Sunday, May 06, 2007

Spector CNE and HTTP Traffic Cops

Remember when SPECTOR stood for Special Executive for Counter-Intelligence, Revenge and Extortion?** Now comes Spector CNE - one of a group of products I've been sniffing around in response to this question: What's to stop employees from copying and pasting confidential company data into blogs and Google App documents?

I've been putting this question to clients lately and not getting very good answers (where 'good'='good for their information security'). I don't feel comfortable sharing specifics on a public web page, but I think this is a big problem for some big companies. I also think this could become yet another front in the endless arms race between the good guys and the bad guys (where 'bad guys'='everyone from ruthless corporate spies to weak-willed individuals under stress, or merely under-trained.) So, if anyone knows of a good http traffic cop, or any other solution to this problem, I'd love to get your comments on it.

**If you already knew what SPECTOR stood for, then you already know the name of its on-screen nemesis. But do you know the make and model of the weapon said nemesis is brandishing in the famous black tie promotional 'shots' for the second movie in the genre? I will email an electronic copy of my privacy book to the first person who sends the right answer to scobb at scobb dot net.

1 comment:

Danny Lieberman said...

If you are a big company and you need a very good http traffic cop (as you put it) I would recommend Fidelis XPS (I'm not a Fidelis employee, but we are security consultants and we have installed a number of their systems at large accounts and it is a fantastic product in my personal experience).

Spector CNE is a very cool product but it requires installing client recorder software on every PC. This is a big downside for large companies.

Spector mitigates the threat of employee misuse of the Internet / AUP enforcement.
Spector uses a client recorder, which is software that must be distributed and installed on every PC in the organization. If the Spector client recorder is not installed - the system cannot detect anything.

The client recorder software can break Windows, Windows Update can cause the PC with the PC recorder software to become unusable. This happened to one of our clients who were using the Spector client recorder - After a Microsoft Tuesday update, all 500 users in the customer service center were unable to use their PCs.
This client went on to acquire a Fidelis XPS solution.

Fidelis XPS mitigates a wide range of threats to data assets:

* violations of corporate AUP, Internet misuse
* data loss from inside the network to public Internet services by employees and
* data theft from the network perimeter or DMZ by hackers
* data loss from elevation/abuse of privilege on corporate database servers
* data loss from exploits by hackers on Web application servers.

Fidelis XPS is based on a Layer 2 sniffing engine which intercepts content from the network at gigabit rates. It doesn't interfere and is totally invisible since it doesn't have an IP address. No client software is required.

Fidelis XPS is a bi-directional data loss prevention appliance and decodes and retrieves the data from the network in all protocols and file formats, mail, instant messaging, Web, Webmail, Oracle, DB2, file and print services, Active Directory and LDAP/Open LDAP.

This my experience and it's based on fighting in the trenches.

Danny Lieberman
Software Associates