– in Microsoft Word files, Excel spreadsheets, software source code, engineering design files or email messages – making them easy targets for accidental data leaks or even espionage. If these IP assets get into the hands of foreign businesses the economic impact can be tremendous.
It’s increasingly important that organisations protect their IP not only to address competitive risk within the US but also to address the risk of knock-offs and counterfeiting overseas. Here’s a top 10 list of things US companies can do to better to protect their IP.
1. Identify known content risks
It’s critical for organisations to have the tools to scan their network, including desktops, file shares and other repositories, for their IP assets. Often organizations will know where a portion of this data resides, for example in a server used by the engineering team, but they need discovery mechanisms to find all instances of sensitive data and identify new or updated content.
2) Create content signatures and filters
Once an organisation identifies known sensitive content, it needs technology that can generate unique fingerprints of the content to protect it going forward. These fingerprints should be designed to enable filters to detect sensitive content moving across the network even if has been modified — for example, if the source file has been renamed — or is an excerpt of a larger source file.
3) Use port-and-protocol independent analysis
To protect IP data flowing across the network and outside of an organization, the entire network and all traffic needs to be monitored. It’s not enough for an organisation to monitor email, web or IM traffic. Numerous techniques exist for exploiting holes and re-direction mechanisms on the network. These techniques can, for example, make applications route SMTP protocol traffic (or FTP or IRC or P2P traffic) over non-standard ports or via Port 80, the most open port in most organisations.
4) Align deep content inspection with policy definitions
Inspection needs to be thorough enough to look at all content types and even at meta-data embedded within a file. Sensitive data takes multiple forms and in some cases is not as easy to define as a known file or a set of keywords; it is more likely to be strings of content elements linked together that compromise an IP asset. Corporations thus need flexible mechanisms for defining IP protection policies and ensuring that inspection techniques and related policies align with one another and are accurate and effective.
5) Pay attention to alerting and policy enforcement
For protecting IP assets, notifying IT administrators, the legal department, or security officers of security breaches can be important. In addition, end-user alerts can be valuable for educating users and modifying their behaviour to ensure appropriate handling of sensitive data. Enforcement actions can also be important for blocking and stopping traffic that represents risk, such as an email message or Webmail session that discloses sensitive information.
6) Use both delegated controls and remediation
A number of different stakeholders within an organisation may be involved in defining IP protection policies, addressing incidents or handling remediation. Such situations require a workflow-like process plus delegated controls.
7) Make sure to have a historical capture database
Constant tuning and adjustments are required for the greatest IP protection, so capturing network events in a database for later analysis can help organizations constantly learn more about network activity and traffic patterns. After-the-fact analysis can not only lead back to the root cause of a sensitive data leak, but also point to unusual patterns. These patterns may be caused by traffic from malware programs on the network that find data and send it to remote destinations or by emerging IT applications running on the network that expose the organisation to risk.
8) Leverage existing investments
An ideal IP protection solution should plug into existing infrastructure elements such as email gateways, network switches, web proxies, and encryption servers for blocking and enforcement. The solution should also leverage any intrusion detection systems (IDS), firewalls, and vulnerability assessment solutions in the environment to gain more intelligence on low-level network activity and boost its accuracy and overall effectiveness.
9) Gateway solution first
Gateway solutions provide a single point for complete data protection since they monitor all incoming and outgoing traffic. Many customers have found the cost and coverage advantages of gateway solutions are adequate but are still weighing the pros and cons of adding protection with desktop agents. Highly security-conscious organisations have the option of locking down their desktops so no one can add unapproved software. Or they can disable USB drives so no one can export and take sensitive data off the network via that channel.
10) Understand the benefits of an appliance-based solution
Many security vendors have already standardised on the appliance approach since it delivers superior reliability and performance. Appliances inherently have more built-in security than software packages deployed on a general-purpose server that can be breeched by hackers or malware. For IP protection, an appliance solution provides the best cost of ownership, since setup and management is easier. Plus an appliance solution simplifies upgrades for the latest software releases, as the vendor can periodically deliver new policies and filter technologies.
- Ratinder Paul Singh Ahuja is chief technical officer of Reconnex
10 ways to protect intellectual property
By Ratinder Paul on Feb 28, 2007 3:21PM