Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
C. Warren Axelrod

Data Loss (or Leak) Prevention (DLP) – Damming the Estuary

Once over the surprise that a general computing association, as opposed to one only focused on security, was so prescient in this space, I realized that these general rules, had they been applied when first espoused, would have very much limited the problem that we have today with ubiquitous data and inadequate controls. Note especially the first two items. They are suggesting building the dam closer to the source of the data river. All the rules, save perhaps the third, are about how to avoid much of the problem rather than the prevention of data leaking from a river that is already bursting its banks.

Once you begin to think about the root causes of today’s security problems, rather than merely how to treat the symptoms, one arrives at a whole new level of understanding. Thus, when reviewing a chapter that AT&T’s CISO,  Ed Amoroso, has written for an upcoming book (Enterprise Information Security and Privacy, Artech House, March 2009), which I co-edited with Jennifer Bayuk and Dan Schutzer, I was struck by Ed’s explanation as to why botnets are proliferating so wildly. Most security folks will tell you that it is due to malware creators getting smarter or the inadequate protection most users put on their PCs and their lack of willingness to keep the protection tools current. But Ed put it another way. He said that a major part of the problem stemmed from the amount of pirated software that is out there. Individuals running pirated software are not on the lists of registered users who receive automated updates or notifications. Hence, all these machines operating with stolen software are more vulnerable as their protection is out of date and more readily used as zombies for botnets.

One Comment

  1. Rob Lewis Jan 20, 2009 at 8:39 am | Permalink

    A very insightful post. There is a problem with Mr. Amaroso’s thinking though. A patched and updated computer does not make it secure. Perhaps it removes the lowest hanging fruit, but reactive technologies such as we depend on today can’t defend against zero day attacks, so there would still be bot armies.

Post a Comment

Your email is never published nor shared. Required fields are marked *