FOR, by Max Rayner, executive vice president for products and services and CIO, SurfControl
Information security of all kinds is necessary to assure that individual privacy rights are respected and enforced, to prevent abuses of some employees by others, and to secure the rights of the employer and all related constituencies.
Public roadways present an apt analogy. Individuals have the opportunity to use roads to move about, but not the right to use them without regard for the safety of others. This is why, to our occasional annoyance, police aggressively monitor the winding mountain roads leading to SurfControl's corporate headquarters in Scotts Valley, Calif.
The police presence protects our employees' rights and safeguards our lives from wanton speeding by others, and is a far greater benefit than an intrusion on any individual's ability to try four-wheel drifting on Highway 17.
Monitoring of email, web and other traffic, as well as of data at rest, protects employees from malware, malicious people and each other. It is not only a minimum standard of corporate care, it should be required.
AGAINST, by Murray Mazer, VP of corporate development and co-founder, Lumigent
It is seductive yet dangerous to think that monitoring traffic before it enters the database provides a sensible and complete approach to database security. That approach yields a false sense of security.
Here's the key problem: monitoring network traffic does not tell you what actually happened. A credible, strong detective and mitigating control must capture the actual activity resulting from the submitted request. This is required for detecting any security-related business process enabled by the technology.
A tight coupling with the database is essential.
Simply monitoring network traffic comes with numerous vulnerabilities. It captures neither the activity of privileged users accessing the database directly nor execution of server-side logic. Monitoring encrypted network traffic becomes difficult or impossible. The list goes on.
Monitoring at the database itself eliminates these risks. Many of today's companies now recognize the value of an "inside-out" or data-centric approach.
THREAT OF THE MONTH: LDPinch
What is it?
LDPinch is a family of Windows spyware programs that can steal data via a keystroke logger and tie it to applications —such as email, FTP, chat clients and websites. The malware can send the captured data via an HTTP POST to a website or via email messages.
How does it work?
LDPinch typically arrives on a system through a malicious website, an email attachment or in shared files. LDPinch installs a trojan DLL that allows it to read the contents of data being written and read on the network, giving it access to the authentication data it steals. It can also access applications via their COM interfaces and steal both stored and entered passwords.
Should I be worried?
Most AV software detects most LDPinch variants. However, because it is easily available, LDPinch can pose a threat to organizations due to its popularity. LDPinch is also designed to be extended by its users.
How can I prevent it?
LDPinch uses no exploits to install itself onto a victim computer other than social engineering tricks. If files are scanned on entering the network via a scanning proxy, or a content scanning mail server, and physical devices are restricted, a lot of the avenues for LDPinch to propagate are closed. Updated anti-virus tools which scan files on access can also help stop the spread of this malware.
— Jose Nazario, Arbor Networks
