Simon Says – Musings of a Technology CTO

With the current news fracas regarding the latest WikiLeaks disclosures, which have reached a pretty interesting juncture with Congressman Peter King asking for WikiLeaks and it’s founder Julian Assange to be declared “Terrorists and spies”, I thought I’d add my fire to the flame and say quite bluntly –

McAfee can help you protect your information!

Yes, you would not believe it but monitoring for inappropriate disclosure of sensitive information is bread-and-butter stuff to us.

• Want to stop users emailing sensitive docs?
• Want to simply monitor the movement of sensitive information?
• Want to stop people printing sensitive information?
• Want to stop users copying sensitive information to removable devices
• Want to stop users posting sensitive information in IM messages?

All these things (and many more) can be controlled and monitored easily using technology the industry  calls “Data Leakage Prevention” – DLP for short. There’s software you can install on your users machines to monitor and protect them from accidentally leaking information, there’s hardware you can install on your network which acts like “Tivo” – monitoring recording and classifying everything that goes over the wire, and of course more devices which you can use to mine stored structured and unstructured data so you can discover where data meeting particular criteria is kept.

Do you know something else? None of this stuff is bleeding edge – sure, it’s kept up to date with feeds and speeds, but this technology is years old, mature, and ready for prime time.

With the McAfee tech (I can’t speak for anyone else’s solutions), you can “turn the dial down” so the system is invisible and passive – just sitting there watching for odd and suspicious behavior, alerting you when things happen. You can also crank the dial to “volume 11” though and get it to actively block things as well if you like – it’s up to you.

The best thing though, and this IS unique to McAfee, is that our solutions are continuously monitoring, classifying and capturing EVERYTHING that goes through them, so, even though you may not have a “rule” or “policy” to block some specific issue or leak today, if you ever find your sensitive information out in the wild you could query the McAfee DLP system and discover exactly how/who/when it got out – it KNOWS what happened in the past, maybe for several months or more.

Now, wouldn’t that be a little discouraging for your potentially-leaky users to know?

I’m not claiming that DLP as a technology, or the McAfee DLP solutions cover every possible way of leaking information – after all, once it’s in someones head you’ve lost control partially at least, BUT, in our experience most leaks happen through traditional, easy to control channels – people email stuff out from work to the wrong people (by mistake, or deliberately), they copy data to removable media plugged into their work computer, they print stuff out at work etc.

To put some numbers around this problem, according to DataLossDB.org around 13% of leaks are caused deliberately by insiders, compared to 32% occurring through accidental insider use.  This compares to 42% of leaks and breaches being caused by outside attack.

There are other complementary solutions of course such as full disk encryption to protect laptops, hard disks, memory sticks etc when they move around to make sure that if they are lost or stolen, the finder cannot see the information on them – yet another layer of protection for you, your company, and your customers. Add DLP to the mix and you really do start reducing the risk of that insider accidental/deliberate leakage.

I’ll leave you with a quote from an article by Rickard Sisk of the Daily News Washington Bureau:

At Obama’s direction, the White House Office of Management and Budget sent out a memo to all agencies to make sure their workers can only see what they have to see to do their jobs.

OMB Director Jacob Lew said there will be a zero-tolerance policy under the new directive.

“Any unauthorized disclosure of classified information is a violation of our law and compromises our national security,” according to reports.

You can find some interesting videos on the McAfee Solutions on Youtube – for example: Network DLP, Encryption, Removable Media Protection