Angling to Guard Inside Information

With so many companies worried about malicious hackers breaking through the company firewall to steal information, it’s easy to overlook that data traffic is a two-way street.

That’s why security firm Oakley Networks hopes it has a winner on its hands with the commercial launch of SureView, which alerts network administrators when data makes an illegal u-turn past the firewall.

SureView is an appliance that sits behind the firewall tracking instant messages, e-mails, file systems, USB storage devices, printers, Microsoft Office and a range of other applications for activities and information that trigger violations to defined rules and policies.

If one of those rules or policies is triggered, the Oakley application sends an alert to the appropriate manager, who can then use a feature called SurePlay — which is a record of the activities that took place — to determine whether the alert is an actual breach-in-process or a legitimate need.

Derek Smith, the company’s CEO, said the reliance on firewalls and intrusion detection systems (IDS) alone to protect company data, customer information or intellectual property is outdated and risky. Existing data gateways, he added, don’t live up to the task, either.

“There’s a lot of companies that sell packet-sniffing gear that you can install at the gateway but they’re blind to a few things that make it an ineffective solution,” he said, notably with mobile devices that access the network outside the firewall and encrypted data used to hide illicit activity by employees.

In many ways, SureView is a keylogger on steroids, able to keep track of all the text floating through the corporate network — whether its people typing in Yahoo Mail or AIM, or a block of text in Notepad — and analyze it against any one of the thousands of rules Oakley has already created. Custom rules can also be created with relative ease.

In order for SureView to work, agents are installed on the devices that connect to the network. The agents hold the rules the company wants enforced; when someone performs an activity that violates one of the rules, say printing out a customer list, it triggers the alert to the administrator. SurePlay records all the activities leading up to the action that caused the trigger for easy “playback.”

Internal data breaches don’t make the news very often because companies are loathe to publicize the fact their information got away from them, but they do occur. According to financial services firm Deloitte’s third annual global security survey, published in June, 35 percent of those who participated in the survey reported attacks from an internal source, a 21 percent jump from 2004.

Whether a malicious hacker is able to get past the firewall or a disgruntled employee is able to load up a pen drive, the end result is the same — angry customers with missing data or a competitor with the specifications on your next product.

Data security has been a hot issue with policy makers this year after ChoicePoint, LexisNexis, and the Bank of America announced data losses or breaches.