What do security personnel consider to be the biggest threat to the corporate world?
- 37% say Data loss through internal threats, negligence or accidental loss.
- Other top threats include evolved forms of worms, viruses ; malicious attacks ; bots
According to a straw poll of IT security managers conducted by CDW, here’s what is on the minds of security personnel:
Of the 200 IT security professionals surveyed, there is a little bit of optimism that executive management understands the business risks:
- 17 percent of participants say that nothing at all would convince their companies to invest in higher levels of threat prevention
- 18 percent say that only a significant breach of their systems would compel an escalation in security investment.
- 39 percent of respondents believe that a specific assessment pointing out vulnerabilities in their IT security systems would lead to an increased investment in network protection.
What do security personnel consider to be the biggest threat to the corporate world?
- Data loss through internal threats, negligence or accidental loss, said 37 percent of respondents.
- Other top threats include: evolved forms of current threats, such as worms and viruses ; malicious attacks ; bots
“It is troubling to see so many organizations still struggling with preventable threats such as viruses and worms, when the stakes are so much higher from the risks that newer threats pose. It’s critical for businesses to secure themselves with the effective, readily available shields against ordinary threats, to free up time and resources for more proactive action against data loss and the rising threats of botnets and malicious, targeted attacks”
Doug Eckrote, Senior vice president of strategic solutions and services at CDW
Assaf Litai, a well-known authority on data loss prevention (DLP) technologies discusses his definition of DLP, considerations for CIO’s, what to expect from vendors, the evolution of DLP as well as his take on the convergence of anti virus and DLP.
How would you define a data loss prevention solution?
The tricky questions in front of enterprises today are – which is my most important data? How is it being used? These are the questions that a DLP solution answers. To put it in simple words, it assesses risk associated with data. This is a DLP’s core responsibility – to give the management visibility into data and its usage.
Read the remainder of the excerpts from his interview on CXO.com.
Toronto-based security researchers have helped uncover a China-based cyber espionage network — Ghostnet 2.0 — that has stolen sensitive documents from the Indian government and visa information from Canadians.
Cyber spies used phishing e-mail attacks and a bot network — abetted by social media — to steal top secret Indian government documents and visa information from Canadian citizens.
The University of Toronto’s Citizen Lab worked with Ottawa-based security research computer SecDev Group and other American researchers to uncover an even more widespread cyber espionage operation. The total number of stolen documents is greater than 700.
The researchers released their findings yesterday. Read the full story at itbusiness.ca .
The Burton Group analysis surveyed vendors on their market and product strategy and included interviews with the customers to gauge customer satisfaction.
A live demonstration of each vendor product was also conducted using a scenario designed by the analysts. Once completed, the vendors were ranked based on vendor viability, customer satisfaction, market leadership, sales, service, support and product evaluation.
“DLP has been used to track data in motion, but now another part of the software is its ability to look at repositories and file shares and even fingerprint data to control data changes by either blocking it or putting an alarm on it,” said Eric Maiwald, vice president and research director for Burton Group Security and Risk Management Strategies.
“Some of [the] tools have [the] ability to identify who owns a particular set of information and send a message to that data owner if a policy has been violated.”
Read the full story here. Download an executive guide to DLP here.
Sponsored by Dimension Data and conducted by researchers by IDC, the survey of more than 400 IT security decision makers found that more than half of companies worldwide report that they are planning to invest in DLP technology.
Even in today’s economic climate, spending on security continues, based on this report. Approximately 19 percent of those surveyed reported that they actually increased security spend this year, while an additional 40 said their security budget remained the same.
This spend in security dollars will bode well for the security Channel partners that prepare and position themselves, as the trusted advisors with the right technologies, expertise and service capabilities for these organizations.
Bell Canada Enterprises says it has recovered the stolen data relating to 3.4 million Ontario and Quebec customers with help from the Montreal police. The stolen customer information was found on hard drives, flash drives and CDs. A 30-year-old Montreal man was arrested on Tuesday in connection with the incident.
“It was on a hard drive and on a memory stick and on a CD,” Langton explains. “It was all electronic, there was no other format.”
Read the full article on ITBusiness.ca
Gartner recently released its analysis and published the 2009 Gartner MQ for Content-Aware DLP.
In reviewing the results, there don’t seem to be any surprises:
- RSA, Symantec, and Websense are the only vendors in the leaders quadrant
- MIA are Reconnex (now McAfee) and Vericept who have dropped from the leaders quadrant
The one thing to note, is that the report has been renamed to ‘content-aware DLP’ which is meant to highlight identification techniques that go beyond the basic keywords and pattern matching.
It helps differentiate the vendors in this report and helps parse out the ones that toss around the term ‘DLP’ just to grab customer attention.
The true DLP product developers/vendors in the leaders quadrant provide:
- the most comprehensive set of capabilities both at the network AND client
- technologies that prevent loss of a wide array of data, including regulated and IP.
- Breadth and depth in technological capabilities
- Innovation and vision to address data loss from a broader perspective
Don’t get me wrong, the rest may be suitable to address specific use cases, but in my view, they lack in various areas to truly approach data loss in a holistic fashion.
This is the third report of its kind from the team at Gartner. Other analyst firms have released their take on DLP and the technology vendors in this space. For example The Forrester Wave on Content Security also provides a great analysis.
On a side note: Great to see Websense pull off a 3-peat !
Having sensitive data leaked out to the public can have serious legal and financial implications. Here’s a step-by-step guide in ITBusiness.ca that discuses how SMB’s can ensure data isn’t leaking, while keeping costs down.
Though small to midsize organizations may think they lack the financial or technology resources to implement a full-scale DLP rollout, deploying an effective DLP solution to protect essential information at a manageable cost of ownership can be easy if they follow the following four key steps
