Monday, October 16, 2006

Extrusion Detection Sightings

I've noticed the term extrusion detection appearing more frequently, usually tied to the latest buzzphrase -- "insider threat." The GSA-loving magazine Federal Computer Weekly recently mentioned the following:

Emerging tools known as extrusion-detection systems are helping government agencies and private companies detect whether sensitive information is leaving their organizations...

“Our goal is to monitor traffic from the inside going out,” said Daniel Hedrick, product manager at Vericept and a former intelligence officer in the Air Force. “If I see content going out the door, with or without the approval or the knowledge of the user, I will automatically encrypt it.”
(emphasis added)

Wow, that's something. So once this "content" is "encrypted," what does the intended recipient do with it? I'm hoping this is an example of a writer misreporting Mr. Hedrick's answers to questions.

I mildly dislike seeing terms become hyphenated (e.g., "extrusion-detection") for no reason. I strongly dislike people claiming to invent terms. Consider the following SearchSecurity.com story:

Symantec Corp. says its latest products and partnerships will thwart online outlaws who attempt to raid company databases for sensitive information that can be used for a variety of fraud...

Symantec executives cited the growing number of data breaches and the resulting exposure of confidential information as the motivating factors behind the release of the tool. "It has a feature that I call extrusion detection, which alerts administrators when sensitive data is leaving the network," Steve Trilling, Symantec's vice president of research and advanced development, said in an interview recently. "And it operates on a copy of the network traffic, so it doesn't slow anything down."
(emphasis added)

Now I know who coined the phrase extrusion detection... not. As I wrote three years ago, Robert Mozkowitz and Franke Knobbe have the best claims, dating back to November 1999.

Finally, this morning I stepped one toe into the audiobook world by recording an excerpt of my latest book Extrusion Detection within a joint Addison-Wesley and SearchSecurity.com (free) project. I don't know why people pirate my books when more and more parts are appearing online in one form or another!

When this recording (about 10 minutes) is available, I'll post a notice here. If you find the idea interesting, please let me know.

Thanks also for the many kind comments about the birth of my daughter. My family (including me, obviously!) appreciates it greatly. I also like seeing the sites that blindly repost my content (without attribution) reporting the addition to my family. :)

4 comments:

Anonymous said...

I've spotted extrusion!

Here...

Sorry, I had to. My undergrad is in Mechanical Engineering.

Richard Bejtlich said...

Good point -- "extrusion detection" is a weakly cool way of warping "intrusion" to mean watching outbound traffic. I guess I used it because it succinctly makes the point and was not over-used when I first came across it.

Coldguy said...

Just what every security professional wants for Christmas, an audio copy of Extrusion Dectection, including code!

Mike said...

Wow, I can see the marketing wheels turning... How long before giant security company turns extrusion detection into:

EPS - extrusion prevention system.