Defining Risk Beyond the Border
The Extended Enterprise is comprised of your organization's partners, agents, suppliers, customers, remote workers and trusted third-parties. Located beyond of the perimeter, these individuals and organizations are entrusted with the sensitive information that drives your business on a daily basis.
In a global, borderless society, it's well-established that the perimeter concept is a thing of the past. It's where conventional rules for security, privacy and risk fail. Its certainly an area where nfosec needs to increase focus with cyberintelligence solutions, as we continue to
see sensitive data being leaked through authorized channels.
Tiversa has found that 93% of P2P file disclosures emanate from contractors, suppliers, attorneys, accountants, employees working from home.
How do you secure files outside of your perimeter?
Are current industry safeguards enough?
Judge policy effectiveness?
Guard against human error?
Why Should I Care?
Tiversa monitors global P2P file sharing networks consisting of over 550 million users issuing 1.8 billion searches a day. Each year, however, employees, suppliers, contractors, agents, and customers of major corporations disclose millions of confidential and sensitive organizational and personal files on P2P file sharing networks. Once disclosed, these files are publicly searchable and available. Tiversa records thousands of highly targeted searches for compromised files per day.
Once exposed, Tiversa tests show that individuals will acquire a sensitive business file in less than a day and proliferate files across P2P networks at exponential rates. Even one exposed file has resulted in disastrous PR, legal fines, lost customers, compromised corporate networks, and lost intellectual capital as evidenced by P2P file disclosures by Pfizer and USDOT.
Almost all of Tiversa’s customers employ best practices such as prohibiting the installation of P2P software within corporate networks, using intrusion detection systems to block P2P protocols, and leveraging P2P signature systems to identify installed P2P file sharing software. However, these measures do not protect organizations from file disclosures outside of their corporate networks from individuals and organizations entrusted with their sensitive information.
Thinking past the perimeter
Policies Prohibiting P2P Use | Employees, suppliers, agents, partners and customers do not follow. Ironically, Tiversa has discovered corporate "P2P Usage Policies' being disclosed internally
on the P2P.
port scanning hardware | P2P communicates over web traffic (port 80) which is most likely authorized by your organizatio.
firewalls | P2P is designed to thwart firewalls, and in most cases, can be easily installed.
encryption | Users give access to their PC's when using P2P providing access to encrypted files as well as their decrypted versions.
Lock-down Computers | Users follow the path of least resistance and work from home PC's. We've seen many cases where external email services are used to tranmit data to a home network.