technologies

Software vendor CA Technologies is best known for its mainframe, business-to-business and distributed computing offerings. As an expansion of its enterprise-based offerings, the company also offers a data loss prevention suite called CA Technologies Data Protection. Formerly known as CA Technologies DataMinder, CA Technologies Data Protection is capable of supporting large enterprises with thousands of users and desktops. The DLP software suite components include CA Data Protection Endpoint, CA Data Protection for Networks, CA Data Protection for Stored Data and CA Email Supervision.

Data scanners

This CA Technologies Data Protection suite is able to protect data at rest, data in transit and data in use. It also integrates with CA Technologies Identity and Access Management products to allow access to sensitive information based on content and data classification. CA Technologies Data Protection is also able to quarantine data and protect sensitive information by granting or blocking access based on the reviewer's access privileges.

Endpoint agents

CA Data Protection Endpoint agents are application plug-ins for securing data at rest that execute on an endpoint device. These agents can monitor user activity and execute capture and control actions based on DLP policy. They either work with a gateway server or report directly to the DLP central management server. The agents are also able to continue policy enforcement even if disconnected from the central management server. CA Data Protection Endpoint is able to encrypt data sent to removable media. This action is controlled in part by the Client File System Agent (CFSA). In addition to monitoring local file copy actions, the CFSA is able to enforce policy for synchronization folders connecting to cloud resources such as Drop Box.

Network security

The CA Data Protection for Networks network appliance is able to control SMTP, web browser, webmail and social media HTTP/HTTPS traffic, instant messaging and peer-to-peer messaging such as Skype. Using SPAN ports, it can function as a passive DLP monitoring tool or be deployed in line to block sensitive data traffic, including decoding SSL traffic while inline.

Stored data

CA Data Protection for Stored Data secures data at rest by protecting and controlling sensitive information stored in network file shares and document repositories, public folders, ODBC sources and information collaboration servers such as Microsoft SharePoint. It can recognize and classify over 300 file types including HTML, XML, ZIP and others. CA Data Protection for Stored Data can also conduct full and partial fingerprinting of text and graphical content in order to the file content's transmission and usage. The product's scalable and distributed architecture enables file scan rates of up to 500 gigabytes per hour.

Email data

CA Email Supervision controls and reports on sensitive email in motion and at rest for popular email servers such as Microsoft Exchange and Lotus Domino as well as mail transport agents such as sendmail and postfix. The CA Email Supervision lightweight agent is deployed at the email sever and supports any number of email policies designed to product an organization from potentially criminal as well as unintentional sensitive data exposure. Supported email endpoints include laptops, virtual desktops and smartphones for DLP controls inside and outside the corporate network.

Summary

CA Technologies' DLP suite offers several components and features designed to address a wide array of data protection needs for large enterprises. CA Data Protection cover endpoints and data in use as well as data in transit on the network, data at rest in storage or databases, and mobile and cloud data as well. The product suite comes with 24/7 technical support from CA Technologies; free training and educational courses are also available for customers. Organizations interested in pricing and licensing terms for CA Data Protection products should contact the vendor or authorized CA reseller partners.

Next Steps

Part one of this series looks at the basics of data loss prevention products

Part two examines the business case for DLP products

Part three explores usage scenarios for DLP products

Part four focuses on procuring DLP products

Part five offers insight on selecting the right DLP product

Part six compares the best DLP products on the market

This was last published in November 2016

PRO+

Content

Find more PRO+ content and other member only offers, here.


SearchSecurity: Security Wire Daily News

The European Union has published its proposal (PDF) for a revised Regulation on the export of dual use goods. The primary purpose is to overhaul and simplify the existing controls that were designed to limit the proliferation of weapons of mass destruction (WMDs); but it also introduces new controls over the export of cyber surveillance and computer intrusion tools.

More explicitly, it aims at preventing "the misuse of digital surveillance and intrusion systems that results in human rights violations" in line with the 2015 Human Rights Action Plan and the EU Guidelines for Freedom of Expression. New laws are necessary because existing legislation does not provide sufficient control over cyber-surveillance technologies.

It is a difficult area since cyber-surveillance and intrusion are both recognized as legitimate practices for some governments and some law enforcement agencies (especially in the name of national security). The problem is to allow and even simplify sales and exports to acceptable companies and governments while restricting it from those companies and countries that might use it to abuse the human rights that are protected by the EU constitution.

