Data loss prevention software, or DLP, has long been a hot topic among security professionals for a while, but it’s always been a bit of a mercurial target: How do you lock down data while still making it accessible enough to be useful? The short answer: You can’t. Remove CD drives, install the right software, regularly audit your weaknesses and you can still be a victim.
But that doesn’t mean that WikiLeaks is the “canary in the coal mine” for DLP techniques. In fact, it’s going to receive more attention and more thought than ever (we picked it as one of our top 5 trends for 2011), but the hard truth is that security is about mitigating risk, not eliminating it. It’s not a message your CEO wants to hear, but acknowledging that systems are imperfect and breachable is the first step towards recovery, as they say.
Even the National Security Agency reportedly has acknowledged the fact, and if the world’s spookiest spooks can’t stop breaches, how can your company? From Reuters:
The U.S. government’s main code-making and code-cracking agency now works on the assumption that foes may have pierced even the most sensitive national security computer networks under its guard.
“The most sophisticated adversaries are going to go unnoticed on our networks,” she said.
“There’s no such thing as ‘secure’ any more,” Debora Plunkett of the National Security Agency said on Thursday amid U.S. anger and embarrassment over disclosure of sensitive diplomatic cables by the web site WikiLeaks.
So much for holiday cheer.
Last week, we went ahead and made our first round of 2011 IT tech trends, from tablets to big data. Now we present what we think will be the real big drivers for change in IT tech. Have something else to add? Let us know in the comments!
If IT Knowledge Exchange‘s Network Security month has sparked an interest in learning more, then you’ve come to the right place for some network security reading. We scoured the Internet, the forums and the search sites for network security reading materials vital to your success and understanding. So, without further ado…
It’s always fun to get new things, but before you go plugging all those enterprise holiday gifts into your data center, be sure you have them optimized for security. Server hardening is essentially creating a security baseline before introducing new machines that haven’t been configured with security as a priority to the mix. IT Knowledge Exchange recently moved its servers from hosted to in-house, replacing all of our hardware with brand new servers, so this is a subject we’ve been dealing with firsthand. After moving our infrastructure to our Tier1 data center and adding some redundancy, we were curious as to what our users are doing in their own data centers. We asked our members and here’s what we got:
In the aftermath of the latest installment of the WikiLeaks saga, at least one company is coming out clean and happy: TeleCommunication Systems Inc., a provider of military-grade technology, was awarded a $49M contract with the Department of Defense. The Mission: Provide technology training to the government’s cyber security workforce. (Can anyone cough and simultaneously say, “After the fact”?)
The partnership with the DoD comes directly from the higher-ups, with support from Obama’s government workforce development effort and Cyber Security Coordinator Howard Schmidt backing the deal. Part of the five-year contract, which includes five option periods, is TCS’s Art of Exploitation University program, launched in May. The Annapolis-based company’s AoE University has already enrolled 1,500 students since its launch, teaching the gamut from computer network security, information assurance, network defense, penetration testing, forensics analysis to cyber intelligence. Hopefully the hands-on learning and real-life simulations will include the proper response to burning Lady Gaga CDs?
As 2010 comes barreling to an end, we decided it would be a good idea to take a breath, take a look back, and try and identify the key IT trends coming around the corner at us in 2011. It’s true, 2010 has already been such a huge year in IT: Oracle acquiring Sun, everyone jumping on the tablet bandwagon (Has RIM ever developed a product line so quickly?), the endless Mark Hurd drama … and we have a feeling next year isn’t going to be any quieter. So here’s what we see down the pipe. Have some ideas of your own? Think mine are off? E-mail at Michael@ITKnowledgeExchange.com.
Network security is one of those topics where everyone has an opinion, but there’s no way to know what’s right until you try it. We’ve tried to alleviate the need to frantically practice trial-and-error on every last network security product for the enterprise by polling IT Knowledge Exchange members. And here’s what you had to say: Continued »
While most people fret about the hundreds of dollars now on their credit cards for the holiday season, Juniper has dropped $95M for Altor Networks, a virtualization security vendor. This partnership is preceded by the companies’ previous involvement with one another, providing virtualization services and technology to the enterprise. Mark Bauhaus, executive VP at Juniper Networks, says that the acquisition is part of Juniper’s goal of expanding its data center and cloud security offerings:
[It] will enable customers to deploy a consistent set of security services across their physical and virtual infrastructure, while delivering lower TCO.
This is Juniper’s second acquisition in the past two months, after the $152M acquisition of Wi-Fi vendor Trapeze Networks. The goal is to expand what executive VP of Fabric and Switching Technologies David Yen calls its “end-to-end networking product portfolio.” And it seems that joining forces with Altor is a means to that end, adding introspection technology as well as policy and compliance aspects for the entire enterprise or virtualized data center infrastructure.
With competitors such as VMware and Cisco also creating extensions from physical to virtualized systems, is the acquisition enough for Juniper to keep up?
Following up on our piece explaining how to access certain Marine Corps’ password-protected materials, we received another e-mailed response to a few of our questions which shed a little on the situation. In addition, in a surprisingly transparent move, password protection was completely removed from many of the documents. We should note, however, that while the e-mail below states no documents from after 2005 were available, we found one (unclassified) manual from October 2007.
The e-mail in full below.
WikiLeaks’ data dumps have been called “unprecedented” a number of times in the past few weeks and months, as hundreds of thousands of pages of once internal documents have found their way to the web. Unfortunately, data leakage is nothing new, and has cost millions if not billions over the years in stolen identities, lost revenue and fines. What is new is how the data leakage has been disseminated: Not over shadowy back channels or black markets, but out in the open in the public eye. WikiLeaks now seems poised to give the same treatment to a private company, but even if they weren’t, someone else will or already is using similar attack vectors at major companies around the world. The only difference is that in the WikiLeaks case, the public is made well aware of it after the fact.
Here are some tips to helping minimize possible damage on your own network.