This month we look at network access control (NAC), identity management (IDM) and data leakage prevention (DLP) tools. “All three,” you ask? Well, the problem that we are trying to solve is unauthorized access. Back in the day, we said that one could prevent unauthorized access with a good firewall and a strict access control policy. That didn't last, unfortunately.
So, we took a look at what the modern large enterprise looks like and we found that if we wanted to tighten up access control – especially since the perimeter was getting fuzzier and fuzzier – we would need some sort of automation. That gave us identity management. IDM allows us to manage large enterprises with lots of users scattered far and wide and still deploy and provision them with appropriate credentials managed appropriately. Good enough…at the time.
The problem turned out to be that not only did we need to manage people, we needed to manage devices. Attaching a device to an enterprise could mean attaching a machine riddled with vulnerabilities or infested with malware. Along came NAC to solve that problem. We're good…again. But, unfortunately, not for long, it turned out.
...we found that if we wanted to tighten up access control we would need some sort of automation.
Even though we have managed access from the outside, we still have the problem of the insider. And that challenge has taken on serious new dimensions with today's attack styles. Today, the bad guys often don't slip into the enterprise unseen – although that mode of attack is far from gone. Rather, they scam users into inviting them in with such things as phishing emails of various types, drive-by infections and watering-hole attacks.
Symantec, in its 2014 “Internet Security Threat Report,” estimates that in 2013 one in 392 users experienced a phishing attack, one in 196 received an email that was infected with malware and up to one in 2.3 businesses were targeted by spear phishing. That's pretty scary stuff. Even small businesses were not immune from spear phishing with about one in five experiencing at least one attack.
So the issue no longer is just keeping the bad guys out – there were eight major breaches (more than 10 million identities exposed) in 2013 as opposed to one in 2012 – it's now as important to keep the information you need to protect inside, protected from exfiltration. Now we have DLP as part of our access management team. In fact, the whole notion of access management has come back to the most important fact of all: It's all about the data. Conventional wisdom now says that you must assume that your enterprise – even your personal computer, perhaps – has been compromised. You are faced with ensuring the safety of your data.
That said, this month we are taking a close look at a triumvirate of tools that do exactly that: protect the data. Certainly they may accomplish their tasks in a variety of ways, but working together they can accomplish them.
Also, this month we welcome Sal Picheria to our reviews team. Sal comes to us from Norwich University – my day job – and he has done a masterful job testing and reviewing this month's products. We hope to see a lot more of Sal and his colleagues from Norwich in future reviews. Finally, we send get-well wishes to our project manager, Judy Traub, without whom we could not put this section together. Judy is our vendor wrangler and queen of all things process-based here at the SC Lab. She is down for a month or so and we sorely miss her.