Presented at
Black Hat Asia 2016,
Unknown date/time
(Unknown duration)
Despite a plethora of data security and protection standards and certifications, companies and their systems are still leaking information like a sieve. For instance, Data Loss Prevention (DLP) solutions have often been touted as the "silver bullet" that will keep corporations from becoming the next headline. With deployment models ranging from a fat agent on an endpoint, to a blinky-lights box surveilling all network traffic, to some unified threat management gateway with DLP secret sauce, these solutions are ripe for bypass -- or worse.
This talk will discuss our previous and current research into a handful of DLP solutions, including their capabilities and their shortcomings. We will demonstrate flaws in administrative and programmatic interfaces and the inspection engines themselves.
Presenters:
-
Kelly Lum / Aloria
- Tumblr
as Kelly Lum
Kelly Lum has "officially" worked in Information Security since 2003, and is currently a Security Engineer at Tumblr where she brings her decades worth of application security experience in the financial and government sectors to the microblogging world. She regularly speaks about reverse engineering at various conferences, including Black Hat, SummerCon, and COUNTERMEASURE. Additionally, she teaches as an adjunct professor of Application Security at NYU.
-
Zach Lanier
- Cylance
Zach Lanier is a Director of Research with Cylance, specializing in various bits of network, application, mobile, and embedded security. Prior to joining Cylance, Zach most recently served as a Senior Research Scientist with Accuvant Labs, and prior to that as a Senior Security Researcher with Duo Security. He has spoken at a variety of security conferences, such as Black Hat, DEF CON, CanSecWest, INFILTRATE, Countermeasure, and SummerCon, and is a co-author of the "Android Hackers' Handbook" (Wiley, 2014).
Links:
Similar Presentations: