I noticed a new feature in an enterprise security package offered by GTB Technologies. This package protects companies from employees or other people on internal networks who send out content marked by the company as sensitive: trade secrets, sales data, customer contact information, and so on.
What makes this package different from most is that it can check content even if it’s encrypted. Essentially, companies can have their security cake and eat it too. They can allow widespread encryption to protect against snoopers inside and outside, while preventing employees from using that encryption to sneak company secrets out port 25 or even something as immediate as IM.
And GTB claims they can do this while adding only 3 milliseconds to each transaction.
The way GTB locks down security is as follows:
- All sensitive content is passed through software that takes a series of fingerprints, which are hashes of chunks of content.
- The company performs key escrow, requiring employees to use only keys that they store in a company repository for encryption. This is a good practice in any case, because you don’t want corporate material encrypted by a key only one person know.
- The employee can use any convenient, existing technology for encrypting content, such as email encryption or a Web server’s SSL. In other words, GTB doesn’t force a company to replace existing technologies in widespread use.
- Every outgoing transaction (email, Web pages, FTP, instant messaging) is checked against the fingerprints by a GTB server that sits between the originating system and the corporate firewall. When they encounter encrypted traffic, they contact the server that maintains the certificate and get the server’s key to decrypt the traffic and check the original content. Content that matches the fingerprint is blocked. If an employee uses unapproved encryption, or any other unapproved format, the company can choose to deny transmission.
This summary doesn’t indicate several impressive achievements claimed by GTB’s CEO, Uzi Yair, in a presentation to me. First is the fine granularity of the fingerprinting system, which is a bit reminiscent of the license enforcement services offered by Black Duck software and Palimida. The default chunk size is 512 bytes, so GTB can catch any chunk of information 512 bytes or larger from unstructured content (such as a Word file). The administrator can set the chunk size to any desired number.
Database data can be protected even more finely: each field of each row is fingerprinted. GTB works with any database that provides an ODBC interface.
And all this work is what they say can be done in 3 milliseconds! GTB uses the same technology to scan a network at a rate of 500 MB/minute, and identify sensitive data that may be exposed.