Interview

Code Green pitches data protection for SMBs

Bill Brenner
Why cater to smaller companies?
The local community bank or credit union must comply with the same federal and state regulations that a company like CitiGroup must comply with, and yet they don't have the same IT resources or budget to do that. A recent survey by the Small Business Technology Institute showed that two-thirds of small businesses in the U.S. don't have an information security plan in place, and more than half experienced a security breach. Smaller customers tell us they don't have risk compliance teams on staff as larger companies do, and the complexity behind the rules and regulations is something they want to be turn-key. And so we've designed our CI-750 appliance to meet their needs. We made several dozen policy templates that use plain English. They're called California 1386, PCI DSS, GLB, HIPAA, and so on. A lay person who does double duty as compliance officer and IT administrator in a small credit union doesn't necessarily have the time to read through and understand all the details of these regulations, so we make it very easy for them. They also want the appliance to be very easy to use. Describe the specifications of the technology.
The CI-750 is an entry-level solution for small offices or branch offices with about 50-250 users. It protects sensitive data from leaving the network by monitoring content flows and automatically enforcing protection policies to log, alert, retain, block, encrypt or re-route transmissions across all popular Internet

    Requires Free Membership to View

communications channels -- email, Web, IM, FTP, WebMail, blogs and wikis -- and all popular WebMail services including Google Gmail, MSN Hotmail, AOL Mail, Windows Live Mail and Yahoo Mail. It uses the same software as Code Green's mid-sized appliance (CI-1500) with a scaled-down hardware platform that keeps the price under $10,000. You've marketed Code Green as a pioneer of deep content fingerprinting and you've put out a whitepaper on the subject. How does it work?
Smaller customers tell us they don't have risk compliance teams on staff as larger companies do, and the complexity behind the rules and regulations is something they want to be turn-key.
Sreekanth Ravi,
CEOCode Green Networks
To protect confidential information, effective identity management and access controls are necessary, but not sufficient. They must be augmented with an inspection and enforcement capability that can actually monitor network traffic, detect unauthorized attempts to transfer confidential content and intercept them. To do this, the content security solution must capture and store a representative signature of the content to be protected. It then compares this signature, at wireline speeds, to content being transmitted on the network. If it detects a match, it can then invoke the appropriate pre-defined security policy such as logging, quarantining and/or blocking. This methodology must scale to the enterprise level, where billions of bytes of confidential content are flowing through the network. Traditionally, digital documents have been compared using hashes of entire files. Using this method is simple and sufficient for reliably detecting exact matches that may be sent outside of a company's secure intranet. But detecting partial copies or near matches is far more complex and requires a new, unique and robust technology. The digital workflow of today's enterprises requires a content fingerprinting methodology that reliably and accurately detects derivatives of a confidential document in various and multiple arbitrary file locations. This methodology is what we call Deep Content Fingerprinting. The Code Green whitepaper discusses the use of red lists and green lists. Explain that a bit.
During content registration the unique content fingerprints are sorted in the content fingerprint database and can be designated as either RedList or GreenList fingerprints. RedList fingerprints register confidential content that is to be protected. The GreenList contains fingerprints of non-confidential content that are not subject to protection. Greenlisting improves the efficiency of the appliance by dramatically reducing the incidence of false positives. Authorized users can perform a RedList crawl to register confidential content, or a GreenList crawl to register non-confidential content. Later, when a user attempts to transmit information, the transmitted information is fingerprinted and then compared to the fingerprints stored on the RedList and GreenList. Let's talk about your hopes for Code Green in the face of all the consolidation we've seen in the IT security market. Is there a scenario where you'd be willing to sell Code Green to another company, or is the goal to stay independent?
We've raised $32 million in equity so we have a couple venture partners with significant ownership in the company as well as board representation. As a group we would do what's best for the stakeholders, including the employees. In the short term, though, our obvious plan is to keep growing as an independent company.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: