Just how good is contemporary data loss prevention (DLP) technology? Can it do more than identify and stop the release of Social Security and credit card numbers?
On Friday, I wrote about how DLP “probably” couldn’t have prevented the security breach that resulted in the authorized disclosure of more than two dozen Congressional lawmakers under suspicion or investigation for ethics violations.
My contention: DLP is improving, but remains a relatively immature technology that is good at identifying, intercepting and blocking known data set such as Social Security numbers, but not so good at identifying unclassified or unknown contextual data. In the case of the Congressional leak, I said that DLP would have a hard time recognizing and distinguishing “Maxine Waters” in routine correspondence from “Maxine Waters” in sensitive investigation materials.
I was called on the carpet by Kevin Rowney, founder of Symantec’s data loss prevention division and founder of Vontu, the company Symantec acquired to get into the DLP business. He called my analysis lacking in “basic fact checking” and representing of DLP prior to 2001. While I said the Achilles heel of DLP is the same that stymied previous attempts at data leak prevention—user driven classification of data when storing and transmitting—Rowney counted by saying that such DLP solutions represent “bottom-of-the-barrel vendor solutions.”
“New advanced algorithms detection algorithm (many of them pioneered by Vontu) [sic] have made many of the types of breach you talk about above a quite solvable problem. They have high accuracy, low false positives, and don’t require pre-classification,” he wrote on the Secure Channel blog.
In a rousing debate, Rowney went on to explain DLP solutions—particularly those offered by Symantec—are able to detect contextual data and how the contemporary methodology could have prevented the congressional ethics probe data leak.