iBugle
Protect Enterprises from Information Leakage
The Daunting Challenge of Information Leakage
To date organizations have invested huge resources into protecting their internal environment from external attacks. However, as organizations rely more on Information Technology to increase competitiveness and efficiency, they also increase their vulnerability to information leakage from insiders. This information leakage could be perpetrated with malicious intent or caused inadvertently by human error and the result is potentially devastating. There are several reports that bear this out.
-
Gartner studies indicate that a majority of real data losses have been caused by insiders,
-
A 2004 CSI/FBI Computer Crime Survey indicated that 80% of the respondents reported security incidents involved insider abuse.
-
IDC's 2005 survey indicates that organizations rated employees ignoring security policies as the second highest security risk.
The Problem of Information Leakage
There are four critical problem areas that need to be addressed to prevent information leakage within an organization.
-
Legislators have mandated more transparent corporate governance. Organizations are required to ensure integrity and accuracy of reporting as legislated in the Sarbanes Oxley Act of 2002 (SOX). The financial industry is required to protect confidential customer information, as legislated by the Gramm-Leach-Bliley Act(GLBA).
Organizations are expected to provide greater protection against rampant identity theft which puts their customer data at risk.
-
Organizations are increasingly threatened by the ease with which intellectual property can be made available to competitors or impostors. Organizations want to ensure that intellectual assets and their crown jewels, such as, patents, trademarks, brands, trade secrets, software code. designs, architectures, algorithms, inventions, arc
not leaked and abused.
-
Organizations want protection against leakage of internal confidential information, which can be very damaging to customer trust, to the company brand and finances.
-
Privileged information, such as customer data, patient information, financial information, business plans etc., can be surreptitiously hidden in common applications, such as those of common spread sheets, word processors,
presentation packages etc., and may be transported to outsiders.
The above problems can be catastrophic and behooves organizations to invest in a solution that prevents information leakage. Such a solution would need to provide high performance, real-time vigilance against all information that leaves the organization.
iBugle Solution
iBugle is a security appliance that provides complete visibility to information leaving the enterprise in near real-time and protects against information leakage.
Real Time Information Capture & Analysis
Packet Capture & Protocol Decoding Engine
iBugle employs a Packet Capture Engine that captures every outgoing packet on the network at line speed, in passive mode, and which is used to reconstruct the original content. The Protocol Decoder Engine recovers the payload information carried by various protocols. Many of the commonly used protocols are supported by the system and include HTTP, SMTP, IP, FTP, Telnet POP. 1MAP, Web Mail, Chat etc. The decoded payload is then aggregated packet-by-packet to recover the content.
Content Analysis Engine
The reconstructed content is stripped-off its format to obtain raw data, which is then processed further by the Content Analysis Engine. This engine can analyze various file formats including .Doc, .PPT, HTML Files, .PDF etc. It can also monitor for structured data items, such as social security numbers, credit card numbers. URL's and personnel ID's.
Forensic Analysis Engine
The Audit and Forensic Engine allows an administrator to analyze the Trail of alert events and to extract patterns of information. These alerts can be the basis of a periodic report, or can trigger appropriate notification via email, an instant message or other preferred communications medium. The alert violations data can also be data mined for security trends to enhance future protection measures.
Security Alert Engine
The real-time Security Alert Engine provides real-time alert generation, based on the policies set up through the Policy Definition Engine. Violations detected by the Content Analysis Engine result in an alert, which is logged into the Forensic Analysis Engine database, along with attributes such as timestamp, IP address etc.
-
Browser Based Graphical Management Dashboard
iBugle has a centralized, easy to use browser-based graphical user interface, for policy administration. The dashboard is customizable and can display the alerts generated, when a specified policy is breached, using either tabular data or charts.
Easy to Administer
- Policy Definition User Interface
An administrator can define the desired security policy through the Policy Definition GUI. The security policies that can be set through the Policy Definition module include, the type of document or content to track, the protocols to decode, the keywords or key phrases that need to be searched, the threshold for alerts to be generated and the preferred notification vehicle.
Easy to Deploy
Integrates without Disruption
iBugle is easy to integrate because it is a passive device and does not disrupt the performance or stability of the enterprise network.
Conclusion
iBulge is a product of Saraansh Software Solutions, Bangalore and Aufait is an implementation partner for iBugle in Middle East. iBugle is a comprehensive scaleable solution to the information leakage problem faced by organizations. For further information please contact info@aufait.in or our offices in Middle East or India. |
