Re: GWU and content monitoring

[Gary Golomb <coach () GWU EDU>]

> Gary,
>
> My first reaction when I saw this solution was to wonder how much
> of our
> sensitive data is leaking encrypted (SSL, SSH, etc) versus
> unencrypted. Without spoiling the VAscan talk, do you have a sense
> so far of how
> useful the product has been?

As a simplistic analogy - you can compare it to IDS/IPS technology.
While we all certainly have a percentage of encrypted traffic on the
network, anyone running IDS/IPS knows you still catch a *lot* of
illegitimate activity. Kind of the same idea here - although there's a
big difference on the host side. Looking at the host locally from a
security/incident response perspective is somewhat straightforward. (At
least, it's been examined and discussed in the public domain for many
years.) Doing the same for confidential data is not so straightforward.
I think that'll be a significant theme of any talks we give on the
subject and the work we've done to accomplish those goals... In the host
versus network discussion, network auditing of this data also has the
benefit of catching data from systems that are not included (or missed!)
in host audits.