Sophos out to change how companies protect their data

By Goh Thean Eu November 12, 2014

New feature for SafeGuard, where encryption ‘happens by default’
Intends to more tightly integrate data and threat protection solutions

Sophos out to change how companies protect their data UK-based IT security firm Sophos Ltd believes that a new feature it is building into its SafeGuard line, to be launched next year, will change the way businesses approach data protection.

“Data loss prevention (DLP) is good technology, but a lot of companies find it hard to get right,” said Sophos’ director of data protection product management Anthony Merry (pic).

“This is because it involves setting a lot of rules on what is confidential data that needs to be encrypted, and what’s not,” he told Digital News Asia (DNA) in Kuala Lumpur last week.

The current data protection solutions that most vendors are touting can be effective, he conceded, but may require a lot of performance from the system. This is because such solutions constantly scan for confidential data, and then encrypt this data before it leaves the organisation, he said.

“What we are going to do is to flip DLP on its lid. We will be encrypting everything by default, so users only need to make a conscious decision to not encrypt a particular file,” Merry said.

“When that happens, the data protection solution will look at the file to see if there is anything confidential before it leaves the organisation,” he added.

According to Merry, by encrypting all the files by default, the solution will be “less intrusive and would not require much performance from the system.”

However, wouldn’t encrypting all the data take a toll on the IT system during the initial stages? He insisted that this would not be a burden on system performance.

“At Sophos, we don’t want to stop our end-users from working. We want it to be as seamless as possible.

“So we will be messaging users accordingly, and we will then go through and encrypt the data. We will do this as a low priority in the background. You can switch off the computer, and we will continue encrypting once it is switched on,” he said.

He said the company was still in the process of building the new functionality into Sophos SafeGuard, and expects the new data protection feature to be available after the first quarter of next year.

Once the new functionality is available, existing users of the Sophos SafeGuard line of data protection modules would be able to immediately to enjoy the upgrade.

Data protection talks to threat protection

Merry also said that by the end of next year, SafeGuard will also be “talking much more” to other Sophos modules, like threat protection.

“Currently, the two modules are talking to each other but not as much as we want them to,” he said.

He referred to recent reports on multinational banking and financial services company JPMorgan Chase & Co, where information on some 83 million households and small business accounts was exposed when the company’s computer systems were hacked.

“This is an example of a very targeted threat – more of these types of malware are going in this direction,” said Merry.

By making data and threat protection solutions communicate with each other more regularly, IT security can be better managed.

So, if the computer of an authorised user [such as the Human Resources or HR head] has been infected by malware, and the malware is reading and copying HR-related files, the system would be smart enough to prevent the files from leaking – even though the user’s computer has been authorised with the encryption key.

“When you merge the two together, you will have a system that’s watching not only ‘Is the user on a trusted system?’ and ‘Is this a trusted user?’, but also ‘What is running?’ and ‘Do you trust what’s running?’,” said Merry.

For now, these data protection and threat protection modules are sold separately, although bundled packages are available. In 2015, the improved and much more integrated data protection and threat protection solutions will be available in the market, he said.

These new updates and changes are part of the company’s plan on implementing Project Galileo, a Sophos initiative to integrate endpoint and network security.