Educause Security Discussion mailing list archives
Re: GWU and content monitoring
From: Gary Golomb <coach () GWU EDU>
Date: Wed, 19 Jul 2006 10:20:41 -0400
Gary, My first reaction when I saw this solution was to wonder how much of our sensitive data is leaking encrypted (SSL, SSH, etc) versus unencrypted. Without spoiling the VAscan talk, do you have a sense so far of how useful the product has been?
As a simplistic analogy - you can compare it to IDS/IPS technology. While we all certainly have a percentage of encrypted traffic on the network, anyone running IDS/IPS knows you still catch a *lot* of illegitimate activity. Kind of the same idea here - although there's a big difference on the host side. Looking at the host locally from a security/incident response perspective is somewhat straightforward. (At least, it's been examined and discussed in the public domain for many years.) Doing the same for confidential data is not so straightforward. I think that'll be a significant theme of any talks we give on the subject and the work we've done to accomplish those goals... In the host versus network discussion, network auditing of this data also has the benefit of catching data from systems that are not included (or missed!) in host audits.
Current thread:
- GWU and content monitoring Jeff Brainard (Jul 18)
- <Possible follow-ups>
- Re: GWU and content monitoring Gary Flynn (Jul 18)
- Re: GWU and content monitoring Gary Golomb (Jul 18)
- Re: GWU and content monitoring Gerry Sneeringer (Jul 19)
- Re: GWU and content monitoring Roger Safian (Jul 19)
- Re: GWU and content monitoring Gary Golomb (Jul 19)
- Re: GWU and content monitoring Randy Marchany (Jul 23)