Provilla to Fight Leaks with Document Fingerprints

 
 
By Matt Hines  |  Posted 2007-01-24
 
 
 
A software startup is hoping to plant its flag in the rapidly expanding data leakage prevention sector using a technique that marries traditional endpoint security controls with a document-based system that assigns a digital fingerprint to each piece of protected content.

Provilla, based in Mountain View, Calif., moved out of quiet mode on Jan. 22 and launched its first product, LeakProof, an application sold as an appliance, which aims to help companies stop workers or outside attackers from either mistakenly or intentionally copying sensitive data from their networks into messaging systems, Web applications or mobile storage devices.

As part of the launch, Provilla also introduced LeakSense, a free software application that promises to help administrators observe workers data-handling activities and isolate potential problems that programs such as LeakProof seek to prevent.

Unlike DLP applications that focus only on locking down the data transfer capabilities of endpoint devices, such as USB drives and Bluetooth wireless connections, LeakProof promises to stop information from being inappropriately transferred by using both those types of controls and by using a sophisticated signature system to assign a unique identifier, or fingerprint, to different types of information.

Dubbed the Provilla DataDNA technology, the appliance uses purpose-built algorithms that extract unique details of any content a company uses it to safeguard, and then stores that information as a signature.

IronPort introduces a new malware and event reporting system. Click here to read more.

When workers attempt to copy or transfer any of the data protected in such files, their PCs endpoint-based filters detect the signature and prevent the information from being moved. Provilla said the technology can even identify protected data that has been dramatically altered to cloak its details.

Provilla said the products software agent, saved locally on an endpoint device, can also scan data before someone attempts to encrypt it, to determine whether the employer allows the information involved to be obscured in such a manner. This further protects information from attempts to hide it from content filters, the company said.

Since the local software agents memory footprint is designed to be minimal, the application is suited particularly well to laptops and other devices that have limited amounts of processing capacity, Provilla executives said.

By using both the digital fingerprinting process and endpoint controls, which can be used to limit the use of USB drives or block the ability to add certain types of attachments to e-mails, the company maintains that it has created a more comprehensive technique for identifying and stopping data losses.

In addition, Provilla said, the multifactor content filtering system makes it easier for administrators to allow approved transfer of data to portable devices, providing greater flexibility and fewer false positives because of its information classification system.

Company executives said enterprises are actively seeking such tools in light of the massive data incidents being reported by companies such as The TJX Companies, which recently announced that hackers had stolen millions of customers personal records from its central database systems.

Compliance regulations such as the Sarbanes-Oxley Act that force companies to closely monitor the flow of sensitive corporate information are another significant driver Provilla hopes to tap into, said Glenn Kosaka, vice president of marketing at the startup.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

"Were approaching leakage prevention in the same way that the FBI tracks criminals: We take a document and calculate a fingerprint for it that is stored separately and gets matched up whenever someone tries to copy or transfer the protected data," Kosaka said. "We think this provides an effective, unobtrusive approach to the problem that beats expensive, power-hungry network-centric products and traditional endpoint tools that can be circumvented by experienced users."

Kosaka said it took Provilla roughly four months to build its technologies, and that it already has the appliance installed at five beta customer sites.

The company is selling two versions of the device thus far, the LeakProof-100 server appliance, which features a single CPU, 2GB of main memory and 160GB of disk storage at a starting price of $20 per protected endpoint, and the LeakProof-500 server appliance, which offers dual CPUs, 4GB of main memory and 300GB of RAID disk storage for between $20 and $30 per year for each endpoint.

The LeakProof-100 device is designed to cover between 50 and 110 endpoints, while the LeakProof-500 is aimed at larger installations.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.

Rocket Fuel