Misuse of these technologies can have -- and have had -- dire effects; and this is explicitly acknowledged by the EU. These technologies, notes the Introductory Memorandum, have "been misused for internal repression by authoritarian or repressive governments to infiltrate computer systems of dissidents and human rights activists, at times resulting in their imprisonment or even death." Under such circumstances, it goes on, continued export of cyber-surveillance runs counter to the EU's own human rights requirements, "such as the right to privacy and the protection of personal data, freedom of expression, freedom of association, as well as, indirectly, freedom from arbitrary arrest and detention, or the right to life."

The EU's proposed solution "sets out a two-fold approach, combining detailed controls of a few specific listed items with a 'targeted catch-all clause' to act as an 'emergency brake' in case where there is evidence of a risk of misuse. The precise design of those new controls would ensure that negative economic impact will be strictly limited and will only affect a very small trade volume."

Privacy International (PI) is one of the organizations that has long campaigned for stricter rules on the export of surveillance technologies. In a recent report (PDF) published in August 2016, it called for a new approach combining corporate social responsibility with export restrictions. "While pro-active due diligence on the behalf of companies is a necessary start," it suggests, "without instruments capable of restricting transfers and shining a light on the companies and the trade, surveillance technologies developed in and traded from the West will further undermine privacy and facilitate other abuses."

The export of encryption technologies is also covered in the new proposal. Encryption is considered 'dual use' and therefore regulated by many countries. However, different countries have different standards, and the EU has concluded that this gives those countries an unfair trading advantage.

The proposal is expected, says the Memorandum, "to improve the international competitiveness of EU operators as certain provisions - e.g. on technology transfers, on the export of encryption - will facilitate controls in areas where third countries have already introduced more flexible control modalities. The proposal's new chapter on cooperation with third countries is also expected to promote the convergence of controls with key trade partners and a global level-playing field, and thus to have a positive impact on international trade."

Details of the new Regulation were leaked in July. Since that time PI has lobbied the EU for additional improvements. In a statement sent to SecurityWeek, PI comments, "The eventual proposals only differ slightly however, with the main change being that the definition of 'cyber-surveillance' technology has been narrowed. The actual annex which contains a detailed list of what technology has been subject to control has also been published. In addition to spyware used to infect devices, mobile phone interception tech, and mass internet monitoring centres, the Commission has proposed to add unilateral EU categories. Currently these are listed as telecommunications monitoring centres and lawful interception retention systems."

While PI welcomes the new regulation, it believes it could be better and should have been done much sooner. It points out that more than half of the world's surveillance companies that it has identified are based in the EU, and that it has been known since 1979 that "a UK company had provided the necessary wiretapping technology to the genocidal regime of Idi Amin in Uganda." 

The proposals, says PI, "encapsulate the best and worst aspects of the European Union. Their stated intent reflects Europe's commitment to fundamental rights, and - as a regulation - it will be binding on all member states, massively magnifying the effect of any legislation. But it adds, "The policy making process has been marked by technical and bureaucratic complexities detached from individuals, making it vulnerable to the interests of industry, powerful national governments, and civil society."

FinFisher GmBH and the Hacking Team are two EU companies that are likely to be affected by the new regulation. This would also have included Vupen if it had not closed down and resurrected itself as Zerodium in the US.

view counter

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Previous Columns by Kevin Townsend:

Tags:


SecurityWeek RSS Feed

Accelerated change challenges change management, security devops, and emerging technologies that enable business innovation and opportunities demand fast, frequent change from the enterprise. The speed and regularity as well as the kinds of change challenge change management and ultimately security.

To secure the enterprise in environments of unwieldy change, the business needs to know how each new technology affects change management and the organization's security defenses.

[ An InfoWorld exclusive: Go inside a security operations center. | Discover how to secure your systems with InfoWorld's Security newsletter. ]

Organizations can then begin to evolve change management and security to close those gaps and avoid impacts on security.

Emerging technologies like devops, IoT, automation/intelligent software, information technology service partnering, cloud computing, and BYOD all straighten out the curves in the race to make changes that propel the enterprise forward.

[ MORE ON CHANGE MANAGEMENT: Ensure business continuity with change management ]

Devops merges software development and operations in order to speed deployment of software that immediately works in production. While this is great for usability, change management and security take a hit from adopting devops. An example from the payment cards industry shows how much the management aspect of change management can disappear in a devops shop.

