Fox News (albeit not always the most “reliable” source) recently reported that information on the presidential helicopter known as Marine One was discovered on a computer in Iran. Apparently, a defense contractor had a file sharing program loaded onto a system that contained blueprints for the president’s helicopter - yes, the one we see landing on the White House lawn. Read the article.
This isn’t the first such breach via P2P. In fact, tons of folks have these applications loaded on business-issued hardware. Now DLP technology couldn’t stop that from happening. Application controls (client and web-based) are the best tools for that. There are, however, two ways DLP could have helped.
1) DLP could have discovered that the blueprints were on that machine before they were leaked, and assuming that violated policy, removed or secured them.
2) DLP could have intercepted the outbound traffic and prohibited it based on the fact that it contained the blueprints.
Of course, a comprehensive defense against this kind of threat would have six prongs: 1) Educate users so they know they can’t use these kinds of apps in the enterprise, and why, 2) Prevent users from downloading these apps, 3) Block these apps from running, 4) Block these apps from communicating via network application controls, 5) Prohibit storage of confidential data in unsecured locations, and 6) Block data (confidential) from being sent out across unauthorized, unsecured channels. Not all of this can be done with DLP.
BTW, the Discovery Channel recently did a terrific series on Air Force One and Marine One. Marine One, for those that don’t know, isn’t a single helicopter. It’s actually an entire fleet - four or five dozen.
