A colleague of mine, Bill Munroe, is VP Marketing at Verdasys, the first of the agent DLP vendors and the most established of the independent pure play DLP technology companies. (No. I do not have a business relationship with Verdasys). Bill has written a paper entitled “Protecting against Wikileaks events and the trusted insider threat” …
Read more »Almost every SaaS (software as a service) is based on REST or XML Web services. In this post, I’d like to provide a brief introduction to some typical threats and security countermeasures to protect Web services; Malicious Attack on the message The beauty of HTTP Web Services is that traffic flows through port 80 and …
Read more »Yes – there is apparently a White House directive to keep Wikileaks documents off Federal networks – according to a directive from the White House Office of Management & Budget on the treatment of classified documents. WASHINGTON, Nov 29 (Reuters) – The United States said on Monday that it deeply regretted the release of any classified …
Read more »With a delay of almost 10 years – SCIAM has published an article on the insider threat – WikiLeaks Breach Highlights Insider Security As one of the pioneers in the DLP space (data loss prevention) and an active data security consultant in the field since 2003 – I am not surprised when civilians like the …
Read more »So what is security anyhow? Security is not about awareness. A lot of folks talk about the people factor and how investing in security awareness training is key for data protection. I think that investing in formal security awareness training, internal advertising campaigns and all kinds of fancy booklets and cards for employees is a …
Read more »It’s one of those things that European-based information security consultants must ask themselves at times – why isn’t my phone ringing off the hook for DLP solutions if the European Data protection directives are so clear on the requirement to protect privacy? The central guideline is the EU Data Protection Directive – and reading the …
Read more »Are we in the same valley of death that held content management applications in the 90s? Where companies spent 6-7 figures on content management from companies like Vignette and over 50% of the projects never got off the ground? Tell me what you think in this Linked In poll – DLP success or failure
Read more »Reading through the trade press, DLP vendor marketing collateral and various forums on information security, the conventional wisdom is that the key threat to an organization is trusted insiders. This is arguable – since it depends on your organization, the size of the business and type of operation. However – This is certainly true …
Read more »A talk I give recently at one of our Thursday online workshops on data security More data security presentations from danny lieberman
Read more »Sophos has announced that they will soon include endpoint data loss prevention functionality in their anti-virus software. Developed in-house, Sophos will have an independent offering – unlike Websense, RSA, Symantec, Trend Micro and McAfee (who all purchased DLP technology) and have integrated it into their product lines with various levels of success (or not). The …
Read more »