Secure Channel Blog - Channel Insider
Empowering the next generation Channel
 

Sponsored Links
  • Cisco Small Business Advantage
  • Register for WES 2010 by February 19 and save $400.
  • up.time Easily Monitors Virtual/Physical/Cloud. Free Trial.
  • Seagate® Barracuda® drives fit every desktop need.
  • MSP Partners helps solution providers stay competitive.
  • Learn more about EnterpriseDB @ the Postgres Center
  • Earn 40-50% margins. Zenith open houses show how.
  • CDW Healthcare offers the IT solutions you need.
  • One number. One voicemail. Sprint Mobile Integration.
  • FREE Sophos Encryption Tool: Encrypt, compress and share files easily.
  • Give your customers more with LSI 6Gb/s solutions.


    		•




    Channel Insider conferred 75 awards to vendor, distribution, solution provider and industry groups for performance excellence. Check out all the winners in the 28 Bull’s Eye Award categories.
    >> Bull’s Eye Central

    		 

    DLP Shortcomings Equals Security Services Opportunities

    in Secure Channel Blog
    DATE: 2009-11-04 | By Lawrence Walsh


    Article Rating:starstarstarstarstar / 0
    Article Views: 933

    Rate This Article:
    Poor Best
    Add This Article To:
    A defender of data loss prevention technology says the state-of-the-art products are more than capable of detecting contextual information. Just how it’s done is a combination of technology, planning and policy management - and that’s where solution providers can play a role in advancing DLP adoption.

    Just how good is contemporary data loss prevention (DLP) technology? Can it do more than identify and stop the release of Social Security and credit card numbers?

    On Friday, I wrote about how DLP “probably” couldn’t have prevented the security breach that resulted in the authorized disclosure of more than two dozen Congressional lawmakers under suspicion or investigation for ethics violations.

    My contention: DLP is improving, but remains a relatively immature technology that is good at identifying, intercepting and blocking known data set such as Social Security numbers, but not so good at identifying unclassified or unknown contextual data. In the case of the Congressional leak, I said that DLP would have a hard time recognizing and distinguishing “Maxine Waters” in routine correspondence from “Maxine Waters” in sensitive investigation materials.

    Resource Library:

    I was called on the carpet by Kevin Rowney, founder of Symantec’s data loss prevention division and founder of Vontu, the company Symantec acquired to get into the DLP business. He called my analysis lacking in “basic fact checking” and representing of DLP prior to 2001. While I said the Achilles heel of DLP is the same that stymied previous attempts at data leak prevention—user driven classification of data when storing and transmitting—Rowney counted by saying that such DLP solutions represent “bottom-of-the-barrel vendor solutions.”

    “New advanced algorithms detection algorithm (many of them pioneered by Vontu) [sic] have made many of the types of breach you talk about above a quite solvable problem. They have high accuracy, low false positives, and don't require pre-classification,” he wrote on the Secure Channel blog.

    In a rousing debate, Rowney went on to explain DLP solutions—particularly those offered by Symantec—are able to detect contextual data and how the contemporary methodology could have prevented the congressional ethics probe data leak.

    JOIN THE DEBATE
    > DLP Shortcomings Equals Security Services Opportunities
    > Congressional Ethics Leak Demonstrates DLP Shortcomings

     





    Discuss DLP Shortcomings Equals Security Services Opportunities
     
    Larry, You may be correct regarding an average DLP product, deployed by the...
    >>> Post your comment now!
     

     
     
    >>> More Secure Channel Blog Articles          >>> More By Lawrence Walsh
     



    		 

    Related Content

    Articles Labs/How-To Multimedia


    [ci] feeds
    XML
    Add Channel News, Product Reviews, Trends and Analysis to your RSS newsreader or My Yahoo!

    HTML PLAIN TEXT

    Keep on top of news for VARs and Resellers with CI's Weekly Newsletter and Alerts.

     

    CHANNEL RESOURCE CENTER
     
     
    How much time do you spend hunting for enterprise IT content?
    Let Enterprise TechBrief do the work for you. Aggregated content, tech news, product reviews, vendor updates, how-to’s—all you need to boost your efficiencies and cut costs, all from one place.
    enterprisetechbrief.com
     
    Should You Be Using “up.time”?
    Easily Monitor Virtual, Physical, and Cloud based assets, applications and services from a unified Dashboard with up.time. Deep Monitoring across platforms and along with best-of-breed reporting. Over 700 enterprise customers in 32 countries.
    Free Trial Download Here (Virtual Appliance available)
    Managed service providers are using regulatory compliance and industry standards to win business and give customers peace of mind. Join host Larry Walsh of Ziff Davis Enterprise and his guests on Friday, February 19, 2010, at 1:00 pm ET for a discussion of “Compliance as a Service.”
    Register Today