What’s been happening at InfoWatch?

InfoWatch is actually a group of companies now, which works in the security field. We provide different solutions for enterprise security. Our main focus is on data leakage prevention (DLP) with our product, InfoWatch Traffic Monitor. This solution was created in 2001. At that point InfoWatch didn’t even exist and the product was initiated by Kaspesrky Labs. InfoWatch was then created based on the idea that we would protect the information that leaks out of the enterprise.

Since then, we’ve added a few solutions to this main product and in 2011 we acquired German company Pegasus Software – they specialise in end-point security.

What do you think should be the main considerations for companies when it comes to DLP?

DLP is actually a very complex class of product because it’s not a software as such. When we talk about DLP we are not talking about a solution. We’re talking about something that companies should analyse deeply. What does a company want to achieve? What does it want to protect? And what kind of rules will it apply? When I hear a company say that it has implemented DLP because it has bought a certain product, it sounds very strange to me. In my opinion, there is a need to undertake a huge amount of preparation work before we even begin to talk about any DLP implementation. Preparation can involve discussing how this information will be treated – will it cease to be confidential after three months, for example. We need to decide exactly who will be allowed access to this information. Will we block information or simply monitor it then investigate any incidents?

At InfoWatch we have created a process for DLP, which consists of three steps. First, we have the preparation stage, called pre-DLP. Our consultants talk to the clients, analysing the customer needs and deciding what needs to be done. The second stage is the easiest stage – the implementation of the software. The third stage is where we identify any violations, eliminate the incidents and bring those responsible to justice. For this, we must collect the relevant information that can help us investigate the incident thoroughly and prepare evidence to put before the courts.

Only when the preparation has been completed thoroughly can you expect a DLP implementation to work well.

 

Are there any differences between the UK and the rest of Europe when it comes to IT security?

The main difference is in the legislation. In information protection there is a lot of legislation. And this varies from one industry to the other. For example, in the banking sector there is a lot of legislation when it comes to the likes of producing bank cards. There is also a lot of legislation surrounding sending information out. In the UK there is a special law aimed at controlling data leakage and protecting personal data.

Companies are obliged to publish information about such data leakage but this is not the case in continental Europe. As far as data protection is concerned, the UK is far more developed but it’s also far more competitive. In continental Europe the attitude towards data protection is changing. It’s changing slowly but we can see the transition taking place. Even five years ago it was almost impossible to sell DLP as a class of product in continental Europe. But right now, everybody understands how important it is to protect information and how much damage can be done to businesses if they don’t protect it. Continental Europe is now discussing legislation in this area and they will probably accept a law similar to that of the UK. I really hope that this situation will change.

What kind of impact do you think BYOD has had on security?

It’s a mess that was given a beautiful name. An unregulated mess. BYOD means that you’re allowed to use any devices you want and in terms of security that’s very difficult to manage – almost impossible. There is no tool that exists in the world today that could cover all possible mobile devices, with all updates and upgrades, which are produced constantly.
With BYOD there are a number of platforms, such as Android and iOS, plus variations of hardware, and unfortunately the hardware manufacturers develop products differently so Android, for example, works differently from one device to the next.

From a developer’s point of view, we need to build up a new version of security for each potential device or variant. We once counted how many platforms we would need to cover in order to protect people from this mess and it’s more than 3,000 platforms. Nobody does it.

If a company allows BYOD there are two scenarios – the company is careless. It thinks its information is not important. Alternatively, the company knows there are data leakages and is aware that someone could break into its system. Either they understand that they have security problems or they just don’t care.

How do the security needs of SMBs differ from the needs of enterprises?

They usually want more integrated solutions than enterprises, which usually employ security managers. These managers enable the choice of different solutions from different security vendors. Small companies don’t like that because they don’t tend to have the resources to manage that kind of thing. They look for something simpler.
Smaller companies also often use cloud to help them with security. Enterprises may use private cloud but they will certainly never use public cloud because they just don’t trust it.

 

 

 

 

 

What can we expect from InfoWatch in the coming years?

We’re very much working on the mobile side. We want mobile to be part of the DLP system. It’s a difficult task because mobile devices still don’t have all the capabilities of a PC. There are some heavy technologies that can be used on PCs but couldn’t possibly be used on mobile, so we will be working on simplifying some of these technologies. That’s the challenge. We’re working on it and we expect to have the first version of a suitable solution for information security and DLP ready by spring.

We will also be doing a lot of work on targeted attacks. Our view is that current antiviruses miss the goal in terms of targeted attacks. We witness more and more targeted attacks. All the antivirus vendor writes about it but they do nothing. They don’t care because there is a massive number of regular viruses that they have to deal with and they don’t want to spend the time or money protecting against a new virus unless the customer is willing to pay extra.
We’re trying to develop a solution that would analyse operations and check if there are changes in the system that look suspicious. In this case, we would suspect and attack on this particular attack. We’ll then go deeper to understand what this attack is trying to do. We call it Targeted Attack Detector and even now we don’t know exactly how effective it will be.

We tried it on our own premises and found one hidden Trojan which was attempting to send all of our passwords and login details somewhere. But this is not enough. We’re still working on it and are developing an updated version. By May we should have something that will be ready to make an impact on the market.

Do you have plans to expand into the UK?

Yes. We previously attempted this in 2009 but we didn’t quite manage it. It was around the time of the global financial crisis so we probably chose the wrong time. Perhaps it was the wrong type of product at the wrong time and we didn’t invest a great deal of money in that expansion attempt. We didn’t reach the level of success we wanted and one year later we closed that operation. Now we are focusing on expansion into the UK and we are determined to make it work this time.