Fixing Leaky Corporations

Information is easy to leak and we can always find numerous confirmation of this. For example, leak of inside information via Directors Desk, a Nasdaq system designed to facilitate boardroom communications for 10,000 executives; hackers who took control of networks at NASA’s Jet Propulsion Laboratory and stole sensitive data last November; Epsilon Data Management breach that led to exposed names and emails of millions of customers stored in more than 108 retail stores, plus several huge financial firms like CitiGroup Inc.; Stratfor Global Intelligence hacked with sensitive user and intelligence data; compromise of million user accounts information of Sony PlayStation Network, and etc.

toomuchinfoThe problem of data leaks gradually gets worse as the amount of digital information created and replicated in a year, will increase to 35 zettabytes by 2020, from less than 1 zettabyte in 2009 (see chart); 1 zettabyte is 1 trillion gigabytes, or the equivalent of 250 billion DVDs.

To address the problem companies are being offered various solutions, such as access and identity management, content and information rights management, data loss prevention and forensics.

Access and Identity Management (AIM), Content Management (CM) and Information Rights Management (IRM) solutions control who can access what data. Such controls are hard to use as it is cumbersome task to maintain a proper access matrix for all users and data resources: [Who X What].

Data Loss Prevention (DLP) mitigates the complexities of access control solutions by monitoring of outbound data traffic making sure that sensitive information does not leave corporates unnoticed. DLP removes users (Who) from the equation and concentrate purely on business value of data (What) in the matrix above. However, the complexity of ‘What’ definition is still there as complete classification of flowing data is also hard to achieve with the conventional DLP technologies.

Forensics tools and Security Information and Event Management (SIEM) keep eye on everything that is happening in the company’s network and facilitate data leak detection. The approach has a limited value due to lack of analysis automation and scalability challenges. Also it cannot prevent data leaks but only detect them.

The described obstacles can be fixed by combining DLP, SIEM and forensics. SIEM and forensics provide correlated traces on data access and flow. The traces automatically modeled to classify contents and generate behavior patterns resulting in the dynamic policy for DLP. At BeyondTrust we call this technology Active Profiler. The advantage of the approach is eliminating complexities by the integrated intelligence, unlimited scalability for ever-growing pile of information and ability to prevent data leaks in contrast with detection-only.