"There was a concern that a lot of our lead generation information was making it out to our competitors, so we performed an assessment," says Randy Barr, chief security officer for Santa Clara, Calif.-based WebEx. "During the assessment, we identified areas that could use improvement, and we made some of those improvements. The one key area that we could not have a strong answer for was how do we monitor our environment in real time, and how do we prevent that information from getting out?"

To answer that question, Barr and his security team scouted the market for a network monitoring tool that would enable them to keep better tabs on their intellectual property (IP). The problem they quickly came up against was that most tools didn't have the capability to keep track of unknown threats.

"The unknown is the key point in managing the security program," Barr says. "A lot of these tools require us to identify a document and protect that. I had concern about that because a lot of our users don't know if a document is sensitive initially, until maybe a week later. So by the time the document is labeled secret it could have made its way out."

Barr says that he was drawn to Reconnex iGuard because of its seeming thoroughness compared to the rest of the field. Once he brought the device in for a brief test on his network, he was convinced that it was just what he was looking for.

"We were so sensitive about that that we decided to run the report ourselves," he says. "When we saw the report we were amazed at how much information we collected."

Test for yourselves
Faizel Lakhani, vice president of marketing at Mountain View, Calif.-based Reconnex, says this is a pretty common occurrence when prospective users take a look at the iGuard, which is partly why the company offers the test.

"When we allow a customer to spend 48 hours with our box, they usually will either say, ‘Get out of here! We never had this meeting.' We call that the ostrich in the sand [reaction], because they don't even want to face their risks. Or ask when they can sign up," Lakhani says.

Working it
WebEx Communications specializes in facilitating online meetings between some of the nation's largest enterprises. The company offers solutions for web conferencing, video conferencing, teleconferencing and webinars. Because he's got to contend with 2,300 employees scattered around the world, Barr's challenge is being able to thoroughly scan a very distributed environment for potential IP leakage.

His eight-person security team uses four Reconnex devices across 12 different locations to help accomplish the task. Barr said that implementation only took about four hours for each machine, but that they also require constant monitoring and upkeep to do the job right. He tasks one of his team members with about four hours of work a week with the devices. During the time, this person performs audits and searches and updates signatures on the devices to keep track of the valuable IP on the network.

The payoff
He says that most incidents that iGuard helps the security department catch are not malicious in nature, but they could lead to security problems down the road. For example, he tells of a vacationing employee who was contacted via IM by a colleague who needed a file for a project. The employee on vacation told her colleague to access the file on her computer and then proceeded to give her co-worker login and password information.

"When we saw that, we immediately closed out her account until she came back, and then we sat down with her and her manager to have a discussion about the importance of security," Barr says.

In addition to allowing the security team to better look out for bad behavior, iGuard also gives them peace of mind, Barr says.

"We feel a lot more confident knowing that our employees aren't doing anything malicious," Barr says. "My stance on implementing prevention tools that would identify intellectual property is that unless we have an agent that resides on the desktop that would protect IP from leaving, I think the best thing a security person can do on IP is to monitor IP."

We welcome your comments. Email us at  scfeedbackus@haymarketmedia.com