I’ve Met the Enemy and Apparently, the Enemy Is a USB Stick

In my travels along the aisleways of RSA 2007, it became quite clear that USB sticks are the biggest threat in the world. Bigger than the Yankees, trans fat or Dr. Evil, apparently. It’s common knowledge that portable storage is a bane to corporate security. A user, malicious or not, can walk out of the building with sensitive data about customers, employees or intellectual property. Lose that stick, lose control over the data. I’ve heard more than one tale of IT staffers, as a last resort, epoxying USB ports shut to cut off device usage. But the amount of brain power dedicated to providing a product to solve this problem is staggering, as I talked to dozens of security companies looking to provide an answer. Safend, Code Green, Utimaco, SecureWave, Kingston, RedCannon — the list goes on and on — and I’ve only covered half the show floor so far. For some, solving the problem of data leakage is the beginning and end of the solution — although companies like Safend do look to shore up leakage via other wellsprings like Wi-Fi, Bluetooth or tape drives. For others, the capability may be bolted on to some other security function. In our recent review of Bit9’s Parity, we noted the ability to control read, write and execute behavior to external drives in addition to its core functionality of process validation and approval. It seems that customers are asking every host-based security company they deal with to provide some relief for the problem, and they all are responding. And now, with Windows Vista, the operating system will be able to provide controls as well. Perhaps most interesting of all, however, was the recent announcement from Code Green Networks. Code Green is a data extrusion security company, monitoring network traffic for outbound sensitive data or intellectual property (a la Vontu or Vericept). But at the show, Code Green announced plans to provide similar defenses against the sneakernet, providing content detection down to the portable device level. The product, called the CIA (Content Inspection Agent), is actually a rebranded version of Centennial Software’s DeviceWall. In the initial iteration, which should start shipping in March, the CIA will provide policy-based controls with which to access the storage devices, audit file transfers and encrypt data. But the really juicy content-inspection component likely won’t be available until the next revision, which is due sometime in Q2. And integrated management with the network components? That will be even later.