Stay Out of the Kitchen: A DLP Security Bake-Off

Presented at Black Hat USA 2014, Aug. 7, 2014, 9 a.m. (60 minutes).

Despite a plethora of data security and protection standards and certifications, companies and their systems are still leaking information like a sieve. Data Loss Prevention (DLP) solutions have often been touted as the "silver bullet" that will keep corporations from becoming the next headline. With deployment models ranging from a fat agent on an endpoint, to a blinky-lights box surveilling all network traffic, to some unified threat management gateway with DLP secret sauce, these solutions are ripe for bypass - or worse. This talk will discuss our research into a handful of DLP solutions, including their capabilities and their shortcomings. We will demonstrate flaws in administrative and programmatic interfaces and the inspection engines themselves.

Presenters:

  • Zach Lanier - Duo Security
    Zach Lanier is a Security Researcher with Duo Security, specializing in various bits of network, mobile, and application security. Prior to joining Duo, Zach most recently served as a Senior Research Scientist with Accuvant LABS. He has spoken at a variety of security conferences, such as Black Hat, CanSecWest, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the recently published "Android Hackers' Handbook."
  • Kelly Lum / Aloria as Kelly Lum
    I have "officially" worked in Information Security since 2003, in everything from start-ups to government organizations to finance. I am an Information Security Officer at a financial company and read a lot of source code.

Links:

Similar Presentations: