STAY OUT OF THE KITCHEN: A DLP SECURITY BAKE-OFF

Black Hat USA 2014

Presented by: Zach Lanier, Kelly Lum
Date: Thursday August 07, 2014
Time: 09:00 - 10:00
Location: Jasmine Ballroom

Despite a plethora of data security and protection standards and certifications, companies and their systems are still leaking information like a sieve. Data Loss Prevention (DLP) solutions have often been touted as the "silver bullet" that will keep corporations from becoming the next headline. With deployment models ranging from a fat agent on an endpoint, to a blinky-lights box surveilling all network traffic, to some unified threat management gateway with DLP secret sauce, these solutions are ripe for bypass - or worse.

This talk will discuss our research into a handful of DLP solutions, including their capabilities and their shortcomings. We will demonstrate flaws in administrative and programmatic interfaces and the inspection engines themselves.

Zach Lanier

Zach Lanier is a Security Researcher with Duo Security, specializing in various bits of network, mobile, and application security. Prior to joining Duo, Zach most recently served as a Senior Research Scientist with Accuvant LABS. He has spoken at a variety of security conferences, such as Black Hat, CanSecWest, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the recently published "Android Hackers' Handbook.

Kelly Lum

I have "officially" worked in Information Security since 2003, in everything from start-ups to government organizations to finance. I am an Information Security Officer at a financial company and read a lot of source code.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats