April 25, 2007 | Comments: (0)
Preview: McAfee's DLP product stops your host's data leaks
Data leak prevention (or protection) is all about making sure that data doesn't leave your organization without approval - a laudable goal. 
These days, I spend most of my time trying to convince people of the simple things they can do to prevent data loss, including authentication, encryption, and compartmentalization of sensitive and proprietary data.
Unfortunately, there are a variety of ways that data can still sneak out the door unfettered, leaving your organization open to regulatory compliance and legal issues -- not to mention the potential harm to your organization's reputation which can substantially and negatively affect your bottom line.
That being said, I recently took a look at McAfee's newest offering in the desktop DLP space and I'm impressed. Regardless of the method I tried to use to remove data off the host, McAfee DLP stopped me every time.
I tried to take a screenshot of the data I wanted to steal, copy and paste it to other applications, use Web and desktop mail programs to move it, and encrypt the data, among other methods. No success. Short of taking a picture with my camera phone, I couldn't get past the desktop agent monitoring my nefarious activity.
Of course, good data protection requires that you first identify and quantify your sensitive data. McAfee DLP's management console has a number of prebuilt templates that allow sensitive data types (like the nine-digit Social Security number) to be easily locked down so that they don't escape from your enterprise.
While DLP is all about making sure data stays safe and secure, McAfee's product is somewhat limited by its focus on the endpoint. It still leaves data vulnerable in all of its other potentially exposed locations -- since it's host based, it can't protect network, servers, databases, and so on. Nevertheless, McAfee DLP does what it says: it keeps data from leaving the desktop.
While I haven't had a chance to take a look at it, McAfee Data Loss Prevention Gateway is a way to mitigate the shortcomings of the endpoint. The DLP gateway is policy based and can manage endpoint deployments for a more comprehensive data loss prevention solution.
McAfee Data Loss Prevention
Available: Now
Pricing: Approximately $79 per seat
Verdict: Organizations looking to stop the potential or existing loss of critical data need to look at McAfee's host-based DLP solution. While the product does require a desktop agent, this data loss product can protect your enterprise from costly and embarrassing theft and unintentional disclosure. It's a good first step, but remember that desktop lockdown only stops those using your existing endpoints and does nothing to stop data moving out of your organization from other locations and origins.
Posted by Victor R. Garza on April 25, 2007 06:00 AM
September 28, 2006 | Comments: (0)
Virtual Security served with virtual lunch
Somehow I missed the free lunch, but I still got my fill at the Virtual Security Roundtable hosted by Intel and Symantec yesterday at Intel Developer Forum. The free sandwich was designed to lure journalists into learning about the dire threat of "safeguard disabling," whereby a hacker or a Trojan horse attack, or even an employee or software patch, turns off personal firewalls or anti-virus protections.
Intel and Symantec shared data from a recent survey of IT security managers at large companies. The data showed that, sure enough, nearly all of these folks registered some level of "concern" about safeguard disabling. You have to wonder about those who didn't.
More interesting is the way that Symantec, with a big boost from the virtualization capabilities in Intel's Core 2 Duo processor, plans to address this and other threats to the business desktop. In a nutshell, Symantec will make use of a "trusted hypervisor" to insert its intrusion prevention technology into a slim, protected partition that boots ahead of the user's operating system. Symantec says the embedded IPS "appliance" will scan and filter network traffic before it reaches the host, and will even isolate an infected host from the network to quarantine threats.
Symantec Virtual Security Solution was announced in April alongside the Intel vPro technology, but like yesterday's sandwich, it slipped right past me. Company reps said Virtual Security would be available first half of 2007 and would support Windows CE and a variety of other embedded operating systems. Symantec didn't reveal whether it would also be available for systems based on AMD processors, but of course this was Intel's show.
Finally, Symantec said Virtual Security was designed to protect a single user OS on a desktop system. But you have to wonder how soon we'll hear about a similar solution to protecting multiple virtual machines on a server.
Posted by Doug Dineley on September 28, 2006 03:05 PM