Information AND network protection: Finding the right mix

How to secure critical and regulated data when network defenses aren't enough

1 2 Page 2
Page 2 of 2

To expand DLP capability on the network, Jones uses Blue Coat Systems' ProxySG appliance to proxy other outbound flows, including SSL traffic that it decrypts with an optional SSL decryption card. Outbound data transfers often hide in the commonly used SSL protocol.

"The DLP device is monitoring everything going out, looking for account information, card numbers and several other data types that we've deemed critical," says Jones, who also uses Code Green agents on his endpoints to prevent leakage through USB ports and wireless connections.

Ultimately, security of critical data will occur at flow and use points across the enterprise and beyond, O'Berry says. This, he adds, essentially means layering additional protections at the database, the endpoint, the network and Web.

Bellovin has the bottom line: "We need to think about the problem in a different way because what we're doing [with perimeter protections] isn't working. What we need is a more data-centric architecture with strong protections around the important data because security holes in the perimeter are inevitable."

Radcliff is a freelance writer covering computer crime. She can be reached at

Learn more about this topic

User-centric security begs for process overhaul

Security Trend Watch: the latest in enterprise defenses PDF

Reader survey: Top security trends Slideshow

Experts debate NAC: usefulness vs. cost Chat

Three IT technologies that matter for 2008

Identity monitoring and core security 

Compare Network Access Control products IT Buyer's Guide

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2