Despite a plethora of data security and protection standards and certifications, companies and their systems are still leaking information like a sieve. Data Loss Prevention (DLP) solutions have often been touted as the "silver bullet" that will keep corporations from becoming the next headline. With deployment models ranging from a fat agent on an endpoint, to a blinky-lights box surveilling all network traffic, to some unified threat management gateway with DLP secret sauce, these solutions are ripe for bypass - or worse.
This talk will discuss our research into a handful of DLP solutions, including their capabilities and their shortcomings. We will demonstrate flaws in administrative and programmatic interfaces and the inspection engines themselves.
ZACH LANIER
DUO SECURITY
Zach Lanier is a Security Researcher with Duo Security, specializing in various bits of network, mobile, and application security. Prior to joining Duo, Zach most recently served as a Senior Research Scientist with Accuvant LABS. He has spoken at a variety of security conferences, such as Black Hat, CanSecWest, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the recently published "Android Hackers' Handbook."
KELLY LUM
Tumblr
Kelly has "officially" worked in Information Security since 2003, in everything from start-ups to government organizations to finance. Kelly is a security engineer at Tumblr.
duosec
shibuiwilliam
nttcom
akkie76
replu
masasuzu
orgachem
stefafafan
yoshiitaka
yukimatsuyoshi
cybozuinsideout
leveragestech
niftycorp
pauljervisheath
keithpitt
holman
tenderlove
bermonpainter
chrisshort
yeseniaperezcruz
lauravandoore
hatefulcrawdad
ufuk
bryan
notwaldorf