Over the last decade in the US, a growing labyrinth of privacy, disclosure, and trading regulations -- for example Sarbanes-Oxely and the Health Insurance Portability and Accountability Act (otherwise known as HIPAA) has forced many companies both small and large to take a closer look at how they guard senstive information from deliberate or inadvertent leakage onto the Internet or into the wrong hands.
Given the variety of paths that sensitive data can follow into the wild -- email, Web forms, FTP, instant messenging, etc -- and how quickly and easily a Pandora of data can get out of the box, never to be returned again, there now exists a crop of security solutions that attempt to keep a lid on the situation by inspecting content before it exits a company's network and comparing it to a set of policies that are typically set and enforced by lawyers and security personnel (for example, a chief security officer).
Next week, the long list of solution providers in the this security niche will be joined by Code Green Networks and it's Content Inspection or "CI" 1500 appliance (pictured below) - a solution that at bare minimum costs $25,000 but that, according to the company's founder and CEO Sreekanth Ravi, includes some patented "fingerprinting" technology that may merit your attention should you be in the market for this kind of security.
Ravi came to my home office to talk about the CI1500 and the sorts of applications like FTP, e-mail, Instant Messaging, and the Web that the appliance keeps an eye on. What should you be looking for in a solution like this? Well, it obviously depends on what your needs are. Not all of the solutions in the market are appliance-based. Some are software-based (and simply install on one of your network servers). Some of the questions that come to mind are:
- What are all the apps that the solution is capable of inspecting?
- What does the solution do when it encounters encrypted traffic (eg: https or encrypted ZIP files)?
- Does the solution easily integrate with content management systems (where a lot of intellectual property and sensitive data are often stored)?
- How scalable is the device? For example, while it is busy examining all the e-mails going in and out of an organization, will it also be able to keep up with instant messaging traffic in real-time and if not, does that mean you have to buy more of the product and at what expense?
In the interview, Ravi has answers to these and many more questions some of which are transcribed below. Here's some video from the interview.
In addition, we have an image gallery of screen shots that shows the sorts of screens that a "content authority" (for example, an IT security analyst) might see when keeping close tabs on the CI1500's management console (what Ravi refers to as a dashboard).
Using the Flash-based player above, you can stream the podcast directly to your desktop, download it, or if you're already subscribed to ZDNet's IT Matters series of podcasts, it should appear automatically on your desktop/notebook or portable audio playback device (depending on how you have your podcatcher configured). For more information on how to tune into ZDNet's podcasts, check our How-To.
ZDNet: So first, let's talk about what Code Green Networks does...
Ravi: So Codegreen is all about protecting company IP, protecting information from leaking out of the network. Things like internal memos, engineering source code, [Computer Aided Design (CAD)-based] designs, you know, the whole plethora of information that is proprietary to an organization.
ZDNet: For example, just rattle off a few applications you support.
Ravi: Any [part] of the Microsoft Office suite, Adobe PDF, AutoCAD files, those would be some of the more common examples. Some of our customers are using it to inspect the transmission of source code. And because that has happened to both Cisco and Microsoft, where the crown jewels, the Microsoft Windows Operating System source code and the Cisco IOS source code were posted by disgruntled engineers on a public FTP site and within the first 24 hours, thousands of downloads happened as you can imagine,.....we can stop that sort of activity...we can certainly monitor that activity.
ZDNet: I suppose there is intellectual property that's locked up in special document management systems, do you support those as well?
Ravi: That's correct, so we have a product that is now certified by both EMC and Oracle, so we can actually connect to those content management systems using what we call "connectors" and actually read that information, read the meta-tags that are associated with those documents and determine intelligently which documents should be "fingerprinted" and which don't have to be.
ZDNet: Within a company, where is the biggest threat? Is it the disgruntled employee? Because you often hear that the biggest danger isn't the outside hacker, it's somebody inside the company. And the first thing that comes to mind is that maybe there is an employee with a chip on their shoulder, maybe there is somebody who is very disgruntled about something that happened and is looking to do harm to the company...is that the biggest risk?
Ravi: Conventional wisdom would point to that and that's what we thought when we first started down the path of development of the product. But what we found very quickly is that it's the inadvertent posting of information or release of information that's the bigger threat to the organization. So, on a best effort's basis, companies and CIOs will take different tactics to try and protect against that. But at the end of the day, this has happened to me and it's probably happened to many other people, you're typing in an e-mail address into Microsoft Outlook and with the auto-expand feature, it expands to the wrong address, you click the send button and out [the e-mail] goes...or somebody sends you an e-mail from the outside in, and it contains proprietary information, when you click reply and add some other people to the recipient list, there's a thread of information that's in that e-mail string that might be proprietary and that shouldn't be forwarded. So, those are the types of examples of inadvertent release of information and we can protect against that, so we can monitor that flow, help to characterize what the level of risk might be for that particular network, and then start enforcing some of those policies.