Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Streamed live on Dec 10, 2015
Despite a plethora of data security and protection standards and certifications, companies and their systems are still leaking information like a sieve. For instance, Data Loss Prevention (DLP) solutions have often been touted as the "silver bullet" that will keep corporations from becoming the next headline. With deployment models ranging from a fat agent on an endpoint, to a blinky-lights box surveilling all network traffic, to some unified threat management gateway with DLP secret sauce, these solutions are ripe for bypass -- or worse.
This talk will discuss our previous and current research into a handful of DLP solutions, including their capabilities and their shortcomings. We will demonstrate flaws in administrative and programmatic interfaces and the inspection engines themselves.
Via this presentation we hope to have the audience walk away with a better understanding of the reality of certain classes of security products-- their advantages, their detriments, and whether or not they are of value to their organization. Additionally, we will detail the tools and techniques we used to discover these issues, to arm attendees with the knowledge to test these and similar products on their own.
Zach Lanier is a Senior Research Scientist with Optiv, specializing in various bits of network, application, mobile, and embedded security. Prior to joining Optiv, Zach most recently served as a Senior Security Researcher with Duo Security. He has spoken at a variety of security conferences, such as Black Hat, DEFCON, CanSecWest, INFILTRATE, COUNTERMEASURE, and SummerCon, and is a co-author of the "Android Hackers' Handbook" (Wiley, 2014).