"One of my clients," says David King, senior manager, UHY LLP, "literally sends out two to three releases per day, authorizing those in person with the lead programmer holding up their hand and saying 'authorized' and 'deploy' to a decent sized team of developers all sitting in one room. You can imagine that being able to document those approvals is really just a nightmare, let alone trying to manage the information security protocols that go behind that."

The IoT market is driving swift change by demanding that the industry ramp up the number of internet connected devices very quickly. "As companies move to design new systems and get them to market, they often don't pay adequate attention to change management requirements," says Barry Mathews, managing director at Alsbridge.

In the automation or intelligent software space, robotic process automation tools, autonomics tools, and cognitive computing solutions create change inside organizations. Automation impacts change management by forcing the enterprise to figure out what the change will be and how it will affect people, processes, and technology, says Mark Davison, director at Alsbridge.

Information technology service partnering, cloud computing, and BYOD all demand fast and frequent change in the enterprise. According to Joanie Walker, principal consultant at TayganPoint Consulting Group, while information technology service partnering adds federated change management requirements, cloud computing adds change management complexities in ITSM and architectural change, and BYOD requires change to address endpoint management strategies for employee and business partner devices.

According to Walker, information technology service partnering challenges change management by requiring the enterprise to ensure that all information technology support staff work under a common change process. Cloud computing, says Walker, challenges change management by demanding that the organization manage all the infrastructure and applications that exist under different architectural models under a common ITSM change process in a coordinated fashion.

BYOD challenges change management by requiring a service wrapper for a portfolio of consumer devices that is always changing as new employees and partners and their employees come on board or leave or when anyone adds, changes or upgrades their device.

How hits to change management affect security

Even in the young field of devops, costly errors in change management make big headlines. According to King, the risk of rapid development cycles and immature change management practices lead to Knight Capital's swift, gigantic financial losses. "Knight Capital was a high-frequency trading hedge fund that had about 80 percent of its portfolio wiped out in a matter of minutes due to a software glitch. They lost about $ 440 million in about 30 minutes," says King.

The pressing need to get IoT devices and related technological changes ready for market stands in sharp contrast to security, which is about developing and testing a good design, defining robust requirements, and then testing again and again before release, according to Mathews. The result of rushing through change management and security measures here is that each new IoT device represents an even riskier node on the internet that is even more susceptible to attack, Mathews explains.

Automation affects change management and security because there may not be an understanding of how to support the new information security requirements of automation as change occurs. This can make the enterprise susceptible to intrusion and unable to adequately respond when disaster recovery plans must execute, Davison says.

As for information technology service partnering, when partner employees don't follow the enterprise change management process, information security risks rise, says Walker. In cloud computing environments, simply adding errors in the process of coordinating change among different cloud environments to the already precarious task of implementing federated security across these clouds can add significant risk. And when BYOD change management processes operate in a vacuum and not as part of a comprehensive enterprise change process, this can draw information security down.

MORE ON CSO:Mobile Security Survival Guide

For devops, enterprises can make compromises between the development and change management / security teams by using a sandbox for development. "Development can do anything they want in this virtualized sandbox. Security keeps the sandbox segmented from production. Once a software change passes thorough rapid testing and QA and security scans, they can push it into production," says King.

Developers must use trusted tools from trusted sources inside those sandboxes so that attacks don't enter through holes created by cloned tools that hackers have purposely packed with vulnerabilities and malware.

For IoT, the enterprise needs to restructure information technology to monitor, track and support new apps and devices through investment in security governance, protocols, standards and procedures, says Mathews.

Automation affects many things. By applying best practices in change management to transition, communications, education and operational and organizational alignment, the enterprise can maintain effective change management and security, according to Davison.

"For information technology service partnering, staff must operate under a single change process regardless of what organization they work for in order to address the risks to change management and security," says Walker. For the cloud, the enterprise should use one ITSM change process for both the infrastructure and applications hosted by the enterprise and those hosted by the cloud computing provider, according to Walker.

As for BYOD, the business can mitigate risks to change management and security by ensuring that the devices, security policies and security protections are all part of one overall enterprise change process, Walker concludes.

The only thing consistent is change

If you find an opportunity where a little change leads to a lot of profit, take it. Otherwise, expect that as we make new discoveries and develop new technologies in greater numbers at a pace we can hardly keep up with, head spinning change will increasingly become a constant in building new business. This will come with challenges to change management and security.

This story, "Emerging technologies are poking holes in security" was originally published by CSO.


InfoWorld Security