In an enterprise or organization environment, the threat from insiders and invasion from the outside are greatly different from each other although both are the acts of hacking and stealing of intellectual assets. The difference lies in that environmental information of the subject needs to be gradually depicted for invasion and stealing after long-time information environment sniffing or social media engineering operation. Even the above mentioned operations may be repeated after targets are selected until expected results are achieved.
From an insider’s perspective, he or she is familiar with internal information status and management environment and even masters the approach to bypassing the control via channels. The insider has the ease and information that God’s favored one owns for the stealing of data. Although he or she does not have the super right for MIS internal control of the enterprise or organization, there is a sufficient opportunity for him or her to steal data in the enterprise environment and cause the consequence. Therefore, “a wolf in sheep’s clothing” inside the enterprise will cause great losses to the enterprise or organization and highly sensitive organizations relating to national security, military events, foreign affairs, technologies, etc. should pay more attention to relevant management and control.
There is a more secure protection cooperation relationship between VDI and DLP after integration.
VDI actually has the basic capabilities of some DLPs and is excessively rendered. However, it cannot be denied that VDI can enable the MIS authority to establish unified management and control standards and consistency of information assets. From a perspective of MIS management, burdens can be actually relieved. However, this is another cup of tea if data protection or post-event identification and analysis by the enterprise or organization is involved. FineArt has paid great attention to the attack and defense of various information system integration application environments for long term and can solve the confusion of the application of VDI.
- VDI cannot replace the powerful blocking and recording functions of DLP. In the technical exchange among international data security experts and hacker forum, even the App mode can be penetrated, not to mention that the insider has the right to log in. Some simple methods can leverage the underlying instructions of the operating system to achieve the purpose of stealing data.
- The insider is familiar with internal network environment and management and control. He or she can take advantage of the vulnerability of the operation and defense between the computer and host to achieve the purpose of penetration and stealing.
- In the Internet world, the physical MITM device sold by hacker organizations bootlegs the screen information, so screen records provided by VDI can insufficiently demonstrate who steals data and the countermeasure still relies on the management, control, recording and analysis capabilities of DLP.
- VDI has he so-called dynamic Guest mode and personal storage space. In the dynamic Guest mode (non-fixed mode), storage media space and IT device investment cost needed by MIS can be saved. However, as the dynamic Guest mode is not a fixed mode, such mode may be erased after each shutdown. Therefore, there is a lack of relevant operation records and it is difficult to provide evidences. So a problem arises that the MIS authority faces the difficulty in providing evidences and is blamed by higher levels in case of data leakage.
- Additionally, hackers or data security experts already have many disclosed filtration testing techniques for VDI to propose many filtration and invasion modes for the environmental security of VDI. The so-called attack and defense cannot be ensured by a single product and this is an indisputable fact.
So we should enable VDI and data security protection products to each perform their own functions for combined defense! This is a comment after we deeply analyzed technical defense of VDI and internal risks of the enterprise. It is recommended that articles may be searched for on the Internet and you can find that many data security experts raised many relevant recommendations on the VDI environment security.
Focus on security protection of SVN source code for the research and development by enterprises
It has been always most difficult for enterprises to defend for the protection of their source codes. In the physical isolation, development deliverables should be transformed as profiting products and these deliverables are important assets for the survival of the enterprises. Taking SVN as an example:
- Encryption of contents of the legacy DRM product and operation mode affects and restricts the capability of Diff comparison and also greatly decreases the work efficiency of developers and the ease of program debugging.
- Traditional DRM encryption also causes the risk of file loss which causes the loss of development deliverables and we must take caution of this.
- The results from research and development must be official products. Such process is a vulnerable point for defense and source codes are easily leaked.
- In the program development process, many meetings or result demonstrations are held. Fragments of source codes are separated from the physical protection environment and this is also a channel for leakage.
- A senior R&D engineer may also commit or pull relevant R&D results through the program that he writes. Such environment is the risk problem that the MIS or senior management of the enterprise should consider.
- Source codes may be also obtained via the Debug mode of the development tool and brought out after being packaged and processed. The data security audit department of the enterprise or organization has no capability of mastering relevant techniques and also discovers such problem in internal control of internal risks.
- Source codes are zipped as exe. products and embedded onto relevant high value devices such as robots or industrial control computers and then sold. Subsequently, it is discovered that such source codes are reversely engineered and decompiled and development deliverables are duplicated to products of another company.
Are you still working hard to figure out countermeasures for these risks of leakage of source codes? FineArt’s professional SVS product can solve the above mentioned risks and of course can be suitable for the protection of internal data of the enterprise.
The friend-foe identification function solves the problem that the insider penetrates the defense by carrying a device without permission.
Previously mentioned VDI and source code protection are actually a problem of integrated security, but an important management and control process, namely the friend-foe identification function, must not be ignored. The traditional MIS personnel know the NAC function or the blocking of an external device with ARP packaging. Blocking an external device with the attack approach also causes great pressure to the enterprise or organization, so time should be taken to perform identification and differentiation whether the traffic is the one caused due to the attack or blocking of external device for the purpose of the analysis of data security records.
On the other hand, is there an opportunity to more easily establish a more sophisticated defense. For example, the ERP system should be only provided to financial personnel but management or the database or ERP host of the ERP system must not be involved…From a MIS perspective, it must be very confused when we think of the level by level policy setting of the firewall. Therefore, a question arises that is there a quicker method for management?
In addition, the external device such as Raspberry Pi is more and more miniaturized and there is an opportunity for it to pass by the walk-through metal detector or a smart phone becomes a server after being rooted. This is a relatively tough environment for the defender for data security.
Conclusions
We can achieve the purpose of protection based on more explicit and easier management and control policies by combining the above mentioned risk problems with advantages. FineArt proposes the SVT friend-foe identification system and integrates the DLP and SVS management and control mechanism. This can greatly reduce the risk of data leakage of the enterprise or organization and strengthen the protection of operation information assets of the enterprise.