Leveraging Existing Security Infrastructure to Protect Against Future Threats

Written by

European companies started appreciating the need for protecting sensitive information many years ago. In comparison, U.S. companies were more likely to see security needs from a compliance perspective. As a result, the domestic strategy was to implement security solutions that would give you the biggest bang for your buck. Data Loss Prevention (DLP) fell into that category.

Usually implemented in the network layer or on end-points, DLP promised to monitor all data transfers, identify and potentially block anything that was not supposed be at a given network or storage location. The result, as many CIOs hoped, was a single, compliance-enabling security solution that would prevent data loss and leakage. Naturally DLP enjoyed incredible deployment numbers and most major enterprises have DLP deployed in one form or another.

Yet when looking at how many data breaches have occurred over the past couple of years, it appears as if DLP couldn’t solve businesses’ security problems. The Ponemon Institute estimates that DLP prevented fewer than a fifth of data breaches. The problem with DLP and many other ‘traditional’ data protection solutions is that they operate on content and often work against the end-user.

Operating on content means that solutions like DLP often have very limited contextual awareness in terms of where the data comes from and what the user’s intentions are with that data.  DLP solutions rely on content scanning and pattern matching in an attempt to figure out if the data is sensitive enough to be blocked. This method often leads to frustration on behalf of the users, because they are prevented from processing the data and instead have to figure out how to get past the DLP solution. The bad news for DLP is that the motivated user often finds a way to bypass it, rendering DLP ineffective.

So the question is – what can you do to significantly raise the security bar, while leveraging your existing investment?

Putting Security into the Right Context

An effective way of increasing security is to augment your existing investment in traditional (content-aware) security solutions with context-aware solutions. That is, software with the ability to fully understand the context of where the data is coming from, who the user is as it relates to that context and where the data is going.

Here is an example that illustrates the difference between a content-aware security solution and a context-aware security solution and how DLP might have difficulty in properly distinguishing between sensitive and non-sensitive engineering data of a fictitious automotive company, Acme Auto.

John is an engineer working on the design of engine parts. All engineering drawings are stored in a project room, and each individual part is internally classified. The classification of those parts is linked to the roles and authorizations of all engineers, ensuring that everyone can only access the parts to which they are assigned. Additionally, Acme Auto relies on original equipment manufacturers (OEMs) that supply parts. As a result, many of the engineering drawings have to be shared with the OEMs for the purpose of collaboration.

Engineers can export drawings for the purpose of sharing them with OEM’s but, unfortunately, the internal classification of the computer aided design (CAD) project room does not extend to exported files. From the perspective of a content-aware DLP solution, it cannot tell if the exported drawing shared via FTP (File Transfer Protocol) contains the design of a simple screw, which is classified as ‘internal only’ or a ‘top secret’ design of a new ignition system. All it can see is that John exported a drawing from the CAD project room and he is trying to transmit it via FTP. Because this is a valid business case, chances are that DLP is not configured to block such a transfer, opening the hole for classified information leaving the company via FTP.

On the other hand, a context-aware solution, one that deeply integrates with the CAD project room, would be aware of the internal classification and block an unauthorized export before it happened or alternatively tag the exported drawing with metadata (such as a classification label), allowing the downstream DLP solution to make a reliable decision of whether to block the data transfer or not.

By definition, context-aware solutions require integration with applications that contain sensitive data in order to obtain the necessary context and with such a stringent requirement, enterprises won’t find a solution for all of their applications. The good news is, the number of context-aware applications is growing and even DLP vendors have realized the need to become more context-aware.

That all means that you can analyze where most of your sensitive data is originating from —for many companies it is an ERP system — and then deploy context-aware solutions, closing the gaps one by one. That way your businesses can leverage your existing investments, while significantly increasing your level of data protection and hopefully stay out of the news for a while longer.

What’s hot on Infosecurity Magazine?