use on the desktop, all based on deep content inspection and analysis.

So DLP is a class of products that, based on central policies, identify, monitor and protect data at rest, in motion and in use, through deep content analysis. Other defining characteristics are:

• Broad content coverage across multiple platforms and locations


• Central policy management


• Robust workflow for incident handling


• It's important to recognize that DLP solutions are very effective at reducing the risk of accidental disclosures or data leakage through a bad business process, but offer minimal protection against malicious attacks. A smart internal or external attacker can easily circumvent most DLP tools, but the risk of inadvertent exposure is usually greater than that of a targeted attack.

GETTING STARTED
Long before contacting DLP vendors, set expectations and decide what content needs protection and how to protect it. Pull together a project team with representatives from major stakeholders including security, messaging, desktop management, networking, human resources and legal, and define protection goals, including content and enforcement actions. This is when you set expectations; educating project members on what's realistic with DLP can help avoid pitfalls that derail deployment.
These protection goals help determine required features. They'll establish needs for content analysis techniques, breadth of coverage (network/storage/endpoint), infrastructure integration, workflow, and enforcement requirements. You can decide if you need a full suite, dedicated DLP solution or just the DLP features of an existing product. Then, translate these requirements into an RFI or draft RFP and start contacting vendors.

Most organizations find that content analysis techniques, architecture, infrastructure integration and workflow are the top priorities in selecting a product.

CONTENT ANALYSIS
The most important characteristic of DLP solutions is content analysis. This allows the tools to dig into network traffic and files, unwrap layers (like a spreadsheet embedded in a PDF in a .zip file) and identify content based on policies. While every product uses different content analysis techniques, they tend to fall into a few categories that also use contextual information, such as sender/recipient, location and destination.

Content description techniques use regular expressions, keywords, lexicons and other patterns to identify content. They include rules/regular expressions for pattern matching, conceptual analysis involving pre-set combinations of words and rules to match a specific concept like insider trading, and pre-set categories such as personally identifiable information (PII), HIPAA and PCI.

Content registration techniques rely on content you provide the system that then becomes a policy. They include full or partial document matching using hashes of files to identify content; database fingerprinting by hashing live database content in combinations to identify matches; and statistical techniques that use a large repository of related content to identify consistencies and create policies.

All the leading products can combine different analysis techniques into a single policy to improve accuracy.

The content analysis technique will directly determine what products make the short list, but make sure to account for future needs. Although most of the market--90 percent by some estimates--is focused on protecting PII, about 30 to 40 percent of those organizations are also interested in protecting unstructured data. They start by using DLP to protect PII to reduce their compliance risk, and then slowly add other content, generally trade secrets and intellectual property, once they get comfortable with their tool.

The last major component of DLP solutions is endpoint agents to monitor use of data on the user's desktop. A "complete" agent theoretically monitors network, file and user activity such as cut and paste, but few real-world tools provide full coverage. Most products start with file monitoring for endpoint content discovery and to detect (and block) sensitive data transfers to portable storage. Rather than completely blocking USB thumb drives to protect data, an organization can use these tools to restrict file transfers based on content.

Endpoint DLP tools are starting to add more advanced protection, such as limiting cut and paste, detecting sensitive content in unapproved applications such as certain encryption tools, and automatic encryption based on content. Over time, they will increase the type and number of policies they can enforce and integrate more deeply into common endpoint applications.

ARCHITECTURE & INTEGRATION
DLP architectures are defined by where they protect the content: data-in-motion network monitoring, data-at-rest file storage scanning, and data-in-use monitoring of the endpoint. Full-suite solutions include components for each of these areas, while partial suite tools cover only a portion, such as an endpoint DLP tool with an email-only gateway.  There also are single-channel products and non-DLP tools that bundle some DLP features, like an email gateway that can block messages with credit card numbers. In the long run, most organizations--especially large enterprises--will prefer full-suite solutions, but partial-suite and DLP-as-a-feature tools often meet tactical needs where complete coverage isn't necessary.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint