Networking security vendor Check Point Software Technologies Ltd. has launched a new software blade and related security technologies designed to make it easier for organizations to manage and control increasingly proliferating Web 2.0 applications.
The Application Control Software Blade integrates Check Point’s UserCheck technology to shift some of the decision-making and management process from the IT staff to the end-user, allowing them to work within application usage policies tailored by the company.
When it comes to data loss, 99 per cent of incidents of unauthorized data leaving the company aren’t malicious; they’re accidental said Kellman Meghu, security engineering manager for Check Point.
“Computers are good at identifying patterns, but not an understanding content and context. Most DLP solutions today run in detect/monitor mode and they find lots of issues, but they’re impractical to run in prevent mode because it would grind business to a halt,” said Meghu. “Another challenge is IT admin exposure. Today’s DLP solutions give admins access to a lot of sensitive data to screen to decide if it’s sensitive or not.”
What’s missing from current solutions, he said, is context. A file may have been uploaded to an external server, but only so the employee could work on it from home. That may be a technical violation of policy, but it’s not a malicious incident. Since some who seriously wants to steal data will always find a way, Check Point’s solution is to take some of the burden off of the IT admin by providing checks and prompts to reduce the accidental incidents.
For example, if someone tries to e-mail sensitive data outside the company accidentally thanks to a mistake with Microsoft Outlook’s auto-complete, Check Point will prompt them if they really want to send that sensitive file to an external destination. Depending on the parameters set for that user by IT, they can either over-ride the prompt and send the message, or change their mind.
Web applications such as Facebook, and widgets within them such as Farmville, are also creating issues from IT ranging from security to simple bandwidth management and employee productivity. With the new blade, Check Point has identified some 4,500 Internet applications and over 50,000 widgets and given IT the ability to monitor usage and turn on or off usage of each one by employee or work group. Users are also prompted to identify whether they’re loading up Facebook, for example, for business or personal use.
“You can’t just block Facebook anymore, because some people need access for business. In the management console you can allow access for certain groups. For example, marketing can update Facebook but not access Farmville,” said Meghu. “Some companies don’t care who uses these applications, others don’t want any access at all.”
Follow Jeff Jedras on Twitter: @JeffJedrasCDN.