Ask the Expert

Do information leak prevention products protect critical data?

How do information leak protection products use the network, and are they effective in protecting critical data?

    Requires Free Membership to View

Protecting organizations against an information leak is quite a challenge, and the technology to assist with this herculean task is relatively immature. However, there are several products on the market today that can help achieve this difficult goal.

The mechanisms used by content protection systems vary from one product to another. Most are based upon pattern matching or signature detection. The former requires administrators to provide patterns (e.g. regular expressions) that describe sensitive data. This technique is especially useful when you're attempting to detect outbound flows of Social Security numbers and/or credit card information. For example, you might use the regular expression "d{3}-d{2}-d{4}" to match a standard U.S. SSN consisting of ten digits hyphenated in the form xxx-xx-xxxx. Signature detection systems typically require administrators to "register" sensitive content with the protection system. Administrators can do so by uploading individual files, scanning a file share or integrating with a document management system.

When using a content protection system, it is important to have realistic expectations. These systems tend to require a great deal of administrative attention to install, configure/tune and operate. If you expect a "plug and play" product, you'll likely be disappointed.

More information:

  • Learn how Google Notebook can expose an enterprise's confidential information.
  • When building a database application, sensitive data is often made available unintentionally. In this tip, Michael Cobb explains how the information is leaked.
  • This was first published in March 2007

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: