Data leak Prevention

Comment by Vic Redondo on October 19, 2010 at 6:52pm

Within an Organization denotes that there is Malicious Activity from employees which would in turn make a company become very cautious of who they hire (HR's Job), but the problem is that breaches still happen regardless. Start ups in regards to most companies can loss out on financial net gains due to data being mishandled when they are concentrated with building clients. Computer security for data loss should be the last thing that would be on their mind. Even with bigger companies there can be an amounted loss in stock, shareholder disputes, or even loss of capital based on one mishap with losing data, leaking data, or even having it stolen. That is why we have a standard with each industry (we call it compliance), but even now with an on set wave of technologies constantly evolving Compliance laws such as HIPPA, FERPA, PCIDSS, etc will have to be amended. The only way data leaks can be prevented from the IT source and not from a remote human source is to have a DLP product that not only caters to each sector but also enforces users to have multiple levels of security to prevent malicious or accidental breaches. I have seen a couple of technologies handle such while others don't make the grade so to speak. I know the company I work for, I will keep it anonymous due to information assurance policy, uses a DLP product called Compliance Enforcer by Nextier Networks. As an IT professional I have to admit that I have more time fixing other problems such as hardware configurations, IT procurement, and miscellaneous task that have no place with security ever since its deployment. This is the best example I know of. Anishkumar I think you should ellaborate more maybe we can get a discussion going here! Take care...

Comment by ANISHKUMAR ACHARI on October 20, 2010 at 6:33pm

Thanks Vic Redondo for the information... Well I know about DLP products where pattern matching technology is used ..Let me elaborate on this .. Industries have been using finger-printing technology to protect data. First of all when document is analyzed using finger-printing technology, a pattern of data is stored similar to our finger prints. These finger prints are confined to particular data, i.e. different type of patterns (finger prints) is generated for different type of data. Whenever these patterned forms of data are used, they have to go through large amount of processing. Also these data to be stored require lots of space. Even though it takes large storage space and processing time, the questions is whether the data is secured and accurate. The answer is no.

Let me give an example. As mentioned earlier a different patterns are generated for different types of data, so when ever a document is modified like the order of the paragraph in a document is changed or the key words are tampered by replacing it with a new word, a different set of finger-prints is generated. So the data once modified is prune to various malicious attacks, as the system could only detect the unaltered data. This will result in stealing of confidential data without the network administrator’s knowledge. The technology I mentioned here has some serious flaws in it ...

You have mentioned about Compliance Enforcer by Nextier Networks, my concern here is whether the device uses the same finger-printing technology?

Comment by Vic Redondo on October 28, 2010 at 10:52pm

I don't think so. I actually had to read the users manual to gain additional insight and it is based on vector encoding along side a module that uses advanced algorithms, but before I elaborate further I will stop there because I love my account and I don't want to sound like an advertising replier. I can see the construct you speak of as being flawed different types of data i.e. data at rest, data in motion, etc. being generated from structured data, unstructured data, and or a combination of both. A system would have to be able to catch false negatives and positives and be able to report such items to an end users fingertips (usually me). Again the solution I am using actually does not have the same technology, in my case my device runs on an ontology based approach and layers security based on ACD, privileged, and rights. It also keeps my networks endpoints safe. So believe me when I say this but if I get an internal breach and report it I would be turning in myself or the big boss man himself. I hope that clarifies things.

Comment