Back to the Kitchen: DLP Security Bakeoff, THE SEQUEL

Presented at Summercon 2015, July 17, 2015, 11 a.m. (50 minutes)

As we all know, computer security products are completely infallible and, themselves, totally secure. Furthermore, Data Loss Prevention (DLP) solutions are, hands down, the panacea for all data leakage woes. But, we decided to pretend for a minute that they weren't, AND YOU WON'T BELIEVE WHAT HAPPENED NEXT! Despite a plethora of data security and protection standards and certifications, companies and their systems are still leaking information like a sieve. With deployment models ranging from a fat agent on an endpoint, to a blinky-lights box surveilling all network traffic, to some unified threat management gateway with DLP secret sauce, these solutions are ripe for bypass - or worse. This talk will discuss our previous and current research into a handful of DLP solutions, including their capabilities and their shortcomings. We will demonstrate flaws in administrative and programmatic interfaces and the inspection engines themselves. Additionally, we will revisit the tools and techniques we used to discover these issues.

Presenters:

• Kelly Lum / Aloria   as Kelly Lum
  Kelly has "officially" worked in Information Security since 2003, and is currently a Security Engineer at Tumblr where she brings her decadeâs worth of application security experience in the financial and government sectors to the microblogging world. She regularly speaks about reverse engineering at various conferences, including BlackHat, SummerCon, and Countermeasure. Additionally, she teaches as an adjunct professor of Application Security at NYU.
• Zach Lanier
  Zach Lanier is a Senior Research Scientist with Accuvant Labs, specializing in various bits of network, application, mobile, and embedded security. Prior to joining Accuvant, Zach most recently served as a Senior Security Researcher with Duo Security. He has spoken at a variety of security conferences, such as Black Hat, DEFCON, CanSecWest, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the "Android Hackers' Handbook" (Wiley, 2014).

Links:

• https://www.summercon.org/archives/2015/presentations.html#dlp

Similar Presentations:

• Black Hat Asia 2016 / The Kitchen's Finally Burned Down: DLP Security Bakeoff
• Black Hat USA 2014 / Stay Out of the Kitchen: A DLP Security Bake-Off
• DeepSec 2013 „Secrets, Failures, and Visions“ / Static Data Leak Prevention In SAP - The Next Generation Of DLP