August 9, 2010 at 6:15 pm #5453
Re-posting this… had to change something.
Have a customer looking for a Linux equivalent of Cornell’s ‘Spider’. The download page for Spider shows Unix source, but customer having issues compiling on theirs, and are looking to see what other tools might already exist for Linux with the same functionality. Basically, they’re looking to see what else is available.
August 9, 2010 at 6:43 pm #34441silParticipant
Read reviews @ http://securosis.com/blog/optimism-and-cautions-on-opendlp/
(read comments as well, definitely important)
August 9, 2010 at 6:45 pm #34442
Thanks, sil! (Note to self and sil – almost expected you’d be one of the first to reply ;))
August 9, 2010 at 9:07 pm #34443silParticipant
Sorry for the fast answer without explanations… Long weird day. Personally, if a company needs this level of security for files, you’re better off going with a commercial solution to avoid the headaches of configurations, broken builds, projects – that when the developers get fed up/bored/tired/have_tit_fits – go the way of the dinosaur.
I’ve seen many neat open source projects go kaput, developers go bonkers and fork off program after program after program. This is time consuming to have to go back, reconfigure, cross your fingers and hope they stay supporting it, etc.
Right now I use Oracle’s IRM and its… eh (whatever). McAfee’s DLP is eh… (whatever) Not much any of these can do against someone exfiltrating data via say socat, encrypted zip’s||rar’s||etc. They can also be pricey, for example, McAfee for 500 users along with the gateway is about $65k which is a tough pill to swallow for some SMB’s. Heck, most SMB’s.
On the flip side of this, there is the cost of doing nothing and hoping it doesn’t happen to you:
This week Fort Worth Allergy and Asthma Associates spent $15,000 mailing letters notifying the clinic’s 25,000 patients of the burglary. The stolen computer database also contained patient’s addresses and diagnoses, Dr. Robert Rogers said.
Organizations are getting hit by at least one successful attack per week, and the annualized cost to their bottom lines from the attacks ranged from $1 million to $53 million per year, according to a newly published benchmark study of 45 U.S. organizations hit by data breaches.
A federal judge in Worcester is pondering whether to grant bail to a 45-year-old Westborough man who, in a highly unusual case, is accused of economi espionage for allegedly sending trade secrets about insecticides to China.
He said the value of the information that Huang allegedly passed on exceeded $100 million.
NOTE All of those happened within 30 days 😉
August 9, 2010 at 10:37 pm #34444former33tParticipant
Sil brings up a great point. I LOVE open source software for home use. I’m not a fan for work use. It’s been my experience I spend more time dealing with build problems, updates, broken features, etc than is worth it to save the cost (not to mention they usually have a smaller feature set).
If you are planning to use anything with version 0.2.2 for your DLP, just tell management to plan on dedicating something close to an FTE to fully support it. That makes the pill of the licensing cost of commercial software easier to swallow. If on the other hand management wants to get involved with the project (name recognition in the community, whatever), more power to them and you for supporting it.
Just remember, using open source software isn’t really free….
August 9, 2010 at 11:05 pm #34445
Points well made, and understood, by both of you.
sil, I chuckled a bit, at your initial reply, as openDLP is obviously an excellent choice, but they target it so heavily at windows environments, and believe it or not, the folks who’d asked me were NOT considering their Windows machines, and looking at their *nix environments, only. When they saw openDLP, however, they jumped quickly to at least evaluate it for their ‘other’ needs.
Understand, when I posed the question, it was solely from a customer who values opinion, but wasn’t really asking for mine. Not asking me for advisement or anything else, but simply looking for other alternatives that THEY could research for themselves. They were simply looking for any alternatives that anyone might’ve been aware of, in the security community where I regularly work / chat / discuss.
That said, I full agree with all points, that when dealing with this sort of software / DLP solution, free most certainly is NOT always, and not very often at all, the best solution, when dealing with company / customer data, and regulatory requirements, etc.
Ultimately, for what they need, I think they will end up going with spider, as it does suit their requirements, and is pretty highly regarded in similar business lines, to their own, for their purposes. They were having ‘user’ difficulties with install / compile, and were doubting. It has been pointed out to them that IF they’d update their Linux of choice, to more recent code, spider installs and / or compiles very simply and cleanly. So we’ll see what they decide to do.
Again, as always, nice to chat with others, and share / gather opinions. And again, sil, thanks for clarifying your statements and ideas, for those (similar to another thread the past couple of days) who might not fully follow your meaning without clarification. I’m much the same as you, in that regard, as I often find it easier to spell out my thinking clearly. I’ve even been accused by my employer a few times, of being too wordy… Funny thing, though, when it mattered, MY words were the ones used.
Thanks and have a great night, gents!
August 10, 2010 at 1:08 pm #34446paymentproParticipant
I found this discussion helpful – thanks guys.
My needs for DLP were more centered on PCI DSS. For this I tried the latest version of Cornell Spider some months back and found the amount of time needed to sift through the unreliable results was not feasable.
I agree with the statements below – not all open source solutions are great and some people do get too caught up on the pro-opensource arguement.
Given PCI compliance was my requirement, I found a more specific solution called Card Recon (http://www.groundlabs.com).
It supported win, linux, aix, hpux and solaris. I’ve since recommended for use in many client sites with great success.
If your trying to find other non-PCI data such as HPIA etc, this solution is probably not the one to go for. Perhaps OpenDLP will progress far enough on that front to be the winner for other types of data.
- You must be logged in to reply to this topic.