Transcript: Why content filtering is not enough

Description: Even with firewalls and content-filtering systems in place, critical information continues to leak outside organizations, according to Raj Dhingra of PortAuthority Technologies . He says what's needed is a different approach -- one that is based on learning specific data, rather than merely matching patterns and keywords.

Hi, I m Raj Dhingra, Vice President of Product Management and Marketing at PortAuthority Technologies, and today we re going to talk about why content filtering is not enough. If you re responsible for IT security, there s the good news and the bad news. The good news is that firewalls, IDS, IPS and content filtering systems are doing a good job of keeping the bad stuff out. What s the bad stuff? Viruses, attacks and spyware.

However, companies are having a difficult time keeping the good stuff in. And what s the good stuff? Your critical information—that s your customer data, your business plans, financials, your intellectual property, designs and your source code. So are content filtering systems good enough to stop these kinds of threats? In the last six months we ve seen a large number of data breaches occur, where this confidential information and customer data, including credit card numbers, social security numbers, source code and intellectual property has leaked from inside the organization to the outside.

According to a recent study by the Ponemon Institute, data breaches of these type cost in the range of $4 to 15 million per incident. No matter who you are, that s a lot of money. So let s talk about why content filtering is not enough.

First and foremost, content filtering systems rely on keywords and patterns. As a result, they generate a lot of false positives. That;s number one, high false positives. So if you look at a typical keyword or a pattern, so let s take an example of zip + four. That s 94306-1212. That s a zip code plus four. A content filtering system will identify that as a social security number, and we know that s a false positive.

Second, false negatives. Here you ve got a content filtering system, again, using a keyword or a pattern to be able to stop this sensitive content from leaking. As an example, I might be sending out a document that s classified and I know that the content filtering system is looking for classified or top secret. I can take those keywords out and now the content filtering system is not going to catch this document from leaking, making the system insecure.

The third risk is blocking communications. What content filtering systems do is either they can monitor or block the communications. Because of a lot of false positives, they re now going to start blocking legitimate communication. So I might be sending out a really important email to a customer. With a false positive, the content filtering system will block it from reaching the actual customer itself.

So to summarize, content filtering systems have three key risks—very high false positives, high false negatives, and they will block legitimate communications. What is really needed is a next generation approach of content security that does not use keywords and patterns, but is highly accurate and builds its accuracy based on actually learning your data, whether that s your customer data or your confidential information.

« Back to video