Could DLP have prevented the Goldman Sachs issue?

In an article on Channel Insider, the author raises the question, Could a solid Data Loss Prevention product stopped the transfer of data from Goldman Sachs to a third part web hosting.

For those that don’t remember the whole story, a quick Google news search will be a quick refresher or from a New York Times article

“Mr. Aleynikov, who is free on $750,000 bond, is suspected of having taken pieces of Goldman software that enables the buying and selling of shares in milliseconds. Banks and hedge funds use such programs to profit from tiny price discrepancies among markets and in some instances leap in front of bigger orders.”

 

One key point of the article states

“DLP is often seen as the panacea for stopping the accidental or unauthorized release of data… Even the market-leading products by companies such as  Websense, Symantec, McAfee, RSA, CA and Trend Micro are limited to detecting mostly static data strings and content, such as Social Security numbers and credit card numbers.”

However this is not true within the Symantec DLP product.  Symantec acquired the market leader Vontu and rebranded it as Symantec DLP (for more information, drop me a note or visit their website). 

Symantec DLP can detect both structured and unstructured data based on the indexing technology it uses can track data such as source code, drawings or other intellectual property.

Let me give you an example of Symantec DLP protecting this type of data.  A client I was working with receives a PDF from subcontractors with payroll information on it.  This document needs to be either faxed in or brought in person, not emailed in.  Using the indexing technology of Symantec DLP, we indexed the PDF and created a policy saying if we saw X% of the PDF flag it as an incident.  We able to see several examples of this happening.

So there is the possibility of tracking unstructured data with Symantec DLP.