Page 27 - CDM Cyber Warnings February 2014
P. 27
blocked. When it is blocked, there is several actions that these by automatically removing other information such as
can occur from the sender being notified to the sender�s that hidden in document properties, comments or revision
manager or even to a Data Privacy Officer (DPO) or other history. It can also remove active content, such as macros
official role. It is then up to the person notified to decide and embedded applications and because the solution is
whether the communication was legitimate or not and so direction agnostic, it is just as effective on inbound traffic
whether the message (or file) should be released. Whatever as outbound. For several banking organizations it is just as
the outcome there has been a delay to the business important to keep credit card information off their network
transaction or collaboration that was in progress. While the as it is for others to keep it inside. While for many military
outcome is a good one in the event of an APT trying to networks, no documents can be received with active content.
transfer information, either through the web or by using From the APT perspective, where it is attempting to steal
email, for the vast majority the outcome is less good – and critical information, this behavior means that the recipient,
so DLP solutions often remain shelf-ware, or at best the cyber-thief, will receive the file they have requested –
deployed as a minimal implementation. but all the critical information will have been removed.
Furthermore there will have been an alert to notify both IT
For many communications, it is not the communication as and the DPO of the attempt. The solution will have, in
a whole that is at fault, but rather a small part of it. Let�s take effect, stolen the information back from the thief – before
a real example. A customer places an order and (some they even saw it.
would say foolishly) includes their credit card details, or
bank account number in the email. The orders department Come and visit Clearswift in the RSA2014 exhibition hall
hits �reply� to the email to say �thank-you� and at that point to get a demo of just how effective Adaptive Redaction is at
they break the PCI DSS (Payment Card Industry Data thwarting the APT and enabling continuous collaboration
Security Standards) regulations – as they would be sending by creating a DLP solution that any size of organization can
out information that they shouldn�t. Traditional DLP would effectively deploy.
catch the error and block the response – however, then the
customer doesn� t know if their order has been received, the About The Author
Dr. Guy Bunker is the CTO and Senior Vice President of Products for UK
DPO will need to investigate and even the corporate audit based security company Clearswift Ltd and is an internationally renowned IT
team can become involved. All for one small piece of expert with over 20 years’ experience in information security. Before joining
Clearswift in October 2012, Guy was a Global Security Architect for HP. He
information which was inadvertently miscommunicated. has recently authored a paper on security for the Elsevier Information Securi-
ty Technical Report and co-authored the European Network and Informa-
tion Security Agency (ENISA) report on cloud security. Previously, Guy was
Adaptive Redaction is part of the next generation DLP
Chief Scientist for Symantec Corp. and CTO of the Application and Service
solution. Not only does it discover the information which Management Division at Veritas (acquired by Symantec).
is in breach of the policy, but it can also automatically
Guy is a frequently invited speaker at conferences, including CDANS, AGC
remove it, thereby preventing the leaking of the Partners, RSA, EuroCloud and InfoSec. He has made many appearances as
information created by unauthorized access. So, in this case an IT expert on television, radio and in the press. He is a member of the
Board of Management and spokesperson for The Open Group’s Jericho Fo-
the credit card number is removed and the email response rum and an expert for the European Network and Information Security
continues to the recipient. The sender can be notified of Agency (ENISA).
their error (which helps in training and awareness) but the Guy is a board advisor for several small technology businesses and has pub-
communication has continued without interruption to the lished books on utility computing, backup and the best-selling “Data Leaks
for Dummies” on data loss prevention. He holds a number of US patents and
business. is a Chartered Engineer with the IET.
Guy can be reached online at (email: guy.bunker{at}clearswift.com, twitter:
Of course in today�s world, this is not just about email, it is @guybunker, http://www.linkedin.com/pub/guy-bunker/0/35b/844 ) and at
also about documents as well, and these carry additional our company website http://www.clearswift.com/
�hidden� risks. Adaptive Redaction can help ameliorate
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 27