computerwoche.de

Archiv

Border patrol

06.03.2006
It's not what's coming into the corporate network that concerns Gene Fredriksen. It's what's going out. For the chief security officer at securities brokerage Raymond James Financial Inc. in St. Petersburg, Fla., leakage of sensitive customer data or proprietary information is the new priority.

The problem isn't just content within e-mail messages, but the explosion of alternative communication mechanisms that employees are using, including instant messaging, blogs, FTP transfers, Web mail and message boards. It's not enough to simply monitor e-mail, Fredriksen says.

"We have to evolve and change at the same pace as the business," he explains. "Things are coming much faster."

So Fredriksen is rolling out a network-based outbound content monitoring and control system. The software, from San Francisco-based Vontu Inc., sits on the network and monitors traffic in much the same way that a network-based intrusion-detection system would. But rather than focusing on inbound traffic, Vontu monitors the network activity originating from Raymond James' 16,000 users. It examines the contents of each network packet in real time and issues alerts when policy violations are found. Fredriksen could also configure it to block that traffic, but he doesn't plan to use that feature right away.

Unlike security tools that protect specific applications such as e-mail or instant messaging, network-based content monitoring and control tools take a broad-brush approach, examining all traffic that crosses the network. Tools such as e-mail filters address part of the content security puzzle but only recently have begun to focus on outbound content. In contrast, network-based products offer more sophisticated linguistic analysis techniques to identify and block the transmission of protected content.

Network-based systems do more than just rule-based scanning for Social Security numbers and other easily identifiable content. They typically analyze sensitive documents and content types and generate a unique "fingerprint" for each. Administrators then establish policies relating to that content, and the system uses linguistic analysis to identify sensitive data and enforce those policies as information moves across the corporate LAN. The systems can detect both complete documents and "derivative documents," such as an IM exchange in which a user has pasted a document fragment.