Home > InfoSec > Endpoint Security Madness

Endpoint Security Madness

A group of CISOs asked me this week to briefly describe the problem and solutions around network data leakage and endpoint security.  I broke it down like this.

The Problem:  Sensitive information leaves the control of the company all the time. People leak it at cocktail parties after one too many martinis with blue-cheese-stuffed olives (yum).  Or excerpts from a proprietary file are pasted into an email. Or the entire spreadsheet is attached to the email or copied to a USB memory stick, etc.  You get the picture.

The Solution: since we cannot cut off everyone’s fingers and tongues, we need to find more subtle approaches that won’t hamper normal business. Therefore, a few classes of product have emerged to help.

Device Protection.  ControlGuard, Safend and Securewave are three vendors with software running on each computer that manages which devices may be attached to the PC.  For example, a Kingston Brand DataTraveler® Secure Privacy Edition USB Flash drive with 256-bit
AES encryption that was issued by the company for authorized use…would be allowed.  But a Kingston memory card stuck in your phone or PDA would not be an authorized storage location.  These software solutions do a great job of controlling what data may go out what doors, and it’s all controlled by policy.

Good idea.  But since it’s costly and difficult to maintain software and policy on every single machine, the chances for leakages are still high.  You need something else.

Then there is the email problem.  Companies like PortAuthority (just acquired by Websense), Vontu, Oakley and Vericept sniff data that is leaving the safe confines of the controlled network, and by policy monitors or disallows traffic containing confidential data.

Good idea. But as we’ve already seen, important data leaks out
through iPods and phone memory cards.  The vendors understand, and
that’s why they’ve all begun adding device protection (competing with
ControlGuard and the rest) to their solution.  But it’s still not

Sometimes I’m authorized to send confidential information out
of the company.  We send contracts, legal documents, sales forecasts,
business plans, and all sorts of private data to our business partners
all day long.  Simply encrypting that data with PGP or another product
is silly (not to mention tedious), because as soon as it is decrypted
at the other end, the information can be forward, edited and leaked
with abandon.

That brings us to secure document management.  Liquid Machines,
Sealed Media (acquired by Stellent/Oracle), Authentica (Acquired by
Documentum/EMC), and Interfuse
keep track of all documents and data throughout their respective
lifecycle and across all company computers.  All but Interfuse lose
their control of the information once the document slips out to a
business partner.  Interfuse wraps the document in a security blanket
than is never unwrapped.  I email you the document, and when you open
it, a special reader gives you a view to the content.  But you still
cannot cut ‘n paste or forward the doc.  Not foolproof, but the best
solution on the market for sure.

Then somehow you need to keep track of whether your document and
data protection systems are actually installed on people’s machines,
and if the policy is accurate, and if the software is running Promisec_1
properly.  That brings us to Promisec.  The Promisec platform gives you
a real-time snapshot of what memory sticks and iPods and other devices
have been plugged in without authorization, and if the antivirus,
personal firewall and device protection software is all doing its job.
Clientless scans mean you don’t have to install software on every
machine – and it means you can see devices like PDAs that are owned by
your employees.  To me, Promisec gives the most bang for the buck.

Promisec + Interfuse is a pretty complete solution and saves a lot
of trouble in deployment.  Promisec + Interfuse + say, Vericept or
Vontu may be the ideal complete package.  (I suggested this to Websense
but they didn’t get it, oh well).

Categories: InfoSec
  1. Michael
    January 19, 2007 at 12:29 pm

    “All but Interfuse lose their control of the information once the document slips out to a business partner.” I don’t believe that this is the case (at least with Authentica) – when a protected email or protected document are sent to a business partner, the sender just needs to make sure the recipient has the appropriate plug-ins and permissions in order to access the protected content. Without these, the content is still encrypted at the recipient’s end.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: