Data theft prompts firm to lock down, protect network

After a disgruntled employee made off with several CDs' worth of critical data, a Michigan automotive data reseller realized it had to install better protection at the endpoints, not at the network core or perimeter.

With data theft and network intrusions continuing to flourish, network security is no longer a perimeter game.

Just ask Jeff Schmitt, network administrator at Troy, Mich.-based Motor Information Systems, a reseller of automotive data.

"We sell data," he said. "Obviously, the data that's on our network, we have to make sure we keep that under wraps."

But a few months before Schmitt started, that lock was picked. A disgruntled -- now former -- employee burned a few CDs' worth of valuable data and sold it to a competing company.

The theft served as a wakeup call about network security, but Schmitt said the company also realized that network protection needed to focus not just on the core or the perimeter but on the endpoints, particularly devices that can be linked up to those endpoints to transfer data.

"We don't want data moving one way or the other unless we know about it," Schmitt said.

Related stories

Have endpoint security threats met their match?

Flood of NAC products toughens security choices

Motor Information Systems is on top of it now, with DeviceWall, a product from Centennial Software that lets network admins block end users from plugging unwanted devices into their machines. Those devices include USB flash sticks, external drives, iPods, and even digital cameras. It also prevents users from saving or uploading data to or from CDs, DVDs or other portable storage media.

Although most users are barred from linking up any such devices, Schmitt said that DeviceWall does let him make exceptions to the rule and grant temporary or permanent access based on groups and specific users.

But those exceptions, he said, are few and far between.

"There are exceptions, but I'm the network administrator and I'm not one of those exceptions."

With its use of DeviceWall, Motor Information Systems is an early-adopter of a new trend in endpoint security -- products that protect endpoints against other endpoints.

In recent months, several companies have rolled out similar software that locks down endpoints at the port. Some, like DeviceWall, also offer reporting capabilities, so an admin knows who is trying to connect which devices, even if those attempts are unsuccessful. GFI Inc. last month announced EndPointSecurity. Others jumping head-on into this space include CenterTools Software, with DriveLock; SmartLine Inc., with DeviceLock; and Safend Inc., with Protector.

Brian McCarthy, vice president of marketing for Portland, Ore.-based Centennial Software, said the trend in locking down devices was prompted by an increased awareness of high-publicity data thefts.

"The issue of data theft and what's happening with it is affecting everybody," McCarthy said, citing an IBM study indicating that 74% of network threats are internal.

And though firewalls and other perimeter security mechanisms such as intrusion detection and protection and network access control do a solid job, another level of defense was needed to protect against internal threats.

We don't want data moving one way or the other unless we know about it.
Jeff Schmitt
Network AdministratorMotor Information Systems
"We need a way to prevent data from leaving the network," McCarthy said. "But we don't just totally block [devices]; we determine who can use what type of device."

The protection is not limited simply to what is leaving the network. It also focuses on what is entering. Blocking devices at the port-level eliminates the possibility that a virus, Trojan, worm, or other malware might be unknowingly introduced through an end user's personal device.

McCarthy said DeviceWall is based on the six Es: education, enforcement, exception, evidence, efficiency and encryption. He added that DeviceWall runs about $10,000 per 1,000 seats.

According to Jeff Schmitt, that's a small price to pay to ensure that no more data is smuggled out of Motor Information Systems.

"We have 100 years' worth of information," he said. "There are external hard drives that can store 300 gig. Someone could copy as much data as they can, take it, and resell it or use it against us. I would say that would hurt us."

Now, Schmitt said, he uses reports generated by DeviceWall to see who is trying to connect which devices, an eye-opening process.

"It's funny, because there are things we didn't realize were happening," he said, adding that one report showed an end user trying three times in one day to hook up an iPod, despite being rejected each time. "This definitely gives us a better sense of security, because with all of these devices now, they're just plug-in and go."

Dig deeper on Network Security Monitoring and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close