When it comes to data loss prevention, networking should be part of the conversation

By Michael Morisy, News Writer 22 May 2008 | SearchNetworking.com

News on networking, mobility and voice Digg This!     StumbleUpon     Del.icio.us

According to Rich Mogull, principal and founder of security consulting practice Securosis Inc., there are three points at which data leakage can occur, all of which must be kept in mind when developing a DLP strategy:

• Data in motion -- what's going across the enterprise network, such as corporate email, webmail, forums, blogs and IM.
• Data at rest -- stored not just in the data center but on laptops, desktops, USB keys, and even PIM information in mobile devices.
• Data in use -- documents in use, where formerly protected data can be printed or simply copied and pasted into an insecure format.

Further DLP Research Read An introduction to DLP with security analyst Eric Ogren. Securosis.com is the blog and homepage of Securosis. See SearchSecurity.com's overview of new DLP tools. View these whitepapers on DLP from Securosis and ProofPoint.

Data in motion is the segment most likely to concern networking professionals, Mogull said, and it's also one of the first places to start securing with DLP.

That's because the data leakage occurs as information is sent across the network, and the best places to detect its release are at network choke points. Without having at least some coordination with networking, not all of those choke points will necessarily be discovered.

Fortunately, given some research and open channels of communication with other departments – including legal, compliance, network security, and auditing – DPI won't change the day-to-day networking job, Mogull said.

"It's a minor adjustment, another box or bump in the wire," he said. "What you want to do is do your research."

Over the past few years, viruses and black hat hackers have taken a backseat to internal threats: 28% of surveyed networking decision makers recently responded that data leakage was the primary threat, compared with only 14% who marked external threats as their biggest concern, according to a recent SearchNetworking survey.

"[DLP is] definitely a growing area," Mogull said. Last year, it was only a $70 million market, but it's one that enterprises are starting to pay more attention to as rising risks and regulations make it impossible to look the other way, he said.

The need for strong DLP is most keenly felt in industries such as healthcare, finance and education, which have a myriad of compliance rules, but it's spreading to other fields, like manufacturing, where data leakage can potentially destroy a competitive advantage.

"It's becoming more horizontal," said Keith Crosley, director of market development for ProofPoint, which provides tools to detect and prevent data leakage. "This remains a huge area of risk, and a large number of companies experience theft of customer information."

Crosley offered some questions companies should ask themselves when considering DLP:

• When is it OK to send information outside the enterprise via email? When is it not?
• What types of information are prohibited in the email (and other messaging) system(s)? Transactional data? Customer data? Intellectual property documents? Internal memos?
• What types of procedures will be necessary to discourage risky behavior and enforce established policies? Punishment? Termination?
• What is our process for reviewing and revising policies in the event that changes occur or policies fail to work as expected?

Crosley also suggested contacting various DLP vendors and asking for help conducting an audit, which often could be a free service invaluable in establishing whether an enterprise should or should not move forward with deep-packet inspection to stop data leakage.

Ultimately, however, the decision needs to be made based on independent analysis, which means taking a look at how real the dangers are and how much damage will be done if data does leak out. Although advanced DLP techniques are spreading and may well be standard someday, employee education may be the most effective answer for many companies. This is advice DLP vendors are unlikely to offer.

"You definitely want to do a little bit of research before you go to the vendors," Mogull said.

Tags: Network Security Monitoring and Analysis,  Network Monitoring,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Security Monitoring and Analysis Where can I find a sample security audit report? How can I run my own? The firewall remains the network traffic cop, but its role is changing Troubleshooting VLANs: How to monitor 802.1q tagged traffic Poor data-loss prevention practices almost cost Intel a billion How can I block my competitor's IP address range from my website? Hospital gains network visibility by convincing vendors to collaborate What software monitors and locks users from accessing my router? Data leak prevention starts with trusting your users NagVis -- 'Nagios: System and Network Monitoring, Second Edition,' Chapter 18 What is a genetic algorithm and where can I learn more about them online? Network Monitoring Understand Windows tracert output to troubleshoot network connectivity Network management and monitoring market remains crowded, fragmented When do applications suffer from poor network performance? Xangati help desk 'DVR' feature speeds up trouble ticketing resolution Network change and configuration management vendors see big changes YouTube, Facebook make bandwidth monitoring best practices challenging How a new casino manages a giant network with 500 switches, IP voice How network performance management can save money, boost applications Return-all-values script: Managing Windows networks using scripts, Part 13 HTTP error code troubleshooting, Part 2: How to use IIS tool WFetch Network Monitoring Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary deep packet inspection (DPI)  (SearchNetworking.com) FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com) netstat  (SearchNetworking.com) port mirroring  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary