That's a good point. I'm not sure if cryptographic signing is used by vontu, but any crypto with personal keys could allow users to encrypt and bypass the DLP signatures.
>From what I understand, Vontu works by having a inspection engine sitting on a span port. That then talks to the networks outbound proxy which uses iCAP to talk to the inspection engine. Another component sold separately is the host protection, maybe this product could be responsible for e-mail signing? I think semantic are going along the right lines with the host protection. We all know endless ways of getting information outside network. The trick is to restrict user access to that data in the first place, by deploying vontu with user permissions testing and Defence in Depth. If my memory servers me right: I believe vontu is able to raise a flag if a user pulls of more records from a database then they usually do or puts interesting data on a USB pen ( for example) , this kind of monitoring is what should be used as first line DLP and network protection as a 2nd line defence. Any thoughts on this? 2009/10/23 Ron Gula <[email protected]>: > I think it is one thing to talk about bypassing Vontu. How about > spoofing sensitive email to frame your buddy or coworker into loosing > their job? A lot of corporations use DLP products and these are often > run by their legal/compliance teams. > > -- > Ron Gula, CEO > Tenable Network Security > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
