Okay, it’s not really a movie, but it is a video on data leak prevention aka DLP. I was recently invited down to the Demos on Demand studios just south of San Francisco to discuss this topic and several others with my friends Richard “ThreatChaos” Stiennon, Mike “Episteme” Murray and Amrit “TechBuddah” Williams. Mike, Amrit and I were in the studio while Richard was in his home studio somewhere far east of California. Rich “Securosis” Mogull opens the discussion with some thoughts of his own, but his portion had been recorded much earlier and the rest of us got to argue against him without any chance of rebuttal.
I like the idea of DLP, but I see it as another one of those really complicated technologies that has a very high likelyhood of becoming shelfware in many enterprises. It requires a deep understanding of the data that’s being used in the business and constant care or it’s worse than useless. Without that understanding of what’s valuable to your organization and what’s not, it can easily provide you with a false sense of security, which is worse in many ways to knowing your unsecure.
That being said, I really like the ideals behind DLP and in a company where its put in place for a specific purpose, it can be a great thing. In the security world I inhabit, i.e. PCI, DLP is something many companies could put to good use in finding and classifying cardholder information. Credit card numbers are easily understood and detected by DLP software and many companies will be very surprised at some of the places they’d find CCN’s if they’d just look. But credit cards are a very small subset of the information out there and not something every business has to deal with.
If you’re planning on putting in a data leak prevention solution or already in the process, just remember ‘the devil’s in the details’. You have to work with the business units and understand what’s valuable to your business and why. Very few businesses want to alert on every piece of information that’s flowing out of their business. Usually there are one or two types of information that are important and that’s what you need to concentrate on.
Click here for Data Leak Prevention video from Demos on Demand for Security
We recorded several of these discussion at the same time, so there should be a few more coming out soon.
If you’re a security professional in the San Francisco area, join us tomorrow night at Gordon Biersche Brewery & Restaurant for a couple beers and the company of like minded individuals. Officially the whole thing kicks off at 7:00, but there’s usually a few people who get there earlier to have a bite to eat in preparation for the the socializing and drinking. Personally I love the garlic fries, but not everyone around me appreciates that sentiment.
In this economy, even more than most of the time, keeping your social networks alive and active is vital to finding and keeping a job. Sure, LinkedIn, FaceBook and Twitter are great, but it’s hard to beat face to face time for really cementing some of the relationships you’ve formed online. Robert Scoble wrote a list of things to do if you’re laid off and ‘attending industry events’ was one of the more important points. And bring business cards, either personal or business; sure most people will lose your card, but if the right person keeps yours, it’s more than worth the $20 you spent on 500 cards.
Hope to see a lot of friends and fellow security professionals there tomorrow and catch up on some of the latest industry gossip. Or at least some of the things people aren’t willing to post on Twitter.
It’s still months away, but if you’re a security blogger, now is the time to sign up for a press pass for the 2009 RSA Conference. If you’re a security blogger who’s having a hard time justifying training in the economic downturn, apply for the press pass and see what happens. I’m pretty certain that the passes are going to be a little harder to get than they have been in previous years, but if you get one, it goes a long way towards convincing your bosses to let you attend. Plus you get access to the press room, where they usually serve breakfast and lunch.
This will be my fourth RSA conference with a press pass. I’m assuming I’m getting one at least, especially since I’m on helping organize the Security Bloggers Meetup at RSA this year. If you’re applying for an RSA press pass, make sure you’ve put your name in to attend the Meetup as well. And while you’re at it, nominate your favorite security blogs for a Social Security Award too.
As my friend Michael Farnum points out, the price for getting a press pass is a deluge of press releases. You’ll get tons of vendors who want you to come by their booths and talk to them, sometimes just to give you marketing material, sometimes to have one of their senior guys talk to you, and usually somewhere in between. I tend to turn down most of these offers unless they’re concerning something that I’m genuinely intersted in. Which still usually leaves me with more people to talk to than I have time for.
I’m looking forward to seeing a lot of bloggers at the event this year. The ‘real’ press is still a little unsure of how to treat bloggers at events like this, but in general they’ve been open and friendly. And there’s a lot to be learned from the guys who actually write for a living rather than because its fun.