Archive for October, 2009
Conficker needs application control
by Rupert Beeby on Oct.13, 2009, under Endpoint Software Packages, Industry News, data security, data security trends
Latest reports on conficker infections include not only Ealing Council (see previous post) but also Oxford Brookes University, Manchester City Council and Whipps Cross University Hospital NHS Trust. Prior to this, the Houses of Parliament and Ministry of Defence were infected.
So AV has been proved to be powerless with this worm and even the DLP vendors do not have any defence as they tend to focus on information passing out of the organisation. Application control should be a part of a DLP solution to stop worms from running and spreading to the rest of the organisation. In most cases it is not as AV and most DLP is focused internally not at the endpoint which is the highest risk. Maybe Windows 7 will save us but how many will implement the application control features and AV and DLP. Not many I fear - Take a look at our sponsors product and if implemented will protect against zero day attacks and Conficker worms as well as the normal DLP features.
Sophos gives away Data Loss Prevention Software
by Rupert Beeby on Oct.13, 2009, under Industry News, data security, data security trends
It has been reported that Sophos will be giving away programs to prevent loss of sensitive information from organisations under the banner of DLP. Sophos, who purchased Utimaco a little over a year ago for their encryption technology will be distributing the programs to customers who have bought Sophos AV.
What is clearly a sales tactic, it will cause concern to the other vendors of DLP products such as Symantec and McAfee who have traditionally charged customers large amounts for their products. It does introduce an important new turn that DLP is an adjunct to AV rather than a fundamental part of corporate security. Will all the other vendors be forced to follow suit? I hope not as the issue is that customers who take up the Sophos offer, will falsely believe that they are protected when clearly they will not. As can be seen by the number of organisations that have fallen victim to the Conficker virus, AV can be disabled but a decent DLP product would have stopped.
I hope that other DLP vendors will give away DLP as serious customers will realise that you get what you pay for and leave the field clear for serious DLP vendor products and support models to match.
