There are a lot of ways that confidential information can leak out of your organisation – so how many of them do...
you have covered?
Maybe you block USB ports to stop files from being copied to a memory stick. You may even control certain file attachments to company emails.
But what about webmail and instant messaging? Would you know if files went out as attachments via those two channels? And if a cunning employee just decided to print off the information he wanted and walked out with it in his briefcase, would you be any the wiser? Finally, have you even classified your data to determine what is sensitive, and do you know where all copies of sensitive files are kept?
Data leakage prevention (DLP) is a tricky subject, and one that is getting more difficult to implement. The boom in mobile devices – from memory sticks to smartphones and iPods – gives users a range of choices when it comes to storing and communicating information. And the security professional is usually chasing behind trying to stop a data leak disaster from happening.
Add to that the need for companies to allow information to be shared with customers, business partners and suppliers, and the scale of the problem is enormous.
There are plenty of data leakage prevention products on the market capable of tackling parts of the problem, such as disabling USB ports, or checking outgoing emails against a list of keywords. But few of them can claim to provide complete coverage across all communications channels, especially where companies have not yet classified their data.
Now one company is claiming to provide complete coverage in a single suite of software, and is even promising to take the pain out of data classification.
Israeli security company Safend Inc. specialises in endpoint control, and up to now has offered policy-based hard disk encryption and device and port control through its Encryptor and Protector products.
Now, with the introduction of two new modules to its Data Protection Suite, Safend Inspector and Safend Discoverer, the company says it can now help identify where sensitive data is being stored, and also provide content inspection on email, instant messaging and printing.
Safend Discoverer is designed to help companies identify sensitive information and to locate where it is being stored. The package comes with some pre-defined classifications for personally identifiable information (PII) and credit card data, a feature that may be helpful for those trying to comply with the PCI Data Security Standard. But companies can also then use the tool to fingerprint any documents or files they decide are sensitive for some reason.
Even if users try to copy and paste sections of the document, the information will still be classified as sensitive.
"Data classification can be a significant project, and it can be hard to justify in an ROI equation," said Edy Almer, VP product management of Safend. "Discoverer crawls the entire endpoint population and brings back a report of what sensitive data you have, and where. It allows you to get a very good grasp of what remediation steps you need to take."
With sensitive information properly classified, the Inspector product provides granular content-based control. For instance, a company may allow someone to copy a few customer records as part of their job, but it may set a maximum threshold. If the users try to copy more than the number allowed, Protector may block them altogether or send a warning message to remind them that they are about to breach the policy.
Almer says this is an effective way to instil security in users. "With our Interactive Message Center, when something sensitive is being sent out or copied, we have the option of blocking it, or putting up an alert message to the user, to educate them," Almer said. "An interactive popup can be very effective. The Interactive Message Center explains to the user what they should and should not do. It is a lot cheaper and more effective than taking everyone off for a training course."
Both the new modules have just completed beta testing with a range of large organisations, many of them in the healthcare industry, said Almer.
He said that as well as working with common programs such as Microsoft Outlook (for email control) and Internet Explorer (for Web filtering), Inspector can be modified to work with any other systems. "Beyond the applications that everyone protects, there are some applications and protocols that are unique to you, such as Bloomberg IM, or Skype in a call centre, or a special package for finance, or CAD designs that you want to protect," said Almer.
"We can make sure that only certain applications have access to certain types of data. Most content inspection products today are gateway-based – they collect packets on the wire, reassemble the whole protocol, try to decrypt, and only then inspect the content – that takes a lot of processing power. Every time there is a minor new release of the application, you may need to tweak the protocol a bit, you may need to make changes to the application. It can be a nightmare to maintain.
"We control it at a completely different level. For instance, Skype calls, and even chat, are no problem. If someone in the call centre wants to transfer an image or a manual, that's OK. But if they try to transfer customer records, that will get blocked when Skype is trying to access it."
Analysts have been impressed by Safend's data leakage prevention technology, which has all been generated in-house rather than bought in through acquisitions. But they doubt whether a small standalone DLP provider can survive long before it is bought by a larger company.
Bob Tarzey, analyst with Quocirca Ltd, said: "The only problem for Safend is that the whole market has consolidated in the last year. All the big security vendors – Websense, Symantec, CA, Trend Micro, RSA – have all acquired companies in this area. It is a market that has gone mainstream, so you have to work quite hard to differentiate yourself, or you have to find somebody to buy you."
Rik Turner, a senior analyst with Ovum Ltd, welcomed the new elements in Safend's product portfolio, and said the expanded suite would appeal not only to large organisations, but also to consultancies providing compliance services for PCI DSS and other industry-specific regulations. He noted that Vericept Corp., another DLP company that could also automate data classification, was bought in September by Trustwave Corp., a provider of compliance services.
But he also predicted that privately-owned Safend might not stay independent for long. "If they do make a success of their portfolio as it stands now, they will probably get snapped up at some point," he said.