U.S. companies exposed the personal information of more than 53 million people in 2005, according to the Privacy Rights Clearinghouse.
Alas, the possibility of serious consequences for leakers doesn't seem to deter insiders from divulging private, protected
information -- and for good reason: Statistics clearly show enterprises are ill-prepared to thwart them.
For all their good work, many security professionals are still saddled with first- and second-generation ITM (insider threat
management) products. Typically, these are limited to monitoring certain communications channels, such as e-mail and Web browsing.
Today's solutions, however, cover almost anything traveling over your network. Furthermore, they often sense data manipulation
-- such as modification of files -- and track inappropriate use of media, including USB drives and CDs at the desktop. Other
solutions monitor the equally important world of data-at-risk residing on unsecured file shares and intranets. Finally, when
problems in any of these areas surface, products offer real-time alerts followed by automatic remediation.
Using these requirements as guideposts, I tested upgraded versions of two network scanning products that InfoWorld first reviewed last June, along with two new agent-based approaches.
The network gateways Reconnex iGuard 2.1 and Vontu 5.0 show maturity and polish. iGuard now offers better dashboard reporting
that the user customizes, faster performance, and more tools for investigators. Traditionally strong in offering complete
compliance policies and high accuracy, Vontu now scans data at rest; the company is also out front in addressing worldwide
employee privacy standards.
Agent technology was just awakening six months ago. After a good ride in U.S. government agencies, Oakley Networks now offers
its SureView technology to commercial customers. It may have a little ways to go concerning policy administration, but the
agents do an admirable job stopping violations at the desktop.
Tablus is still working on its Content Alarm 3.0 release, due out later this year. The solution unifies both agent-based and
network gateway technologies. After looking at an early beta, I believe Tablus may pose a serious threat to the competition
because of its comprehensive and integrated approach. In the interim, the company also has released a minimal agent solution,
Content Sentinel 1.0, which finds files with potential compliance problems on desktops and file shares. Two other familiar names in this space,
Verdasys and Orchestria, declined to participate.
Oakley Networks SureView 3.3
You likely haven't heard much about Oakley Networks' insider protection technology until recently, but there's good reason:
The company's been busy securing vital-mission data for hush-hush projects with the U.S. Department of Defense and other government
entities. This experience gives Oakley a lot of credibility as a supplier of ITM solutions for commercial enterprises.
Several attributes set SureView apart from its competition. Although the company's agent concept isn't exclusive, Oakley has
some of the most extensive threat policy and rules management options. This yields better detection, fewer false positives,
and increased flexibility. You can, for example, establish a rule where only an e-mail with an attachment using encryption
sent to an external recipient signals an alert. As such, SureView is a fine solution for protecting against information leakage,
collusion, fraud, and compliance violations.
SureView's tabbed Web Operator Interface makes it easy to establish policies and perform investigations. Similarly, agents
get quickly deployed with common management tools, such as Microsoft SMS or Altiris. Oakley representatives indicated that
many of their engagements begin with monitoring employee activities, rather than stopping threats immediately. The reasoning
behind this is that after you spot usage trends, you can more accurately tune policies so they don't hinder legitimate business.
To test this process, I initially set SureView to always collect all data. Then, at several workstations, I performed Web
browsing, sent proprietary information by instant messenger, and modified confidential files.
Back at the Operator Console, I launched an investigation and reviewed the gathered raw data. SureView groups collections,
such as Web and IM, making it easy to spot broad trends. I then drilled down into the sessions and played back an exact recording
of activities. From these initial reviews, security officers should see patterns of misuse.
For my next tests, I assumed employees would use Webmail to conduct insider trading and send confidential client data using
corporate e-mail. After creating policies to sense these activities, I violated rules. The system accurately generated alerts
when just these problems were trapped. Besides standard network communications, SureView monitors data transfer (say, copying
to a clipboard), media use (USB storage, CD burning, and printing), and encrypting transmissions. In the last case, the system
captures content pre-encryption and post-encryption.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
