Tag Archives: Fidelis XPS

SOX IT Compliance

Compliance, Risk management, , , ,

A customer case study – SOX IT Compliance

We performed a Sarbanes-Oxley IT top down security assessment for a NASDAQ-traded advanced technology company. The objectives for the study were to evaluate the internal and external threats that impact the company’s information assets. Using the Business threat modeling (BTM) methodology, a practical threat analysis PTA threat model was constructed and a number of threat scenarios were analyzed. Data was collected using structured interviews and network surveillance (with a Fidelis XPS appliance). Assets were valuated by the CFO and the IT security operations and technologies were valuated by the CIO. The output of the study was a cost-effective, prioritized program of security controls.This program was presented and approved by the management board of the company- leading to an immediate cost savings of over $120,000/year in the information security budget.

The detailed threat model was provided to the client and is currently used to perform what-if analysis and track the data security implementation. 

Download the data security case study and download the data security report to the management.

Conclusions

  1. The bulk of the security budget is currently spent on sustaining network perimeter security and system availability. Not surprisingly, these countermeasures are not particularly effective in mitigating insider threats such as lost or stolen hardware and information leakage, which now dominate the company’s risk profile.

  2. In corporate IT Security operations: The two major data security systems that were purchased in 2007, Imperva and Fidelis XPS Extrusion Prevention System have not yet been fully implemented and do not provide the expected benefit. To be specific, Imperva needs to be able to produce real-time alerts on violations based on logical combinations of OS user, DB application and DB user. Fidelis needs to be deployed in the subsidiaries. Monitoring from both systems needs to become a daily operational tool for the security officer.

  3. In the Asia Pacific region: Loss of notebooks to the tune of 2-3 / quarter is a major vulnerability although content abuse of the corporate network is assessed as negligible due to cultural factors.

  4. In general: Publicly facing FTP servers must be monitored carefully for violations of the company acceptable usage policy. In the course of the risk assessment, we discovered strategic plans and proprietary source codes that were stored on publicly accessible FTP servers.

Tell your friends and colleagues about us. Thanks!
Share this
Email, RSS Follow

Spector 360, data loss prevention tool?

Data leakage, Internal security, , , ,

Remember the “The  Phil Spector Sound”? (I grew up on rock and roll just outside of Philly and when you say Spector, I associate it with  Phil Spector or Arlen Spector – my mind is just wired that way….

A business partner of ours in a developing country asked me a security product question today. What is the difference between Spector CNE and Fidelis XPS.   Or translated – what is the difference between desktop software on your PC that tracks your keystrokes and surfing habits and a network gateway data loss prevention/extrusion prevention system.

If you are a big company and you need a very good http traffic cop I would recommend Fidelis XPS (due disclosure – my company, Open Solutions, is a Fidelis business partner. We have installed a number of their systems at large accounts and it is a fantastic product in my personal experience).

This is what I told him.

Spector CNE is a very cool product but it requires installing client recorder software on every PC. This is a big downside for most companies.

Spector mitigates the threat of employee misuse of the Internet / AUP enforcement.
Spector uses a client recorder, which is software that must be distributed and installed on every PC in the organization.  If the Spector CNE client recorder is not installed – the system cannot detect anything.

Client side recorder software can break Windows,  Windows Update can cause the PC with the PC recorder software to become unusable.   This happened to one of our clients  – after a Microsoft Tuesday update,  all 500 users in the customer service center were unable to use their PCs.
This client went on to acquire an extrusion prevention solution from Fidelis.

Fidelis XPS mitigates a wide range of threats to data assets:

  • Violations of corporate AUP, Internet misuse
  • Data loss from inside the network to public Internet services by employees and
  • Data theft from the network perimeter or DMZ by hackers
  • Data loss from elevation/abuse of privilege on corporate database servers
  • Data loss from exploits by hackers on Web application servers.

Fidelis XPS is based on a Layer 2 sniffing engine which intercepts content from the network at gigabit rates. It doesn’t interfere and is totally invisible since it doesn’t have an IP address. No client software is required.

