Video Screencast Help
Security Community Blog
Showing posts tagged with Data Loss Prevention (Vontu)
Showing posts in English
khaley | 01 Apr 2009 | 0 comments

Conficker; there has probably never been a virus or worms with so much written about it.  And now that’s it’s April 1st and the world has not come to an end, many people are no doubt questioning whether Conficker was a bust and nothing we didn’t needed to worry about, if the threat itself was over hyped, and it all the electronic ink spilled about this threat was worth it.  I’ll give you my opinion, but first a status update of Conficker.

 

April 1st has come and as predicted machines infected with Downadup.C have switched to the new communication algorithm.  But when these infected machines are able to communicate back to a Command & Control server they are not getting updated with a malicious code payload.  In other words, no large or small, malicious attack has been unleashed by Conficker.

So is Conficker a bust for the bad guys?  No.  One thing we can tell about this worm is that whoever...

khaley | 31 Mar 2009 | 22 comments
Interest in the Conficker (or Downadup) is reaching a frenzied peak.  As media interest in this worm continues to rise, customers are asking if Symantec is ready for Conficker. The answer is a resounding yes.  Symantec customers are already protected (as long as they are running the latest AV and IPS definitions). This article provides a short overview of Conficker (Downadup) and the protection offered by Symantec products.
 
Background
Conficker first appeared in late 2008 as the first worm in the wild to leverage a newly reported vulnerability in Microsoft Windows’ Remote Procedure Call (RPC) service (MS08-067).  Symantec named the worm Downadup, but over time the popular name for this threat has become Conficker.  Symantec customers were quickly protected from the vulnerability with newly released IPS and AV signatures. 
 
In late November,  a new variant...
Pamela Reese | 30 Mar 2009 | 0 comments

A new study from the TheInfoPro and Symantec titled “Why Data Loss Prevention?” found that DLP is the top security initiative and pain point for Fortune 1000 companies. The findings are based on over 140 in-depth interviews with Fortune 1000 Information Security professionals about their key issues, budget priorities, and preferred vendors across a range of information security solutions.

Pamela Reese | 25 Mar 2009 | 0 comments

Data loss prevention (DLP) is a serious technology that addresses the serious issues around information risks. However, even serious topics can benefit from an injection of humor to help illustrate the issues. Here is our second cartoon in the short series about The (Mis)Adventures of Dave L. Preston that explores the insider impact on data loss.

imagebrowser image

Pamela Reese | 17 Mar 2009 | 0 comments

Data loss prevention (DLP) is a serious technology that addresses the serious issues around information risks. However, even serious topics can benefit from an injection of humor to help illustrate the issues. We have a short series about The (Mis)Adventures of Dave L. Preston and look forward to sharing future installments over the coming weeks.

The (Mis)Adventures of Dave L. Preston

Kevin Rowney | 01 Dec 2008 | 0 comments

Myth #5 – Classroom-format employee security education works

 

Origin

This is another well-documented "fact" found in security textbooks that turns out to be largely false.  No one would argue that its bad thing for employees to know the basics about compliance with state, federal, and enterprise regulations and policies. But what most practitioners don't realize is that basic classroom-format training has little measurable effect on employee-driven data loss rates.

 

What we see

We've run hundreds of DLP risk assessments at large enterprises.  In many of these engagements, we've scheduled the assessment in tandem with employee privacy training in an attempt to measure changes in behavior that the training might elicit.  Amazingly, we've never seen a single case of measurable decrease in the rates of data loss perpetrated by well meaning insiders after classroom-format...

Kevin Rowney | 01 Dec 2008 | 0 comments

Myth  #4 -- Encryption as a primary effective control against data loss

 

Origin

This myth has a long history since encryption technology predates the digital era.  Encryption, as the first choice of protection measures against data loss is, almost a sacred cow of information security trade craft.  Most practitioners simply take it for granted that encryption (and for that matter DRM) are basic forms of protection that should be your first choice of technologies to help prevent the theft of data.

 

What we see

Obviously, a large number of basic applications of encryption are vital and necessary protection measures.  Automatic protection of content via encryption is a fundamental security protection with well-established value.  Whole-disk encryption of laptops, basic channel security via SSL or VPNs, encipherment of database records...all of these have clear value.
 
However....

Kevin Rowney | 01 Dec 2008 | 0 comments

Myth #3 -- Information Classification is a necessary pre-requisite to protecting your data

 

Origin

Not only does this myth receive strong implicit backing from many security textbooks, there's also a whole flotilla of startups and a phalanx of security analysts making this claim.  To anyone who hasn't seen a DLP solution at work in a large enterprise environment, it at least looks plausible that this myth is in fact true.

 

What we see

This myth has received some pretty thorough rebuking by Data Loss Prevention deployments.  Projects that attempt to classify everything first before moving on to remediation of their data exposure problems invariably end in one of two ways: 1) the project runs out of time and money before all assets can be classified, or 2) a compliance or breach event tears the team away from classification and forces them to focus on a specific data exposure event.
 ...

Kevin Rowney | 25 Nov 2008 | 0 comments

Myth  #2 -- The standard model of perimeter security protects the enterprise

 

Origin

In one sense, this is one of those myths that most practitioners already know to be false.  Wherever you look (practitioners working at large enterprises, activists like the New School gang or the Jericho crew, or nearly any security blog) it’s not hard to see consistent criticism of the current working model for security.  What's strange is that, in the face of this rough consensus of the failure of the standard model, why is there so little progress addressing the alarming acceleration of publicly reported breaches?

 

What we see

From our perspective, there’s pretty stark evidence that backs up the claim that the standard model is broken.  With huge investment of coin, intellect, and time put into protecting digital assets - we see an alarming rise in the publicly...

Kevin Rowney | 25 Nov 2008 | 0 comments

Myth #1 -- The vendor community does not solve the problems most in need of solving

 

 

Origin of this myth

You hear this implicit accusation from many parties (analysts chief among them).  A typical example is in Shostack’s and Stewart’s “The New School of Information Security”. A quote that is emblematic of this attitude: “There's an elephant in the room.  That elephant is the assumption that the security industry has evolved to solve the problems most in need of solving”.  [p.27]

 

We see things differently

Working at the leading vendor of Data Loss Prevention solutions provides a pretty interesting vantage point on current security tradecraft.  We have unique insight on the real terms of treatment of the most sensitive data at some of the largest and highest profile enterprises in the world.  We see how this data is used, abused, and placed at risk by well-meaning insiders...