Why bother to protect the network if we cannot protect the information on it? If we think carefully about the entire notion of an information security architecture, we must admit that it is the data that drives our security strategy. The network is there to carry and store the data. But protecting the network is not enough to protect the data. So we picked three products that address the data directly.
Email security is a misunderstood term. In fact, the notion of email security covers a lot of territory. One of the most important aspects of email security — not covered by current gateways or by the emerging crop of UTM products — is information leakage protection. While there are a number of products in this space, we selected one that we think has a lot of potential to extend its innovative approach beyond its current scope. This product is focused on the insider threat.
At a conference of directors of the National Security Agency/ Homeland Security National Centers of Academic Excellence in Information Assurance, a guest speaker made the comment that “encryption is everything.” We agree, and there is no more creative and venerable company in the encryption business than our encryption selection. Today, this product suite defines what encryption means to users around the world. It has been in that position almost since its inception.
Finally, there is a very special type of data leakage or extrusion. Our final product in this group protects against data leakage by malware. This product focuses not on the malicious insider — as one of our other selections does — but rather it attacks the bot armies that sneak into systems to steal sensitive data. Since there is no breach detected and no attacker is trying to send sensitive information outside, this vector often gets missed. Our last product in this group looks out for malware-born data leakage and stops it cold.
These three products focus on protecting the data in the enterprise. The data may be at rest or in motion — though from a security perspective it probably doesn’t matter — but it is the reason for the enterprise in the first place. Explicitly protecting the data is a critical role and one that calls for innovation, creativity and vision.