Data Breaches, Social Media, and Symantec

Last week I had an excellent opportunity to learn from Symantec’s Director of Product Marketing – David Dorosin – about both Targeted Attacks on Intellectual Property and how Symantec is providing new tools to help address the challenges of these attacks. This conversation was of special interest to me as it provided an opportunity for me to see how leading security vendors are beginning to address the data breach challenges associated with unconventional unstructured data emanating from social media.

Data Breach Challenges and Social Media

Last week I had an excellent opportunity to learn from Symantec’s Director of Product Marketing – David Dorosin – about both Targeted Attacks on Intellectual Property and how Symantec is providing new tools to help address the challenges of these attacks. This conversation was of special interest to me as it provided an opportunity for me to see how leading security vendors are beginning to address the data breach challenges associated with unconventional unstructured data emanating from social media.

As part of the discussion with Mr. Dorosin, he kindly shared the following information points – information points that may be useful as you consider data security.

Targeted Attacks on Intellectual Property

The anatomy of a breach typically follows a four step sequence:

• Incursion
• Discovery
• Capture
• Exfiltration

This four step sequence usually can be categorized into either mass attack or targeted attack approaches.

Mass Attack Characteristics

• Incursion – Generic social engineering By-chance infection.
• Discovery – Typically no discovery, assumes content is in a predefined and predictable location.
• Capture – Predefined specific data/data which matches a predefined pattern such as a credit card number.
• Exfiltration – Information sent to dump site often with little protection and dump site serves as long term storage.

Targeted Attack Characteristics

• Incursion – Handcrafted and personalized methods of delivery.
• Discovery – Examination of infected resource, monitoring of user to determine other accessible resources, and network enumeration.
• Capture – Manual analysis and inspection of the data.
• Exfiltration – Information sent directly back to attacker and not stored in known location for extended period.

To address the challenges associated with data breaches from targeted attacks, it seems reasonable for organizations to have a stepped approach that may include but not be limited to:

• The Development and Enforcement of IT Policies
• The Protection of Information
• The Management of Systems
• The Protection of the Infrastructure

In translating the elements of this stepped approach for addressing targeted attacks into practical offerings, Symantec is announcing today as series of security suites designed specifically to meet the challenges associated with data breaches. These offerings include:

• Control Compliance Suite 10.0 (The Development and Enforcement of IT Policies)
• Data Loss Prevention Suite 10.5 (The Protection of Information)
• IT Management Suite 7.0 (The Management of Systems)
• Symantec Protection Center and Symantec Protection Suite (The Protection of the Infrastructure)

Of special interest to individuals and organizations charged with data breaches associated with social media, the Data Loss Prevention Suite 10.5 provides some key capabilities worth considering. These capabilities include but are not limited to:

• Visibility and Control of Unstructured Data
• Protection for Social Media Sites (Examples: Twitter, LinkedIn, YouTube, etc.)
• Protection for Private Clouds (Example: Citrix)

Specifics of this new Data Loss Prevention Suite offering can be seen in today’s press release (13.4.2010) from Symatec – the release is provided below for your use/consideration.

Symantec Helps Businesses Prevent Data Loss in Evolving IT Environments

Symantec Finds Social Media to be a Top Concerns of CIOs

LAS VEGAS – Symantec Vision 2010 – April 13, 2010 – Symantec Corp. (Nasdaq: SYMC) today announced an updated version of Symantec Data Loss Prevention designed to help businesses prevent data leaks in their changing IT environments. Symantec Data Loss Prevention 10.5, the latest version of Symantec’s market leading data security suite, enables the use of social media while guarding against data loss, protects information in private clouds and helps organizations take ownership of unstructured data, such as documents, spreadsheets and email.

“Information is today’s most critical business asset and traditional boundaries for it no longer exist,” said Rich Dandliker, director of product management, Symantec. “Constantly evolving IT environments drive the need for new data protections. To protect information, Symantec must go where the data goes.”

Helping Businesses Go Social

Social media is being increasingly used in business for collaboration and communication. Yet in Symantec’s 2010 State of Enterprise Security study, Symantec learned that 84 percent of CIOs and CISOs considered social networking sites to be a serious threat to their security. To enable the use of social media while addressing this threat, Symantec Data Loss Prevention has enhanced compatibility with Web 2.0 sites – such as Twitter, YouTube, MySpace, Facebook, LinkedIn, and Meebo – to stop the flow of sensitive data. Symantec Data Loss Prevention also minimizes IT support costs by providing a more transparent Web experience for end-users that seamlessly prevents data exposure without confusing the user with broken links or error messages.

