Exobox Technologies Corp (EXBX)

[rayray99]

Has your sensitive data leaked into the wild?

Data leak detection picks up where DLP leaves off
IT Best Practices Alert By Linda Musthaler , Network World , 09/03/2009

Every organization has sensitive information that it does not want the public to see. Nevertheless, this information often makes its way to the public Internet, either by accidental or intentional exposure.

For example, in 2007 payment records for more than 30,000 patients of Sky Lakes Medical Center in Oregon were viewable on the Internet for nearly a month when a contractor copied the records from one server to another to perform maintenance. When the unintentional leak was discovered by a patient of another hospital, the Sky Lakes online payment system was shut down until the problem was resolved.

Unfortunately, this kind of thing happens every day, and the organizations whose information is exposed have no idea. Could this happen to your company? The truth is, you’re probably exposing much more than you know, according to executives at Exobox Technologies.

Exobox is a relatively new data security company whose leaders bring deep security expertise to the table. They have chosen to focus on an untapped area of data security they call “data leak detection.” Instead of trying to prevent your sensitive data from leaving the network confines, the Exobox SaaS solution called ExoDetect tells you what has already escaped. If this sounds a bit like closing the barn door after the horses have run off, let me assure you, there’s still plenty of value in knowing where the horses have gone.

ExoDetect runs a scan on the public areas of the Internet and finds documents and emails containing the sensitive data elements you ask it to search for. The live demo I saw turned up confidential product roadmaps, competitive information and sensitive financial information for an actual company. This information was in PowerPoint files, emails and Word documents, as well as posted to blogs and other places that are all publicly accessible. ExoDetect identifies where the leaked data is located and presents the list of places and documents in an easy to read format.

I imagine it would be a shock to most CISOs to see such a report. Even companies that think they have a pretty good defense against data leaks have seen their ExoDetect scans turn up previously unknown postings of sensitive data.

The thing about data leak prevention is that you don’t really know if it’s working 100%. With ExoDetect’s data leak detection, you can see just how effective your prevention policies and technologies are. If (when) you see your company’s leaked data on the Internet, you can take action to minimize the damage and plug the holes that allowed the data to get into the wild. What’s more, used in conjunction with system logs, the ExoDetect reports help with data leak forensic investigations.


MORE TO READ:


http://www.networkworld.com/newsletters/techexec/2009/090905-musthaler.html?hpg1=bn