SECRET DOCUMENTS LIFECYCLEâ„¢
>
« back to results for ""
Below is a cache of http://perimetrix.com/downloads/wp/WP_Perimetrix_SDL_eng.pdf. It's a snapshot of the page taken as our search engine crawled the Web.
The web site itself may have changed. You can check the current page or check for previous versions at the Internet Archive.
Yahoo! is not affiliated with the authors of this page or responsible for its content.
SECRET DOCUMENTS LIFECYCLE
SECRET DOCUMENTS
LIFECYCLE
The New GeNeraTioN of
CorporaTe SeCreTS proTeCTioN
TeChNoloGy
K E E P I N G S E C R E T S S A F E
WHITEP
APER
w h i T e p a p e r
2
S e C r e T D o C u m e N T S l i f e C y C l e
1. iNTroDuCTioN
2. The evoluTioN of approaCheS iN leak proTeCTioN
2.1. 1
ST
GENERATIoN: PRobAbIlISTIC FIlTRATIoN mETHodS
2.2. 2
Nd
GENERATIoN: dETERmINISTIC PRoTECTIoN mETHodS
2.3. CoNCluSIoNS
3. The SeCreT DoCumeNTS lifeCyCle CoNCepT
3.1. THE SECRET doCumENTS lIFECyClE CoNCEPT
3.2. PRoTECTIoN AT All PoINTS IN THE lIFECyClE
3.3. SECRETS PRoTECTIoN ouT oF THE oFFICE
3.4. AudIT AT All PoINTS IN THE lIFECyClE
3.5. AudIT oF SECRET doCumENTS INTEGRITy
3.6. CoNCluSIoNS
4. abouT perimeTrix
w h i T e p a p e r
3
S e C r e T D o C u m e N T S l i f e C y C l e
1. IntroductIon
Corporate secrets make up the information a company has which have
to be kept confidential. For example: personal data on employees and
clients, confidential details on partners, a companys intellectual property,
business plans and strategies all of this is very valuable to a company
and must not leak out. If such corporate secrets fall into the hands of
competitors, criminals, journalists or leak into the public domain, con-
siderable consequences for investors, management, employees and/or
company partners naturally follow.
Such leaks happen all the time and many world famous companies have
hit the headlines, including prestigious consulting firms, large industrial
producers, and trusted banks. Such occurrences lead to tarnished im-
age, reduced competitiveness and investment attractiveness, as well as
unwanted government and regulation watchdog attention arising from
failure to comply with legal requirements.
According to Gartner, leaks cost companies far more than implementing
prevention solutions.
1
Savings on average are in the order of 500%. mean-
while, according to the Ponemon Institute an average leak costs around
4.7 million uSd.
2
There is a whole array of technology on offer which in one way or another
protects against leaks and helps secure corporate secrets. This paper will
look at and analyse the approaches used today both their strong and
weak points before turning to the Secret document lifecycle (hereaf-
ter, Sdl) the new generation corporate secrets protection technology
developed by Perimetrix.
1 Source: Avivah litan, vice president and distinguished analyst at Gartner
2 Source: 2006 Ponemon data breach Study
According to the Ponemon Institute
an average leak costs around 4.7
million uSd.
w h i T e p a p e r
4
S e C r e T D o C u m e N T S l i f e C y C l e
2. the evolutIon of approaches In leak protectIon
Conceptually, a leak occurs at the moment when corporate secrets breach
the companys information perimeter. For example: an employee prints
off a confidential financial account and takes it out of the office in his
case. of course, instead of the printer, the insider could have used any one
of a number of channels to leak the document. This is why developers be-
gan with the creation of defence systems which focused on controlling
the channels by which information leaves a corporate perimeter.
These channels can be divided into roughly four main groups:
E-mail
Internet
Print devices
Portable and mobile devices
The idea behind the majority of corporate secrets protection technology
is predicated on checking outgoing documents as they exit the company
perimeter by means of one of the four channel categories above.
This is why the task for developers became learning how to distinguish
secret from non-secret documents and, moreover, to do this automati-
cally with minimum human involvement.
To date, technologies which identify corporate secrets within the stream
of data traffic have gone through two stages of evolution. In the first, de-
velopers of leak prevention systems concentrated on probabilistic meth-
ods which use linguistic analysis or digital Fingerprints. In the second,
providers developed deterministic methods based on branding confi-
dential documents with a unique security label.
We will look at each approach in more detail. However, we may say now
that the effectiveness of both probabilistic and deterministic approaches
leaves much to be desired. According to Gartner
1
, these are highly un-
reliable technologies which an employee who intentionally wishes to
remove confidential information can easily get round, with an effective-
ness rate of only 80%. In other words, these approaches are effective
only chance leaks arising from mistaken actions, and even then not with
complete reliability.
1 Source: Hype Cycle for Information Security, 2007
To date, technologies which identify
corporate secrets within the stream
of data traffic have gone through
two stages of evolution.
w h i T e p a p e r
5
S e C r e T D o C u m e N T S l i f e C y C l e
2.1. 1
ST
GeNeraTioN: probabiliSTiC filTraTioN meThoDS
Probablistic methods of filtering outgoing traffic are the use of linguistic
technology or digital Fingerprints taken from secret documents.
linguistic analysis methods search outgoing documents for previously
determined key phrases and then analyse their context. To do this, the
filter learns which documents need to be stopped on the basis of docu-
ments already flagged as confidential.
The implementation of a system based on linguistic analysis requires the
creation of a content filtration database into which are placed confiden-
tial information signature documents of the specific client company. Each
signature represents a template or digital fingerprint of a secret docu-
ment on the basis of its key words and context.
The analysis of outgoing traffic uses this database: the engine scans each
document, finds its key words and then analyses the text using the lin-
guistic signature database of digital fingerprints.
The analysis results in a particular rating, for example, from 1 to 10. The high-
er the rating, the higher the probability that the linguistic filter has engaged
a document which is of a confidential nature. This characterist is why first-
generation leak prevention technologies were called probablistic.
If we turn to table 1, we see that this approach has three main failings. In
the first place, this technology provides only a low level of effectiveness.
Even with the creation of a content filtration database, filtration effective-
ness using linguistic technologies is only 80%. This means that 20% of
corporate secrets can make their way out of the company network. Plus,
real cases show that the leakage of only 20% of a companys corporate
secrets in 60% of cases results in bancruptsy. And one should not forget
that one can get round even the most advanced linguistic analysis using
simple steganography and communications encryption.
It is worth noting that given intense traffic such a high instance of false
positives (20%) would make the lives of information security professionals
pure hell. For example, if 100,000 emails go through the email gateway
daily, that means security officers will have to process 20,000 communi-
cations per day by hand. but this volume of email traffic is modest when
compared with the millions of emails some corporations deal with daily.
Filtration
effectiveness
using
linguistic technologies is only 80%.
w h i T e p a p e r
6
S e C r e T D o C u m e N T S l i f e C y C l e
We should emphasise the fact that effectiveness of 80% is achieved only
with the creation of a special content filter based on the characteristics
of a concrete company and to create such a filter requires the classifi-
cation of all a companys information. leak-prevention system providers
often omit this necessary work, delivering the client nothing more than
a standard or default content database. In this case, the product is easily
implemented literally, in a few days but is plagued by poor effective-
ness which falls to around 60%.
Table 1. The main failings of linguistic filtration
Issue
Description
low effectiveness even in best-
case scenario
The best-case scenario is when a content-filtration database is created prior
to implementation and is based on the specifics of a particular company.
However, even in this case the effectiveness of filtration reaches