Hi, I m Raj Dhingra, Vice President of Product Managementand Marketing at PortAuthority Technologies, and today we re going to talkabout why content filtering is not enough. If you re responsible for ITsecurity, there s the good news and the bad news. The good news is thatfirewalls, IDS, IPS and content filtering systems are doing a good job ofkeeping the bad stuff out. What s the bad stuff? Viruses, attacks and spyware.
However, companies are having a difficult time keeping thegood stuff in. And what s the good stuff? Your criticalinformation—that s your customer data, your business plans, financials,your intellectual property, designs and your source code. So are contentfiltering systems good enough to stop these kinds of threats? In the last sixmonths we ve seen a large number of data breaches occur, where thisconfidential information and customer data, including credit card numbers,social security numbers, source code and intellectual property has leaked frominside the organization to the outside.
According to a recent study by the Ponemon Institute, databreaches of these type cost in the range of $4 to 15 million per incident. Nomatter who you are, that s a lot of money. So let s talk about why contentfiltering is not enough.
First and foremost, content filtering systems rely onkeywords and patterns. As a result, they generate a lot of false positives.That;s number one, high false positives. So if you look at a typical keyword ora pattern, so let s take an example of zip + four. That s 94306-1212. That s azip code plus four. A content filtering system will identify that as a socialsecurity number, and we know that s a false positive.
Second, false negatives. Here you ve got a content filteringsystem, again, using a keyword or a pattern to be able to stop this sensitivecontent from leaking. As an example, I might be sending out a document that sclassified and I know that the content filtering system is looking forclassified or top secret. I can take those keywords out and now the contentfiltering system is not going to catch this document from leaking, making thesystem insecure.
The third risk is blocking communications. What contentfiltering systems do is either they can monitor or block the communications.Because of a lot of false positives, they re now going to start blockinglegitimate communication. So I might be sending out a really important email toa customer. With a false positive, the content filtering system will block itfrom reaching the actual customer itself.
So to summarize, content filtering systems have three keyrisks—very high false positives, high false negatives, and they willblock legitimate communications. What is really needed is a next generationapproach of content security that does not use keywords and patterns, but ishighly accurate and builds its accuracy based on actually learning your data,whether that s your customer data or your confidential information.
