CEO DeviceLock Vincent Schiavo Interviewed on DLP Data Leak Prevention

Understand what it means to stop data leaks - at the source. The CEO of DeviceLock is interviewed at the RSA Security Conference 2012 on DLP Data Leak Prevention. The DeviceLock endpoint security software solution is practical, affordable and easily managed from within Microsoft Active Directory. DeviceLock DLP software is used on over 4 million computers around the world today.

---

Closed Caption:

my guess is Vinny skiable CEO of device
lack any welcome thanks thanks to be
here any device likes tackling a pretty
difficult problem and point dlp daily
prevention tell us how you go about that
well now we're a software company we
provide a 10-point dlp agent that goes
on every endpoint we work together with
active directory and the agent and the
policy just gets pushed down when a
point gets attached to the network so
that way the use the admins are able to
set policy and enforce the policy for
all the devices that are connected to
the endpoint and also any network more
threats as well and you do recognize
when particular data is being
exfiltrated or attempted to yes our
product is content aware so maybe
actually can set of policies and look
for certain patterns in the data and the
usual suspects are things like Social
Security numbers and credit card numbers
bank account numbers but the product
also provides a tool for the admin asst
to set up custom filtering if you need
that as well
one of the biggest problems of tackle is
what to do about additional things that
people attached so portable drives USB
tokens and there's been some huge
breaches on the insider offloads
gigabytes of data to these things and
walks out the door you how to help of a
well that's kind of our core business
that's how the company got its start in
1996 was to really lock down USB but it
wasn't too long after that that
customers started asking for other ports
to be protected if particular when a cut
when an end user is malicious there you
know the minute they see they're blocked
in one Avenue though let's try the next
but we do find today that most of the
breaches are happening inadvertently by
by end users in art realtek technically
savvy and they may think that they're
doing something innocent but they
actually end up taking all kinds of data
outside of the company so we can block
the USB ports quite easily but also
things like firewire bluetooth and Wi-Fi
even what you're allowed to print or
where you're allowed to print on which
wich printers in the building all that
can begin
told to our software so no more
downloading stuff to your ipod and
taking it off with you
correct what do you do about or do your
customers have Network deal p solutions
as well do they can work well together
yeah sometimes that the larger customers
will have the you know the Gateway type
products but we're really focused on the
endpoint right
in fact that's kind of our tagline is
that we we stop data leaks at the source
which is the person sitting at either
laptop or desktop that's that's doing
these things either malicious or are
just kind of bonehead things they don't
realize what they're doing and we can
stop those kinds of threats about
locking down the data itself in case all
devices stolen our goals open or with
employee well that's where encryption
comes in it's really important that you
know part of your policy for daily
prevention includes your policies about
what needs to be encrypted in what
circumstances and while we're not an
encryption company / say we don't do the
encryption we work really well with the
industry-leading encryption products
that are out there so we can detect the
level of encryption on a particular file
and check that against policy and either
allow or block based on you know whether
it's supposed to be encrypted if it is
encrypted and so forth
what are the biggest problems the
customers come to with and how does the
Vice like solve it better than the
competition I guess the biggest issue
that we hear over and over again is just
how complex some of the dlp solutions
are that are out there very expensive
very time-consuming to get set up and
working so we focused a lot of our
energy on developing our interface to
work seamlessly with active directory
and that seems to be being very well
received by our customer base and what's
interesting is that plays both on the
low end you know the small medium
enterprise into the market also a very
large enterprise because on the low end
it's appealing since it makes our
product very easy to install easy-to-use
you don't have to have a rocket
scientist to set this stuff up you can
use a windows network administrator to
set up the the product so it's appealing
on SME SME into the business for large
enterprise it's appealing because it's
massively scalable if you can just plug
right into the existing Active Directory
infrastructure and makes it very easy
set up in it you can have many many
thousands of endpoints so there's no
separate Management Council and you suck
from active directory and then push from
their correct yeah that was bigger than
you have a console but we don't really
promote that we really promote the fact
that we work seamlessly with active
directory there are some cases where
customers are using that still that for
the most part our customers are using at
so within Active Directory there's
ability to set that granular policy
yes we can customers choose us because
it's in many cases even really secure
environments they use USB thumb drives
to transfer data back and forth between
clean and dirty sides so you can you
like waitlist USBs yes you can in fact
that's that's one of the powerful
capabilities of the products not just
blocking flat-out it's you can can block
based on a number of different criteria
who the person is the time of day
what groups that remember of all kinds
of things that you can mix and match to
create a very granular policy and then
you can allow or disallow on that basis
and as for the USB drives themselves we
can recognize all the way down to the
serial number of the drive so that could
be part of the policy to you could you
