.

OpenDLP - data loss prevention tool

<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Tue May 11, 2010 12:38 pm

OpenDLP - data loss prevention tool

OpenDLP - data loss prevention tool

OpenDLP is a free and open source, agent-based, centrally-managed, massively distributable data loss prevention tool released under the GPL. Given appropriate Windows domain credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems from a centralized web application. OpenDLP has two components: a web application and an agent.



For more information, please visit - http://code.google.com/p/opendlp/
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

MicroJay

User avatar

Full Member
Full Member

Posts: 101

Joined: Wed Feb 04, 2009 4:19 pm

Post Tue May 11, 2010 2:03 pm

Re: OpenDLP - data loss prevention tool

Nice find!  I am actually in the process of looking for a DLP solution.  Unfortunately the costs are extremely high (not compared to the fines that could be subjected if data was to leak) for the devices.  I would definately need the "Future Plans" of...Perform real-time monitoring of PCs' network cards to report outbound sensitive data.  That to me is a key feature for what I need it to do.
GSEC - GCIH - GSNA - GPEN
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue May 11, 2010 2:20 pm

Re: OpenDLP - data loss prevention tool

MicroJay wrote:Nice find!  I am actually in the process of looking for a DLP solution.  Unfortunately the costs are extremely high (not compared to the fines that could be subjected if data was to leak) for the devices.  I would definately need the "Future Plans" of...Perform real-time monitoring of PCs' network cards to report outbound sensitive data.  That to me is a key feature for what I need it to do.


You know what's funny... I was at an 'organization' meeting last year, someone was talking of DLP and managed keys (www.voltage.com) and I'm sitting and listening and I was 1) bored to be there 2) listening to a bunch of marketing nonsense 3) confused as to the end game...

So you go out and purchase your fine piece of DLP (I use Oracle's IRM Desktop), disable USB connections, remove DVD burners, throw a machine into C2 mode. Removing printing, copy and paste functionalities, heck even remove the ethernet card why don't ya... This makes you ... How secure? Sure, to a certain degree, but it doesn't stop me from coming to work with my cellular equipped with a camera and taking snapshots. ... Alright, so we no throw in policies: "Thou shall not bring thy cellular to work..." Sometimes it gets so boring and cumbersome.

Onto the ramblings I have about the Open Source model of OpenDLP" How many people here have seen some really cool, creative and useful open source tools throughout the years raise your hands!" me, me, me! ... "How many people here have seen some really cool, creative and useful open source tools go the way of the dinosaur when the developer gets bored, egos collide and now you're stuck in limbo raise your hands!" ... me, me, me...

This (OpenDLP) for the enterprise is not something I would even play with. Small office under say 25, sure... When Murphy and his laws take over, I want support on the phone. Not having to jump on irc.freenode or a mailing list. Its a nice thought, project, work in progress whatever you'd want to call it, but I'd rather pay to sleep at the end of the day.
<<

bamed

Newbie
Newbie

Posts: 48

Joined: Thu Mar 19, 2009 7:05 pm

Location: Joplin, MO

Post Tue May 11, 2010 2:46 pm

Re: OpenDLP - data loss prevention tool

sil wrote:... but I'd rather pay to sleep at the end of the day.


You mean if I pay somebody else to support their own product, I don't have to always know everything about everything 24/7/365?

Somebody should tell my boss this.
chown -R bamed ./base
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue May 11, 2010 2:57 pm

Re: OpenDLP - data loss prevention tool

bamed wrote:You mean if I pay somebody else to support their own product, I don't have to always know everything about everything 24/7/365?

Somebody should tell my boss this.


Absolutely ;) Open Source is good for a lot of things. I use ZenOSS, OSSIM, Nagios, etc., constantly but I'm (I'd like to think) versed enough to diagnose what's going on when I have to. In an enterprise environment, there is often going to be instances one would need find equally versed administrators and engineers to maintain these applications. I can tell you firsthand you don't want to run into legacy things where support is non-existent. Costs you more in the long run.

This is an altogether different argument I've seen and discussed before (FOSS vs. Pay for Play). At the end of the day, you would actually lose so much money migrating people away from MS Office for Open Office. For starters there is the training involved. At the enterprise level you're looking at potentially hundreds of thousands in lost money via lost hours because people would be learning as opposed to actually doing something productive.

On the other hand, you're free from licenses... So what. So you spend say $100,000.00 in licensing costs for the year... Steep price? Is it a steeper price to pay when you lost say a $1,000,000.00 account because someone consistently forgets to "SAVE AS" for Windows compatibility? Sure its nice to get stuff for "free" (if you will) but there is almost always another unforseen cost.
<<

MicroJay

User avatar

Full Member
Full Member

Posts: 101

Joined: Wed Feb 04, 2009 4:19 pm

Post Tue May 11, 2010 3:02 pm

Re: OpenDLP - data loss prevention tool

@ bamed - I hear you loud and clear!  ;)

@ sil - What about pen and paper?  We'll have to write a policy on no writing devices including no etch-a-sketch's!   ;D

On one of our last security audits, I debated on how far are we to take DLP as it all comes down to how much does a person want the info.  All they need is the pen and paper to complete their task.  (Granted, in the industry I work in, CC numbers are not worth taking!  I know there are more PII that needs to be watched for and we take it all seriously as well.)

I guess the saying "the pen is mightier than the sword" is truth in this case!
Last edited by MicroJay on Wed May 12, 2010 7:10 am, edited 1 time in total.
GSEC - GCIH - GSNA - GPEN

Return to Tools

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software