Security tools target inside jobs

For a decade, corporations have erected perimeter defenses to keep Internet attackers at bay. Now IT managers are under pressure to deal with an even bigger challenge: keeping insiders from using the Internet to leak valuable business data.

The problem has given rise to a new generation of start-ups - including Verdasys, Vericept, Vidius and Vontu - focused on securing digital content and watching where it goes.

The latest company to enter the market is Tablus, which debuted last month and quickly picked up $7 million in venture capital from Menlo Ventures. Tablus and the other content-monitoring vendors have gateway-style products that let managers identify critical business data, including whole documents if need be, and track how this data is transmitted via e-mail, FTP or other means.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

For a decade, corporations have erected perimeter defenses to keep Internet attackers at bay. Now IT managers are under pressure to deal with an even bigger challenge: keeping insiders from using the Internet to leak valuable business data.

The problem has given rise to a new generation of start-ups - including Verdasys, Vericept, Vidius and Vontu - focused on securing digital content and watching where it goes.

The latest company to enter the market is Tablus, which debuted last month and quickly picked up $7 million in venture capital from Menlo Ventures. Tablus and the other content-monitoring vendors have gateway-style products that let managers identify critical business data, including whole documents if need be, and track how this data is transmitted via e-mail, FTP or other means.

"This is a growing trend in terms of monitoring employees," says Richard Mogull, research director in information security and risk at Gartner, which this June plans to issue its first report on the topic and advise clients they should be using content-tracking technology. "We finally have the tools to look at these insider security issues."

This new generation of content and audit tools represents a clear change from the past. "We've always had network forensics tools, like those from Niksun, [Network Associates'] Infinistream or [Computer Associates'] SilentRunner, that sniff everything," Mogull says. While great for a rear-view mirror analysis, they lack the real-time alert capabilities going into these newer content monitoring and audit products, he says.

Pressure to watch for so-called information leakage is coming from a host of laws requiring companies to safeguard financial and customer information, including the Gramm-Leach-Bliley Act, Sarbanes-Oxley Act, Health Insurance Portability and Accountability Act (HIPAA) and California's Database Protection Act of 2003. What's more, outsourcing is putting more business data in the hands of insiders outside the company.

Burton Group analyst Trent Henry says the content-tracking vendors "tackle a different problem than intrusion-detection systems [IDS]. They look at information flow and actual content."

But the technology is still new, faces the same questions of false positives that dog IDS, and doesn't yet let the transmission of unauthorized content be blocked. Regarding the latter, vendors such as Vontu say their road maps call for content blocking in the future.

As with any nascent market, customers can expect the usual rise and fall of the start-ups, with some being bought by larger network vendors and others simply dying out. "There will be shakeouts," Henry says.

Henry and Mogull say outbound content-tracking might end up as part of multi-function gateways involved in other types of content inspection, such as anti-spam and Web monitoring.