"Ali, Saqib" writes:
-+------------------
| Hi Dan,
|
| > In my view, The Answer is a Reference Monitor in the
| > good old Orange Book sense. As it happens, that is
| > why we make at Verdasys, a RefMon implemented as a
| > data-surveillance rootkit.
|
| >From my brief visit to the Verdasys website, it seems to me that
| solution provided by Verdasys is very similar to solution provided by
| Vontu. Can you please elaborate on how Verdasys' solution differs from
| Vontu's
|
| And if in fact both solutions are similar, why does Gartner love Vontu
| but hates Verdasys?
|
Vontu listens on the wire and attempts to decide if
important stuff is leaving the enterprise. Very
nearly useless, in my view, as you can defeat content
inspection with Pig Latin not to mention crypto, and
the best way to leave with data is, say, with a USB
token. Put differently, content inspection works if
your opponent is an idiot or does not care that you
are watching. While perhaps 70% of all data loss
is due to idiots, I challenge anyone to show that
data loss that matters includes data loss by idiots.
Verdasys Digital Guardian is a desktop agent that
code injects *every* (every) facility that handles
data. Nothing (nothing) moves without being seen.
What you do with it is determined by the rules you
configure, rules that are extraordinarily context
sensitive ("Dan's removable media are read-only
whenever the corporate HR database is open" -- say).
There is a substantial forensics back end, and the
ability to do nearly anything including full stealth.
DG is an oxy-acetylene cutting torch compared to
the content inspector's paper matches. And, as a
side effect, if you choose to record every movement
of data you can actualy prove a negative ("Dan did
not leak this"), which is useful since every
regulatory agency seems to want that, and proving
a negative is scientifically impossible without
total catchment.
Gartner likes Vontu because Gartner, like all
analyst firms, always says that the market leaders
must be doing the right thing -plus- Garnter's model
for content control is a steady progression from
e-mail scanning to network scanning to something or
other else to, at last, an agent on the desktop.
It reminds me of Marx's contention that you couldn't
get to Communism without first going through a
set of stages, agrarian to urban to industrial
to his version of Nirvana. So it is with Gartner,
if you skip a stage in the model they have decided
rules the world, then you must be wrong. They'll
come around eventually ("I must see which way my
people are going so that I may lead them"), but
in the meantime they'll cause many people to buy
much sh** that they'll later have to throw away.
I'm not giving references for background reading,
but feel free to ask for them.
--dan, de-cloaking
_______________________________________________
FDE mailing list
[email protected]
http://www.xml-dev.com/mailman/listinfo/fde
