Data Leaks: What You Don't Know Will Hurt You
How do you know employees aren't transmitting sensitive data off your network if you're not bothering to look? How one company found a technology answer that led managers to institute new training programs and other changes.
There are many vendors now in the CMF/DLP space, according to Gartner research. In addition to the network monitoring capabilities of these vendors’ products, Proctor says “the value is the identification of bad business practices, and visibility into things you are doing to yourself that you didn’t know were going on —that, for example, sensitive information is being abused.”
According to a recent Gartner report, the market “for content monitoring and filtering and data loss prevention technologies is maturing rapidly but remains fundamentally adolescent.” Market leaders include: Vericept, Vontu, Websense, Reconnex, Tablus and Code Green Networks.
SOURCE: Gartner report on content monitoring, filtering and data loss prevention, 2007.
WebEx ended up purchasing Reconnex’s iController appliance product. iController first would register all of WebEx’s proprietary content, then monitor if anything out of the ordinary was going on with that content and alert Barr to any other “signatures” (digital fingerprints that correlate to sensitive company data) that seemed inappropriate.
At WebEx, sensitive data includes “anything that would lose our competitive advantage,” Barr says. This includes proprietary product information or strategies, as well as sales lead data.
Reconnex’s promise, according to Faizel Lakhani, the company's VP of products and marketing, is that once deployed on customers’ systems, the technology will build a map and show companies what’s happening on their networks —where financial statements, Social Security numbers and intellectual property data reside and are going.
Flashing Spotlights on the Network
Because IT managers have so many blind spots into what’s actually transpiring on their networks these days, turning on a network monitoring appliance can be quite surprising. With the iController appliance in place, Barr says, “we went through I don’t know how many different emotions during the first 24 hours: We were happy and excited that the device worked; stunned at what we saw; scared at what we were going to do; then relieved that we had the right device to provide that visibility that we never had before.”
With all that new visibility into WebEx’s network, however, Barr and his colleagues came upon a common problem. “My concern was: What do we do with all that information?” Barr says.
In fact, this is a dilemma that stumps many companies, says Gartner’s Proctor. “If you go looking for sensitive information, you’re going to find it,” he says. “Then what are you going to do about it?” As an example, Proctor describes a healthcare vendor that was sending out real patient data to demonstrate its product. If the company blocked this practice, however, the sales force wouldn’t be able to close its sales deals. Also, if a monitoring product sent alerts when any sensitive information went outside the company’s networks, the system “would be lighting up like a Christmas tree,” Proctor says. And if the company ignored it altogether, then executives could face huge HIPAA-related sanctions and customer backlash if they got caught.
network security
Receive the latest security news as it breaks.
