Identify and track sensitive corporate data in real-time
InfoGPS Networks revealed at Black Hat USA 2015 software able to identify, classify, and track sensitive data in real-time across the organization.
“Cybersecurity software has traditionally been aimed at preventing a data breach, by watching data-in-motion and attempting to identify unauthorized traffic or access. As we all know, this approach has not been foolproof. Breaches are performed over time and target data-at-rest accessible by several points of exposure. The longstanding gap in cybersecurity has been the cycle time needed to detect the data breach once the breach has begun,” says Paul Hugenberg III, InfoGPS Co-Founder and CEO.
As pioneers in the study of data-at-rest, InfoGPS has solved this problem. “The problem has been around for a long time,” says Hugenberg, “Organizations that suffer breaches have four commonalities that are revealed every time a breach is reported to the media: first, they all had the best of breed cybersecurity solutions in place. Second, they could not detect the breach until months after it began. Third, they did not know what the damage was until an outside forensic team became involved. Lastly, the information stolen was data-at-rest. A fifth characteristic was also present in many of the recent breaches covered by the media – most of them were subject to regulation requiring them to protect this data in the first place. We address each of those five gaps in one solution. It is wonderfully simple.”
InfoGPS does not compete against data loss prevention, data leak prevention, or data interrogation software suites. Those existing tools are critically important to the prevention of a cybersecurity threat.
“Layered controls are critical. Network and vulnerability monitoring is critical, but it is unable to monitor data-at-rest. This provides the very real risk of inefficient or ineffective placement of controls. In the organization, this is seen as log alert fatigue, or analysts buried in a pile of useless warnings. A lot of organizations have spent significant funds responding to alerts over a server with no data risk,” says Hugenberg. “Focusing on the only information asset that drives risk, data, we dynamically improve the knowledge of the organization and enhance risk mitigation efforts that will prevent the exfiltration of data. That is why real-time detection is so critical.
“Ironically, we set out to solve an entirely different problem. As a career IT Risk professional, my goal was to enhance my risk assessment processes to be as complete and accurate as possible. Traditional risk assessments are not useful in a breach as they have never inventoried assets appropriately. How could I provide a risk conclusion about data protection if I had not taken the steps to actually find the data first?”
Chief Development Officer, Mark Dowd, states, “We identify what kinds of sensitive data they have, how much of it they have, and where it all resides. Any organization can now use InfoGPS to find their data risk and manage it – taking Risk Assessments to the level of clarity, and granularity they were always intended to provide.”
“We have a bit of a dual value prop,” says Dowd. “Inside large companies, the officers and departments that manage company risk are different from those that protect against cyber criminals and cyber terrorists. Our single software delivers a whole new value to both endeavors.”
The company sees opportunity in markets that include banking, healthcare, utilities, defense, insurance, retailers, credit card processing companies, and managed service providers. The software is available as a service or as a licensed private install.