PortAuthority: Attacking the Inside-Job
Do you know where your campus security breaches are? Most IT professionals
who deal with security spend their time and budgets preventing intrusion from
the outside: viruses, worms, hackers, and thieves. By some estimates, more than
85 percent of security spending is devoted to resisting outside attacks. In
fact, it is more than likely that some of the security violations are coming
from inside, through the deliberate or inadvertent release of vital information
to unauthorized sources.
Campuses have much to protect: student records, intellectual property, personnel
information, and more. It is easy to imagine scenarios where data could be revealed—accidentally
or on purpose—to the wrong parties. How can an academic institution keep
this vital data inside its walls?
One approach would be to install a product called PortAuthority from Beverly
Hills-based Vidius. PortAuthority is a software solution that relies on “electronic
fingerprinting” technology to detect and quarantine any internal or outbound
security breach. The software analyzes outbound communication, examining how
the actual information is constructed within a given document or message, and
then assesses the information for a violation, using over two dozen sophisticated
algorithms. According to Kevin Moylan, vice president of product marketing for
Vidius, PortAuthority is the only product of its kind. “Without a doubt,”
says Moylan, “we can positively identify particular portions of confidential
information either in whole or in part. We provide the ability to identify it,
to quarantine it, and to notify the appropriate parties about the breach. All
of this occurs in real time.”
Vidius describes PortAuthority as far more reliable than key word filtering
(which can generate a lot of false positives) and encryption (depending on user
discretion and works only at the file level, not the information level).
No client-side encryption or viewing software is necessary with PortAuthority.
The software protects entire data sets or documents as well as portions or bits
of data, including any that have been modified, cut, copied, and pasted into
other files or messages. PortAuthority blocks the outgoing message, preventing
it from being distributed either internally or externally, and the system administrator
receives instant notification.
Vidius’s Web site statistics (from Richard Hunter of Gartner), that
“more than 70 percent of unauthorized access to information systems are
committed by employees, as are more than 95 percent of intrusions that result
in significant financial losses.” This statistic, of course, d'es not
necessarily include academic scenarios. No data is available on the amount of
unauthorized outgoing e-mail on campus. However, colleges and universities are
in a unique, and uniquely vulnerable position, in that hundreds or thousands
of new users come onto the system each year. Plus, academia’s commitment
to free speech and the free dissemination of ideas make it even more difficult
to exert control over data.
PortAuthority is configurable to meet the needs of particular campuses. Administrators
can designate which directory to monitor. Only designated information is inspected.
A block override function assigns specific personnel as “power users,”
granting them the ability to release blocked messages. A comprehensive reporting
feature tracks repeat offenders and policy violations. It also analyzes threats
to determine whether they are probably accidental or intentional. And its broad
file support feature supports over 250 native file formats, including Word,
Excel, and other common formats. The software is scalable and permits clustered
server environments.
For more information about PortAuthority, contact Vidius, Beverly Hills, CA;
(310) 888-2330; www.vidius.com.
