The case of Gemalto: solutions that safely store company information do not guarantee against data leakage
In February 2015, thanks to the revelations of the former NSA contractor, Ed Snowden, we were informed that the US and British intelligence agencies were able to get from the corporate network of the company Gemalto very sensible data without officially asking for them. Gemalto is the world leader in manufacturing of the SIM card that all of us have in our mobile handset.
The SIM card, among other services, provides the encryption of our conversation or data, making impossible to listen to our conversation or intercept our data if the so called encryption Key is not provided. This digital key, which is different for each SIM card, is stored safely by the manufacturer of the SIM and only in response to a valid order by a court or governmental body is provided in order to collect evidences of a crime. Indeed the US and British intelligence agencies could have followed that road but, possibly, judged that it was faster to introduce some malicious software in the Gemalto network and get all the encryption keys at once. Leaving aside any considerations about this behaviour, the two agencies proved that even the most protected enterprise network can be vulnerable.
If seen retrospectively, it seems to be an irony to read the motivation that Gemalto presented in the summer 2014 when decided to acquire the company Netsafe for an amount of 890 million dollars: “rising demand for products that safeguard sensitive digital information” and a claim that “that so far in 2014 nearly 400 million digital data records have been lost or stolen.”
Of course, it is mandatory to have an infrastructure, which guarantees that the storage of the data is made safely but it is not enough. Indeed, it seems to be possible, although not easy, to install successfully a malware in an enterprise network that at a given moment will start to leak sensible information outside.
So, the question that every CIO should wonder when reading news like that is: is it also my network currently leaking information to outside? Can I detect this? The answer to this question is yes. That’s what Talaia innovative solution precisely is performing. When the malwares that who knows how was successfully installed, start to leak information, this traffic can be detected as an anomaly. An intelligent use of a traffic metadata called Netflow makes the trick. The Netflow metadata can be collected in an absolutely non-invasive way that has no impact on the day by day network operations of your company. Also the Talaia solutions do not touch the data flow making easy the decision to start a few weeks trial.
Zealous intelligence organizations with “noble intentions” proved that hacking information from an enterprise network is possible. The problem is that out of there, many organizations with less noble intentions are working and as the CIO is responsible to detect not only before they start to harm with the “classical approach” like the antivirus, firewall etc. etc. but also after with the Talaia innovative approach when the malicious software start to leak valuable information.