Defining the Difference Between Endpoint Security and Data Loss PreventionBy Larry Walsh | Posted Sunday, March 23, 2008 04:03 AM
A couple of nice guys from SanDisk paid me a visit the other day at my New York office to unveil their version of endpoint security. I took the meeting because, frankly, I was intrigued by the idea that a company that makes portable storage media would be entering the security market. Turns out they aren't.
After flipping through a bunch of cursory slides that every PR presentation contain, they showed me their endpoint security solution: an USB flash drive.
Whoa! This is endpoint security? They rolled through the particulars of this solution, since it's no ordinary flash drive. The SanDisk drive is pretty neat in that it transparently encrypts all data on the drive with AES 128-bit encryption. Recognizing that some enterprises will logically lock down client USB ports, it's industry partners have devised a system that will allow the secure device access will blocking all unauthorized thumbdrives. And, its centralized management will automatically backup data stored on the portable media.
Through this solution, users are compelled to use only authorized secured USB flash drives. If the drives are stolen or lost, the data is both encrypted to prevent compromise and backed up for restoration. And, through a partnership with RSA Security (a division of EMC), the drives have strong authentication and access controls. Oh, did I mention the drives are also high-capacity?
SanDisk, which is better known for its flash memory solutions for everything from computers to digital cameras, will be rolling out its secure USB flash drive at next month's RSA Conference in San Francisco as an endpoint security solution. But is this endpoint security?
We debated that in my office for a few minutes. From my perspective, this solution seems more like a data loss prevention solution than endpoint security. Admittedly, there are many flavors of endpoint security. When I think of endpoint security, I think of network access control (NAC), configuration management, vulnerability management and security policy enforcement. While this solution is designed for the endpoint client, it doesn't do any of the above tasks. Rather, it forces users to use one type of portable media and transparently applies security protection to the data. To me, that's DLP.
Now, the SanDisk drive is missing a couple of the elements of DLP, too. It's not inspecting data against policy violations. That means it's very possible for a user to drag and drop an Excel spreadsheet of employee salary figures, Social Security numbers and addresses onto the drive. But I'm not a big fan of vendor arguments that claim that can stop data leakage through inspection (an entirely different issues).
I could be wrong (and I sometimes am), but this entire conversation got me thinking about what is endpoint security and what is data loss prevention (or the alternative nomenclature: data leakage prevention)? Both terms remain en vogue since clients remain vulnerable because of their mobility and user naivety and data, by its very nature, is flowing everywhere with few checks. Vendors can't help themselves in trying to apply either label to anything their selling, believing that it will move more units faster. My fear is that temptation will bring us back to the state we were in back in 2002 when everything from vulnerability scanners to application firewalls were labeled as intrusion prevention systems.
What does the community consider endpoint security? What do you consider the definition of data loss prevention? It's high time clearer definitions are applied to security technology to prevent FUD from inhibiting real security progress.