Secure Private Clouds

Companies are increasingly turning to private clouds to help them cut server and storage costs. However, security is a chief concern with clouds, even when they live inside the corporate firewall. For example, organizations need to prevent sensitive information from being inappropriately transferred to unmanaged laptops and desktops, which could happen with remote employees or outsourced employees who need access to confidential data. To combat this, Symantec added new endpoint event coverage for workstations running virtualized applications and desktops, including Citrix XenApp and Citrix XenDesktop.

Take Ownership of Unstructured Data

Businesses are also drowning in unstructured data – such as documents, spreadsheets, and emails – which continues to grow exponentially every year. The key challenge for organizations is determining what information is stored in unstructured files and who is responsible for the data. To help companies solve this mounting problem, Symantec recently introduced Symantec Data Insight that is now integrated into Symantec Data Loss Prevention. With Data Insight, organizations can discover where their most critical information lives, monitor its usage and protect it by automatically inferring data ownership to speed up the incident remediation and data clean-up process.

Expanded Interest in Data Loss Prevention

Interest in data loss prevention is high with 89 percent of organizations at least considering a DLP solution, according to Symantec’s 2010 State of Enterprise Security study. New buying centers are emerging in organizations that do not have complex data security requirements and are interested in preventing the loss of specific information, such as customer data, through common endpoint gaps, such as email, Web and USB. To support these new buyers, Symantec now offers Symantec Data Loss Prevention Standard Edition, which provides leading data loss prevention technology to protect against this specific type of endpoint data loss.

Availability

Symantec Data Loss Prevention 10.5, with new support for Windows 7 64-bit, Symantec Data Loss Prevention Data Insight, and Symantec Data Loss Prevention Standard Edition are now available.

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is an online publication that highlights data and legal discovery insight and intelligence ranging from original research to aggregated news for use by business, information technology, and legal professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding data and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of data and legal discovery organizations. Registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world, ComplexDiscovery OÜ operates virtually worldwide to deliver marketing consulting and services.

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

The results of the recent Summer 2020 eDiscovery Business Confidence Survey present the unfortunate and continuing impact of COVID-19 on the business of eDiscovery. However, for these pandemic-driven results to be fully understood, they should be viewed through the contextual lens of the results of all nineteen surveys that have been administered to eDiscovery professionals since the inception of the eDiscovery Business Confidence Survey in early 2016.



Check Out the Observations Now!

Interested in Contributing?

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

Veritas Acquires Globanet

“By integrating Globanet’s technology into our digital compliance portfolio, we’re making...

Five Great Reads on eDiscovery for September 2020

From cloud forensics and cyber defense to social media and surveys,...

Time for a Change? FTC Proposes Changes to HSR Act Premerger Notification Rules

The Federal Trade Commission, with the support of the Department of...

An eDiscovery Holiday Season Down Under? Macquarie Prepares Nuix for IPO

According to John Beveridge, writing for Small Caps, Macquarie holds a...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews

One of the key revision and decision areas that business, legal,...

A Macro Look at Past and Projected eDiscovery Market Size from 2012 to 2024

From a macro look at past estimations of eDiscovery market size...

An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Festive or Restive? The Fall 2020 eDiscovery Business Confidence Survey

Since January 2016, 2,189 individual responses to nineteen quarterly eDiscovery Business...

Casting a Wider Net? Predictive Coding Technologies and Protocols Survey – Fall 2020 Results

The Predictive Coding Technologies and Protocols Survey is a non-scientific semi-annual...

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

Based on the aggregate results of nineteen past eDiscovery Business Confidence...

A Growing Concern? Budgetary Constraints and the Business of eDiscovery

In the summer of 2020, 56% of respondents viewed budgetary constraints...

Veritas Acquires Globanet

“By integrating Globanet’s technology into our digital compliance portfolio, we’re making...

An eDiscovery Holiday Season Down Under? Macquarie Prepares Nuix for IPO

According to John Beveridge, writing for Small Caps, Macquarie holds a...

ayfie to Acquire Haive

According to Johannes Stiehler, CEO of ayfie Group AS, “This acquisition...

Innovative Discovery and Integro Merge

“Integro and Innovative Discovery’s services and solutions are highly complementary. Our...

Five Great Reads on eDiscovery for September 2020

From cloud forensics and cyber defense to social media and surveys,...

Five Great Reads on eDiscovery for August 2020

From predictive coding and artificial intelligence to antitrust investigations and malware,...

Five Great Reads on eDiscovery for July 2020

From business confidence and operational metrics to data protection and privacy...

Five Great Reads on eDiscovery for June 2020

From collection market size updates to cloud outsourcing guidelines, the June...