Fidelis XPS is a bi-directional data loss prevention appliance and decodes and retrieves the data from the network in all protocols and file formats, mail, instant messaging, Web, Webmail, Oracle, DB2, file and print services, Active Directory and LDAP/Open LDAP.

This my experience and it’s based on fighting in the trenches. Comment on this entry and let me know what you think.

Tell your friends and colleagues about us. Thanks!
Share this
Email, RSS Follow

Preventing data loss or reacting to data loss.

Data leakage, Internal security, , , , , ,

I love New York but I live in Israel.

DLP (Data Loss Prevention or extrusion prevention) is an important category of IT security that helps protect data from leaving the network. Keeping the good stuff in, as opposed to keeping the bad guys out.

Israel has a booming IT security industry with Checkpoint, Radware, Algosec, Cyberark, Aladdin, Allot, Yoggie, Adi Shamir and numerous small security startups.  It’s hard to show a customer something new.   There is a lot of innovation in security here and  just about everybody has a Checkpoint firewall.  In Israel, Checkpoint is a de-facto gold standard for security product features.  Gil Schwed would like to see DLP in the gateway but Checkpoint is still at the strategy stage with DLP apparently – as a result a lot of Israeli companies have passed on this technology.

Websense acquired an Israeli company a couple years ago called Port Authority, which is a really strange name for a content inspection system and even more weird if you had ever been in the seedy old Port Authority terminal in New York on 42d street back in the 60s and 70s – with the dirt, gasoline fumes and the most variegated types of humanity to be found on a New York street – prostitutes, con men and transvestites….

Anyhow, I digress.

A colleague asked me this week to compare Fidelis XPS Extrusion Prevention system with Websense DLP. This is more or less what I told him:

For larger firms – Fidelis XPS is the best fit you can get, being extremely scalable, easy to install and economical to maintain.  If you run a business unit with a Microsoft network of up to 1000 users and well defined requirements to prevent leakage of MS Office documents; Websense is a viable option.  See points 1-3 below:

1) With Websense you have to classify and index your documents.  The server that does that creates a  man in the middle vulnerability and adds load to your Windows file server – since the scanner is constantly hitting documents on the file server.  Introducing MITM vulnerabilities and more load on your Windows file and print servers are two headaches I would try to avoid.

2) Conceptually, the Websense DLP product is designed for outbound traffic and doesn’t play in the internal security space.

Fidelis XPS is based on NCP – a Layer 2 sniffer with full session reassembly running at full 1GB/s. Websense uses inline forward proxies and appears to melt down at less than 100MB/s.  A forward proxy can be exploited and is blind to a wide variety of data leakage attacks – for example –  sending data with an HTTP GET command to an external server. That’s a trivial exploit and easy way to steal data, The new Fidelis XPS Internal product supports DB2 and Oracle and is an effective way for preventing data loss inside the network, elevation of privilege and abuse of privilege.   Abuse of privilege by an outsourced Oracle DBA is a vulnerability that is mitigated extremely well by Fidelis XPS Internal.

3) Conceptually, Websense DLP assumes that you know how to classify your data   Fidelis XPS enables data classification, of course, but  all  my active Fidelis XPS  users have found that Fidelis XPS is extremely good at discovering new vulnerabilities. The Fidelis XPS Command Post is a lot like one of those real-time early warning systems where you can see terrorists spinning up mobile missile launchers.

It’s like this, I told my friend. it depends if you think about security from a defensive or a strategic perspective.

If you think about security from a defensive perspective, you think you know everything and you don’t have too big a business unit to manage (i.e. you’re an Israeli) – go ahead and buy Websense.

If you think about security from strategic perspective, you think you have a lot to learn and you’d rather block high-profile attacks (first shooter advantage) and get an early warning of new inbound threats – you are thinking about security from a strategic perspective. Get Fidelis XPS.

Tell your friends and colleagues about us. Thanks!
Share this
Email, RSS Follow