I don't recall the first time I heard the term “extrusion prevention system.” It was, I think, an effort on the part of some marketer to tie the notion of preventing data from unauthorized exit (extrusion) from the enterprise to the notion of unauthorized entry (intrusion). Very clever.
I don't usually fall for that kind of hype, but for some reason, this time it stuck with me. I still like it better than the more accepted term, “data leakage,” because it's one thing for data to be removed from an enterprise without authorization (“extruding”), and it's quite another for it just to, somehow, ooze out (“leakage”). I tend to believe that the former is the real problem.
The leakage problem does not necessarily acknowledge that something or someone is purposely looking for data to steal and then spiriting it out of its authorized home. Trend Micro engineers must agree, because they have designed their extrusion prevention product to seek out malware that has as its objective finding and stealing your data. The Trend visionary with whom I spoke told me that in his view, about three years ago the focus of malware shifted to crimeware. Crimeware's objective is to steal, not just infect. I agree, and I also agree that 2009 likely is the year that the industry finally will grasp that important paradigm shift.
In order to be successful interdicting this type of malfeasance, the protections need to be layered. That means that the innovator needs to innovate from within and have excellent relationships with customers and the emerging threat environment. This is a case of a need for a high degree of research at several levels (customer, partner, threat environment, etc.). Trend always has been a leader in that area.
The current challenges associated with extrusion prevention and crimeware are automating the collection process and focusing on the data and where it is supposed to be. More important, in my view, is that there needs to be a solid understanding of the unauthorized extrusion process. The types of malware that are prevalent today in this type of crime are new and creative. They are hard to characterize and easy to mask – making catching them very difficult.
Additionally, cloud providers are big targets, and anti-malware technologies are very inefficient in virtual environments. That gives Trend plenty to do over the next 12 to 18 months, and every bit of it is squarely on their roadmap.