Maybe it was the crowd. Or maybe data loss prevention is as overlooked as McAfee CEO Dave DeWalt suggests.
When DeWalt asked a gathering of IT professionals in San Francisco Wednesday morning for a show of hands to indicate how many had DLP measures in place at their companies, only a scattering of arms shot up. Perhaps it was the early hour at the McAfee and CMP-sponsored event, or perhaps the statistics that DeWalt presented are signs of some pretty serious vulnerabilities. For example, according to McAfee just 54 percent of enterprises take special precautions towards resigning employees, a high-risk group responsible for a large proportion of malicious information leaks.
DeWalt, who took over the reins at McAfee in April after serving as a top executive at EMC, emphasized the need for security professionals to think beyond specialized protection against spyware, malware, viruses and other traditional security concerns and to start thinking in terms of total solutions.
"What I'm seeing is that 'best of breed' is moving to 'best of suite'. When you talk to a Citigroup or a Wal-Mart, they may have hundreds of vendors for different IT security issues. They want to consolidate those vendors, consolidate those end-points into a single security suite," he said.
For vendors like McAfee that began in the perimeter security space, the challenge is clear, De Walt said.
"This is a world where perimeter security has to meet data security and mobile security at the edge of data loss prevention. That doesn't mean eliminating perimeter security, it means interlocking it with data security," he said.
McAfee partner Dirsec has seen progress towards total security solutions from the vendor, said Greg Hanchin, a principal at the Denver, Colo.-based IT security VAR.
"If you look at their total enterprise story, they have started to deliver on that. We have three large accounts that have bought into the whole McAfee story at about a quarter million each," Hanchin said.
"The overall mood with them is that they're definitely a lot lighter on their feet than a few years ago. They still have so many processes relative to people that it can be tough to get business done. But their sales reps are good reps. They have good software. The last couple of acquisitions they've made have been good. There are a lot of good things to say about them, if they could just get out of their own way."
Hanchin said his own observation is that a lack of attention to DLP may be even more serious than McAfee's statistics suggest.
"Data loss is nothing new to us. It's new to the press. It's common for us on a weekly basis to ask a mid-market company about DLP, and they just don't even do security testing on their own site," he said.
DeWalt said that while recent legislation has tightened up security protocols for public companies and retailers working with the payment card industry, the law hasn't gone far enough to define and prosecute cybercrime itself.
"Cybercrime is a $105 billion problem this year. That's greater than the revenues for the illegal drug trade worldwide. It's amazing to me to see how archaic our cybercrime laws are, how low the bar is for engaging in that sort of crime," De Walt said.
"We're seeing 17,000 phishing attacks per month. Data loss is at $40 billion in losses this year, meaning it's the No. 1 problem overall in cybercrime. Attacks on cell phones are rising. I think about all the data I have on my Blackberry. Losing this little device, a CEO's Blackberry, could be the most significant data loss I could ever have."