tag:blogger.com,1999:blog-4088979.post8572321324733025716..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: "Protect the Data" Where?Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-4088979.post-15591496300440315932009-10-12T18:51:47.228-04:002009-10-12T18:51:47.228-04:00@taosecurity RT "Intruders direct their effor...@taosecurity RT "Intruders direct their efforts toward the sources that are easiest and cheapest to exploit."<br /><br />This matches with our experience as well. There are numerous documented cases of large scale internal data-spills that become the focus of attack. The classically trained security teams have no idea that these data spills exist as a possible target. Independent data backing this up: p.34 of VDBIR:2009<br /><br />How to find these data spill events? Information Centric methods do this exceedingly well.<br /><br />You go on to say: "Once other options have been eliminated, the ultimate point at which data will be attacked will be the point at which it is useful to an authorized user."<br /><br />What's the best way to find the most at-risk authorized user? A good starting point would be those with heavy loads of confidential data on their endpoint systems. Once those systems are ID'd, enterprises can make sharp decisions about further lock-down on those systems and that data.<br /><br />Look, we agree that just encrypting everything or DRM'ing it all is not the end solution; but I think you under-estimate how far advanced the new capabilities are in the detection of exposure and flow of sensitive data.<br /><br /><br />Enjoying jousting against you on this topic,<br /><br />@krowney<br />p.s.: Great blog!Kevin Rowneynoreply@blogger.com