Data Leak Prevention Products Mature; Trojans on the March

Independent reports have shown a significant growth in the size and breadth of the data loss prevention (DLP) security market. In other news, the scope and destructiveness of malware continues to increase, while Trojans that are capable of stealing sensitive bank information are becoming more difficult to detect and stop.

Focal Points:

• The past year has seen a strong growth in the acceptance and presence of DLP technologies in the enterprise. One of the indicators of this is the number of mergers and acquisitions that have happened in this space, including EMC Corp.'s acquisition (through RSA) of Tablus. A separate report had found that over $1.4 billion in acquisitions have occurred in this market since July 2007, with the market shifting from a focus on the enterprise networks to protecting data loss at the endpoints as well. Other vendors that remain focused specifically on DLP include Code Green Networks, Inc. and Fidelis Security Systems, Inc.
• A recent Security Intelligence Report published by Microsoft Corp. determined that the use of Trojan downloaders is increasing, while the presence of classic viruses is in the decline. The report gathered data from millions of Windows-based personal computers worldwide. The report showed Trojan malware as the most prevalent, constituting over 30 percent of malware found on those machines. While automated software that detects signatures is working fairly well, Trojans that exploit personal user behavior is much more difficult to detect and stop. On the other hand, the presence of viruses dropped from about 10 percent to under 5 percent in first half of 2008. Spyware infections also declined to 2 percent from around 5 percent. The vast majority of vulnerabilities, over 90 percent, were found in applications, while 10 percent were found in the operating system.
• The FraudAction Research Lab at EMC Corp.'s RSA division discovered a massive amount of financial data that was stolen by the Sinwal Trojan. Researchers said that this Trojan uses a rootkit to infect the master boot record of personal computers, which allows it to bypass most malware detection software. Researchers found the Trojan has stolen almost 300,000 bank log-ins, as well as credit card and debit card numbers and their related personal information. It is estimated that this Trojan and its variants have been used to target over 2700 financial service domains across the globe. RSA Security researchers estimate the Trojan has compromised over 100,000 bank accounts just in the last six months.

Experton Group believes the shift in focus from protecting the network to protecting data is the right move for security policy. As different companies become increasingly connected and more workers do business outside of traditional company boundaries, the borders that defined the classic corporate network boundary are eroding. With network based attacks continuing to rise, and with the majority of successful attacks coming from "inside jobs", IT executives should establish data-based security policies using enforcement mechanisms that can safeguard data and track its creation and use.