could say you can't use USB drive at all
unless it's this particular brand or
type or model number or even this serial
number that's assigned to you personally
so I've never seen that in action
because it's been a long time since a
working in office
it is a ruin approach on the user's no
freedom of action or to get used to it
pretty quickly
well I mean it encroaches in that you
know if it prevents its intended to
prevent the case where you have somebody
who's not particularly think technically
savvy and they let say find a USB stick
them in the parking lot of the way into
the building and they think who is a
four gig drive all see what's on there
maybe erase it and use it and they they
stick it in the drive and try to use it
now they just introduced malware the
network and now there's there's all
kinds of risks plus the guy that lost
the drive may not have encrypted the
drive and it may have something very
important on it that's now out in the
wild so from that standpoint yeah I
guess it encroaches on their ease of use
because when they stick in an
unrecognizable USB Drive it may block it
now
loud but that's the intent of the
software yeah yeah
what is the department of defense here
in the US done recently because at one
point they knows they just said no more
USB tokens but we're relaxing Americans
are starting to apply controls right
yeah i mean that's that's our single
biggest customer is the US Department of
Defense and in various different
branches of the military are using our
processor you keep buckshot was a good
thing i guess so
Ramona was gonna also WikiLeaks is you
know irritating is that was to all of us
that really drove the awareness of the
need for this kind of product yeah I
think everybody's realized too so easy
that was plus there's a countrywide
cases back in the day when they're just
exfiltrating customer data off of with
USB drives my lot of banks have issue
alive
so what's next for device like as far as
corporate growth expansion product
expansion well as the other products I'd
you know we have so many customers that
we get lots of input about what they
want to see next so we have over 66,000
customers around the world and we're
running on over 4 million endpoints you
can imagine that gives us lots of
customer input right now one of the hot
areas is especially for the very large
deployments we run on windows only today
but we announced in december a beta of a
Macintosh agent as well so some of our
bigger customers that have you know a
few thousand Macintosh's are anxious to
deploy our product on those as well so
you'll see that very soon
also we've added a number of new
features for the network lock piece of
our our software which is the the pieces
off with that protects against network
born threats like Facebook and Twitter
and Google+ and tumblr and those kinds
of things and we're adding more and more
support on that site as well with the
same kind of granularity so for example
if if somebody takes us in office party
pictures and they put them in a
directory that they don't realize also
happens to have secret product photos
from someone announced product and they
post that whole folder to facebook if
your policy prevents that type of file
or files from that location to be posted
it can it can mitigate that
I suppose it's too early for iOS devices
to need the same point control right
still have a lot of well I think they do
need it
there that's it a real challenge for all
the vendors that do what we do because
as you probably know apple and also
google don't really publish a current
level API for developers like us where
we can pour it directly what we running
today on the endpoint over to the mobile
in points so that causes us to have to
come up with different ways of doing
this that's actually one of the other
products that will be coming out with
later this right because that's the
problem where cisl in particular
complaining about a lot and that
bringing these devices into my network
and they're connecting on our list but
and yeah that's a key new area for us
because to this point we've really
focused on the traditional endpoints
laptops desktops and servers and as far
as the mobile endpoints like an iphone
and android are concerned we can control
what you can put on them as a USB Drive
which is really a big issue i mean it
will bring in their iphone plug it onto
the charger to charge but now you have a
32-gigabyte USB drive attached to the
network basically you can put whatever
you want on it certainly threat in this
business from Microsoft since the have
done a lot on the endpoint with
configuration management and even
antivirus style is there a threat that
they'll come up with a you know clean
and simple device management solution as
well
well I suppose there's always that
threat we're not privy to to their plans
in that regard but it's been a long time
they've been at this and they haven't
yet but yeah I suppose that could happen
what's the biggest opportunity facing a
device like and 2012
well the biggest opportunity by far is
this there's this huge kind of hype
cycle right now around the idea of bring
your own device so it's sort of the
buzzword of RSA where we are this week
here in San Francisco all the all the
booths are talking about how they can
help enable
enterprise accounts to allow their
employees to bring their own device and
that's just where squarely in that space
is what we do because as we talked about
one of the big issues as you bring your
own iphone and to work you doc it and
now you can move anything you want on to
that drive and leave the building so
that's a huge you know marketing
opportunity for us is to make sure
people understand that we've been doing
that a long long time and one of the
leaders in that space and we have a very
mature product that can can help in that
area
yeah i think the just biting off the
endpoint is an advantage because like
you said the other solutions try and get
everything right when I tell you do
network and discovery of data on your
servers gets expensive and complicated
against the first problem as the end
point right
very good thank you so much money okay
good thank you it's good to be here