Archive for the ‘Message Classification’ Category

RegExs – How TMC Can Protect Vulnerable PII

Wednesday, March 24th, 2010

Regular Expressions or (RegEx’s) are alphanumeric grouping of characters that have a specific pattern (and relevance or meaning to an application, entity or consumer). Many programming languages have built in regular expression engines to allow the parsing of data to find these patterns. Let’s take a look at a quick example.

Many security standards emerging or present in today’s market focus on the protection of PII (Personally Identifiable Information). Items such as national identification numbers (such as the US Social Security Number or the UK’s National Health Service Number) are government issued identification cards used for everything from tracking employment to assuring healthcare for its citizens. In addition, privately issued items like credit cards and university student ID numbers are also the focus of predatory attacks (if you’re curious, browse for examples of theft as well as the potential impact to corporations, governments and private citizens).The Data Breach Blog

The emergence of global security standards like PCI DSS in financial markets as well as government driven legislation (like the recently announced HITECH Act in the United States as well as privacy/security legislation developed by the European Union) have created the following requirements:

  • Requirements to monitor requests for and the ongoing protection of PII
  • Financial and punitive penalties for offending organizations who disclose PII

Obviously, this impacts a range of business markets, multiple levels of government as well as the consumer. It makes sense that there exists greater willingness to work with a company or provider that takes the PII threat seriously and have policies and systems in place to minimize the threat of information loss.

As part of our Message Classification for Outlook product, customers can now define not only keywords but use pre-defined or built-in regular expressions TMC’s Content Validation policy provides capabilities to search for specific regular expressions and warn the customer of their presence in the email message or an attachment.To check emails and attachments for regular expressions, the TMC Administrator creates a Content Validation policy and defines whether they wish to check for keywords, regular expressions or both. Several regular expressions are pre-defined, and customers can build their own regular expressions if they wish (for a good reference, see the fantastic regular expression cheat sheet developed by Dave Child here).

Now, let’s move back to what the consumer experience is like. In the following scenario, an employee unknowingly attaches a Microsoft Office document which contains Social Security Number information, clicks Send, and classifies the email as Public. The Content Validation policy finds the SSN in the Word document and notifies the sender of the issue.

TMC provides customers several strong benefits for organizations concerned with PII protection:

  1. Immediate analysis (warnings are presented to the user at the same time the email is sent vs. feedback from a quarantine mailbox)
  2. Feedback to the consumer can be customized (the TMC Administrator can create information messages indicating why the error occurred as well as steps to be taken to rectify the problem)
  3. Adaptable controls (the TMC Administrator can simply warn the user of the issue but give them final decision on delivery or prevent sending the message until the sensitive content is removed from the message body or attachment.
  4. Monitored – all policy events in TMC are written to the Windows Event Log (which can be parsed for reporting to identify common errors (resulting in guidance on where employees may need training or policies may need to be refined.

I would be happy to receive feedback on regular expressions you would like to see added to the product. Please feel free to contact me at stephen.kingston@titus-labs.com.

-Stephen Kingston

Secure Messaging and Collaboration with Titus International

Tuesday, November 17th, 2009

At the SharePoint conference a few weeks ago, we announced a new training offering called "Secure Messaging and Collaboration" from our sister company, Titus International. Founded in 1994, Titus International is a professional services and training organization, focused on delivering security, information protection, policy management, and secure directory infrastructure solutions to public and private enterprises globally. Titus Labs was actually spun out of Titus International about 5 years ago, after our data classification products began to really take off in the market.

The new training course from Titus International addresses the deployment of Microsoft Active Directory Rights Management Services (AD RMS) SP2, Exchange 2010, SharePoint, and products in the ForeFront suite for the protection of digital information and secure collaboration. Here are just a few of the reasons why Titus International is particularly well-suited to deliver this training:

  • Titus International has over 1 Million seats of RMS experience and has led the architecture and deployment of the two largest RMS deployments in the world.
  • As members of the Microsoft Technology Adoption Program (TAP), Titus has worked closely with Microsoft on the Exchange 2010 release, including deployment of Exchange 2010 in our own production email system.
  • Our experience in developing SharePoint solutions enables us to provide insight into SharePoint business requirements and security risks.

Here is an outline of the course:

Module 1 – What is Secure Collaboration

  • Business drivers & risks
  • Solution
    • AD RMS
    • Exchange Server 2010
    • ForeFront suite of products (Unified Access Gateway (UAG), ForeFront protection products, Threat Management Gateway (TMC))
    • SharePoint
    • Data Classification

    Module 2 – Information Protection Overview

    • What is RMS and how does it work?
    • RMS Requirements and Deployment
    • Server and Environment (AD, Networking, etc.) requirements
    • Deployment and architecture considerations

    Module 3 – Secure Collaboration with Exchange Server 2010

    • Secure email collaboration using TMG (formerly ISA)
    • RMS and Exchange Server 2010:
    • RMS in OWA
    • Transport Rule Protection
    • Journal Report Decryption
    • Content Indexing
    • Pre-licensing

    Module 4 – Data Classification

    • What is data classification and why do it?
    • Data classification in Secure Collaboration solution

    Module 5 – Secure Collaboration with SharePoint

    • SharePoint and RMS

    Module 6 – External Collaboration

    • What is external collaboration
    • What is federation
    • What is secure remote application access
    • ForeFront UAG (formerly IAG)

    Module 7 – Federation with Exchange Server 2010 and SharePoint

    • The Microsoft Federation Gateway
    • Federation and Exchange Server 2010
    • Federation and SharePoint

    Module 8 – Wrap-up

    • Solution Review and Best Practices
    • Next Steps

    For further details on this and other Titus International courses, please contact us at info@titus.com.