Drip, drip, drip goes the data as leakage threat rises

Computerworld - Beware: your data may be leaking. According to a recently published IDC security survey, the threat of data seeping out of a company through innocent employee messaging activity is on the rise.

That's the most surprising finding of a study titled "Worldwide Information Protection and Control (IPC) 2007-2011 Forecast and Analysis: Securing the World's New Currency." This inadvertent leakage threat has risen to fourth in importance behind viruses, spyware, and spam, while intentional theft by employees with a criminal or otherwise malicious agenda has actually fallen in rank, and now sits in seventh position.

According to Willy Leichter, Tumbleweed Communication Corp's, director of product marketing, that finding became a key factor when his company designed the software embedded in the Redwood City, CA-based company's new MailGate 3.5 security appliance.

The software's new dashboard-based user interface includes a robust set of options that enable security professionals to create policy management rules that watch for employees inadvertently sending confidential or other key information, such as earnings forecasts, company credit card numbers, or even their own social security or credit card numbers, embedded in outbound e-mail messages. The options also include a more normal set of policy tools designed to fulfill the compliance requirements of HPPA, Sarbanes-Oxley, and other regulatory and corporate policy requirements.

Security or other administrators can specify actions ranging from basic incident reporting to complete message blocking. "They are presented with a wide variety of options in a series of hierarchical checkboxes," says Leichter, "and there is enough variety there to let them set their policies and actions up however they need to." When asked if existing users can migrate current policies to the new software, Leichter said that they could, but if they did that they would not be able to take advantage of important new control opportunities, and the more flexible user interface.

Also included in the MailGate 3.5 software is Tumbleweed's latest multi-layered spam defense technology. New in this mix is an IP reputation filter system to weed out spam from disreputable senders that is based on a data base of 100 million IP addresses, and real-time zombie detection that is designed to block spam at the enterprise gateway. Those technologies teams up with Tumbleweed's Edge Module to do recipient verification, intelligent traffic shaping, and message throttling that is designed to stop directory harvest and denial of service attacks.

"It is time for straight talk," says John Thielens, Tumbeweed's vice president of technology, "it is time for vendors to stop extorting enterprises for technology to protect sensitive data, and our new MailGate software makes us the voice and the technology of reason." He adds that botnets are not going to disappear any time soon, and companies have to take matters into their own hands if they want to drive botnet traffic off their networks.

The new MailGate 3.5 appliance will be available late in July of this year, with prices starting at $5,000. Users of existing MailGate appliances can upgrade their software with the new 3.5 version free of charge.

Read more about security in Computerworld's Security Knowledge Center.