One of the great things about the Internets is that it provides universal connectivity between your desktop and the world. But that is also a tremendous weakness and security professionals often lose sleep over how easy it is for a rogue employee to email a friend – or even his private Webmail account – their entire customer list or other confidential information.
There have been a number of products to try to track or block leaking data, and this week I was testing one of them for my WebInformant.tv video screencast series — TrueDLP from Code Green Networks. The idea is fairly simple: you install their appliance on your network, point out your most sensitive data, and then it watches over your packets and sees what is leaving the premises. It doesn’t take that long to setup and install, once you figure out what it is doing and what you are doing.
The tricky part is figuring out exactly what is your most sensitive data, and being able to focus in on it in a way that the product can identify. It comes with dozens of various templates to be able to recognize social security numbers, or names and addresses, or stock symbols, or other kinds of well-formatted data. But the real plus is being able to handle unformatted data, such as a memo about a customer’s preferences that is just a Word document, for example. Code Green can connect to a SQL database and directly handle the query syntax to select particular data types, and it can also connect via WebDAV to Sharepoint servers or other document repositories too. Once you find your data, you create protection policies and tell the appliance what to do – whether to just log the violation or actually block the activity.
You also need to make sure that you are matching everything properly, because the last thing you want to have on your hands is a series of false positives that you have to chase down. You can also set up fancier things, such as automatically requiring emails between two places (such as your office and a partner) to go out encrypted. Speaking of encryption, they work with the Blue Coat Web proxies so that even if someone is using SSL connections to talk to their Webmail accounts they can take those packets apart and see what someone is doing. That is pretty spooky, but hey, you have been warned!
There are other things that the product does, such as being able to detect content on removable USB thumb drives, or even block their usage entirely. This is the way of the world: as these drives get beyond 64 GB (yes, gigabytes), they are more of a threat for someone to just literally take an entire database out the door in their pocket. I recently ran up against this when I was in my bank trying to provide documentation for a loan. I had brought a CD, a USB thumb drive, and had saved the documents on my Google account just for good measure. Because of the bank’s endpoint security lockdown policies, I was 0 for 3 and had to send them the old fashioned way, by making paper copies, once I got home. At least it was nice to know that they had protected their employee’s PCs.
The interesting thing is what happens after customers get their hands on this Code Green product. Lawsuits typically ensue, so to speak, because often the network administrator finds someone is doing something that they aren’t supposed to be doing. One of the product managers I was working with told me that this usually happens within the first week of the product being put into production. Given that the basic price of the product is ten grand, I figure that is as close to instant ROI as you are going to get these days, considering the cost of most litigation.
So take a gander over at WebInformant.tv and watch the four-minute video of the Code Green appliance. It is a very innovative way to detect and prevent data leaks and well worth a closer look.