Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Re:Perspectives (Score 1, Interesting) 782

Well for starters, most of that work is done by our compliance folks. The group that I'm in just manages the infrastructure.

I'm fairly confident thought that spreadsheets would easily be detectable provided the information wasn't encrypted within the spreadsheets.

Most of the alerts are generated by folks themselves doing personal business while at work.

As for the stuff we might not be able to detect - again - encryption is key (pun intended).

But in all honesty a lot depends on the data classification, which is set by the data owner.

Confidential data is supposed to be encrypted while the data is at rest and while it's in motion.

In that regard the data leakage products aren't going to see it.

(Yes I know a malicious actor could just as easily encrypt our own precious data and send it to themselves undetected.)

Look, security is a balancing act. A company could make their network more secure than it is but no work could get done if they did. No company can be expected to plug all the holes that might exist, but you look for the highest risks with the largest impacts and you mitigate those risks accordingly.

Comment Re:Perspectives (Score 2) 782

For my Company, we're looking for patterns indicative of SSNs, credit card numbers, and certain keywords such as "confidential", "proprietary", or other keywords that refer to sensitive internal projects or other sensitive company information.

And Googling for information isn't "data leakage", because your activity is bringing information INTO the company (from the results of your Google search) so we don't care a lot about that.

Comment Re:Perspectives (Score 1) 782

SSH can't be proxied like SSL traffic. The reason SSL traffic works is precisely because of the existence of a wildcard certificate issued from a Trusted Root CA. (I also manage our PKI too).

But SSH — as a matter of good practice — should be heavily restricted. In other words, good security policy dictates you don't let anyone on your network blithely open up an outgoing SSH connection to any host on the Internet.

Comment Perspectives (Score 5, Informative) 782

Considering that I actually do this (Internet filtering) for a living for a medium-sized company let me tell you why we do it.

Data leakage.

We're concerned about an employee either accidentally or maliciously transferring customer data or other sensitive data to an unauthorized party.

We're also acutely aware of the liabilities and sensitivities imposed by us breaking the SSL channel, inspecting the payload, and then re-encrypting it on our employees behalf, which is why we go out of the way NOT to break the chain for sites that are healthcare or financial related.

But your Gmail is fair game.

Slashdot Top Deals

"It may be that our role on this planet is not to worship God but to create him." -Arthur C. Clarke

Working...