"True Cloud Security"
Peer-to-Peer (P2P) Overview
The Internet is comprised essentially of a number of components -- World Wide Web, Instant Messenger (IM), Email, VoIP, and Peer-to-Peer networks. By many accounts, the largest of these by measure of consumption of overall bandwidth is Peer-to-Peer or P2P. According to independent, third-party studies, P2P accounts for roughly 70% of total internet bandwidth. This distinction is necessary to understand the security implications that are present today as a result of both the enormity of these networks and the inherent security challenges they pose.
File-sharing networks have been in existence for years starting most notoriously with the introduction of Napster in the fall of 1999. P2P networks have provided a gateway for users around the world to share digital content, most notably music, movies and software.
P2P networks have continued to grow and are incredibly dynamic in nature. Since 2005, P2P networks have grown at the rate of over 20% (CAGR). Today, worldwide P2P networks may have over 20 million users at any point in time. P2P networks are ever-changing as users join and exit constantly. The number of P2P programs or “clients” has grown to over 225, with many having multiple versions in use. Additionally, many of the programs are open source and, accordingly, subject to modification as users see fit. P2P networks are a worldwide phenomenon with users across wide ranges of ages, educational backgrounds and incomes.
|The Extended Enterprise
Comprised of suppliers, partners, agents and remote employees, collectively these third-parties operate outside of the corporate perimeter and are responsible for 93% of data breaches that occur.
Dr. Larry Ponemon, chairman and founder of The Ponemon Institute and Tiversa Advisory Board member states, "many of the measures we were told companies are taking to prevent data loss through P2P networks, such as firewalls, ID management, and monitoring of the World Wide Web, are completely ineffective against P2P files sharing disclosures.”
Additional Research and White Papers
Throughout our extensive P2P research, Tiversa continues to see individuals that harvest a large number of files containing confidential and sensitive data. Tiversa calls these individuals Information Concentrators™ and in most cases, they are suspicious in nature. To learn more about the risks they pose to your organization, contact us.
Tiversa’s systems operate directly as part of P2P networks and do not require your organization to add hardware or software to your network. Our solution is the industry's first of its kind and allows you to seamlessly integrate our service into your existing incident response and monitoring workflows with no time consuming and expensive installation work.
P2P networks continue to grow in size and popularity due to the extent of the content that is present and available on the networks, that in many cases, is not available from any other public source. In addition to movie and music files, millions of documents, that were not intended to be shared with others, are also available on these networks. It is this unintentional sharing that we refer to as inadvertent sharing or disclosure.
Inadvertent sharing happens when computer users mistakenly share more files than they had intended. For example, they may want to share only their music files or a large academic report, but instead expose all files on their computer’s hard drive allowing other users to have access to their private or sensitive information. This can occur via several scenarios. These scenarios range from user error, access control issues (both authorized and unauthorized), intentional software developer deception, to malicious code dissemination.
Providing open and direct access to information while protecting sensitive and confidential data is one of the greatest challenges enterprises face in today’s world. With a discerning need to control the flow of information into and out of corporate networks, increased government regulation, and rapidly evolving legislation, the fact that data breaches are commonplace still exists. With the emergence of cyberintelligence solutions in recent years, there is a heightened realization that the corporate perimeter has indeed dissolved and the need to address Extended Enterprise risk is shaping the way we do business.
Cyberintelligence provides visibility beyond the border of traditional security measures with the real-time discovery of threats and vulnerabilities.Typically used as an extenstion of existing enterprise security practices, such as DLP, firewalls, policies, and encryption, cyberintelligence services include internet and peer-to-peer (P2P) monitoring, anti-phishing, counterfeit detection and brand-monitoring.
These solutions aim to address the Extended Enterprise, which is comprised of suppliers, partners, agents and remote employees outside of the corporate perimeter. Accounting for the majority of data breaches, the Extended Enterprise has become a target of interest in recent years as mainstream media continues to report sensitive data being breached by Fortune 500 companies.
Cyberintelligence can help organizations protect the loss of intellectual property, thwart external vulnerabilities and physical security threats, as well as guard against copyright and brand infringements.
Read Gartner Q&A: Cyberintelligence Report