Jan 15 2009

DLP, the movie!

Published by at 7:42 am under Security Advisories

Okay, it’s not really a movie, but it is a video on data leak prevention aka DLP.  I was recently invited down to the Demos on Demand studios just south of San Francisco to discuss this topic and several others with my friends Richard “ThreatChaos” Stiennon, Mike “Episteme” Murray and Amrit “TechBuddah” Williams.  Mike, Amrit and I were in the studio while Richard was in his home studio somewhere far east of California.  Rich “Securosis” Mogull opens the discussion with some thoughts of his own, but his portion had been recorded much earlier and the rest of us got to argue against him without any chance of rebuttal.

I like the idea of DLP, but I see it as another one of those really complicated technologies that has a very high likelyhood of becoming shelfware in many enterprises.  It requires a deep understanding of the data that’s being used in the business and constant care or it’s worse than useless.  Without that understanding of what’s valuable to your organization and what’s not, it can easily provide you with a false sense of security, which is worse in many ways to knowing your unsecure.

That being said, I really like the ideals behind DLP and in a company where its put in place for a specific purpose, it can be a great thing.  In the security world I inhabit, i.e. PCI, DLP is something many companies could put to good use in finding and classifying cardholder information.  Credit card numbers are easily understood and detected by DLP software and many companies will be very surprised at some of the places they’d find CCN’s if they’d just look.  But credit cards are a very small subset of the information out there and not something every business has to deal with.

If you’re planning on putting in a data leak prevention solution or already in the process, just remember ‘the devil’s in the details’.  You have to work with the business units and understand what’s valuable to your business and why.  Very few businesses want to alert on every piece of information that’s flowing out of their business.  Usually there are one or two types of information that are important and that’s what you need to concentrate on. 

Click here for Data Leak Prevention video from Demos on Demand for Security

We recorded several of these discussion at the same time, so there should be a few more coming out soon. 

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

4 responses so far

4 Responses to “DLP, the movie!”

  1. Ericon 15 Jan 2009 at 8:20 am

    We’ve deployed DLP. The problems we’ve enountered have little to do with the solution, and more to do with developing business processes to determine who should have access to send data, manging that list, and educating users on new steps for sending data. EUA appears to be the biggest hurdle, the software does most of the work for you (as far as the endpoint goes). In terms of Data at Rest and at Motion, this can be a little more complex as you can get fairly comfortable with the technology, but you are always worried about what you are missing in terms of encrypted channels and the like.

  2. Dan Yorkon 15 Jan 2009 at 10:17 am

    Martin,

    Nice job with that video! Who assembled the end video? Was that done by Demos on Demand or did Richard Stiennon or one of you do it?

    Nicely done,
    Dan

    P.S. And I agree with the views that “DLP” is overhyped as a term.

  3. Martinon 15 Jan 2009 at 10:31 am

    Demos on Demand did all of the video taping in the Bay Area, Richard did his own recording at home and the rest of us just showed up and look pretty. Or at least as pretty as Mike, Amrit and I can look.

    Thanks

  4. […] Safend responds to discussion on DLP – Encryption of data at rest is an important part of securing your data, but I’m not sure if it’s something I’d directly link to Data Loss/Leak Prevention.  I really do view DLP as more of a content filtering and discovery technology than anything else, but I could be wrong.  I am a strong proponent of encyrpting anything and everything that might be of value to your enterprise however; there’s little or no reason not to in this day and age.  Maybe Rich and I will take this up in a future podcast. Here’s where to find the original discussion. […]

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: