January 24, 2005 10:27 AM PST
Putting a plug in insider leaks
On Monday, software maker Vontu introduced version 4.0 of its Vontu gateway, which sits on a network and monitors the content of e-mail and instant messaging messages. The San Francisco-based company said the product will stop e-mails that violate security policies from being sent.
"The ability to block the leakage of sensitive or confidential business information is of tremendous benefit and value to those individuals charged with minimizing data security and privacy risks," said Larry Ponemon, head of the Tuscon, Ariz., think tank the Ponemon Institute.
For years, companies have focused security efforts on keeping hackers out of their networks. But research indicates that insiders--employees, partners and contractors--cause more security problems than the average hacker.
Companies such as Vontu and its rival Vericept have built data interception products that monitor e-mail, instant messages, FTP files and other electronic communications on corporate networks, sniffing for leaks of sensitive information.
Up to this point, these products have only generated reports about insiders' behavior. Now Vontu will allow companies to filter traffic and block inappropriate messages, the company said. The software, which works in real time, can look for contextual clues in a message to determine whether or not it is all right to send. Policies can also be set so that specific information, such as a particular file containing software source code, can be directly matched and blocked.
The Vontu software only stops information from being sent over e-mail. It does nothing to prevent a partner or a disgruntled employee from downloading information onto a data stick via a USB port or printing the information and walking out the door with it.
Studies indicate that most security breaches are the result of well-intentioned employees inadvertently violating security policies. Vontu CEO Joseph Ansanelli said that the new release is intended to avert such breaches, but noted that such data interception products are only a small piece of the overall solution for businesses.
"Today, insider protection is at zero," he said. "With every release of our product, we're taking steps to increase that protection. I think the market will evolve very much like the firewall market did. First, you had gateway products protecting the perimeter, and now you have personal firewalls sitting on desktops."
There is one drawback: Because the Vontu product sits within the data path, monitoring and making decisions on traffic in real time, network performance suffers slightly, Ansanelli said.
Adoption of Vontu and similar products will likely depend on whether companies are willing to trade small efficiency losses for a much higher state of data security, Ponemon said.
"Many IT leaders view system efficiency or speed as their primary success measure," Ponemon said. "If IT leaders view these solutions as an incremental overhead burden, even products that reduce security risk may not be readily accepted by them."