So what can you do to protect your software-based Intellectual Property better? Fortunately, there are things you can to do to help overcome this problem – however in practice, what does that mean?
The following are 4 valuable tips for protecting your software-based IP assets better we got from Intellectual property attorney Feinberg Day.
- Determine where your software-based assets are located.
In many companies, data is stored in many different places and frequently in different formats as well. It might sound obvious, however the starting point needs to be knowing where all of your valuable or sensitive data is stored, along with how the assets are currently being protected.
One area that should be of special concern is code, since code might be stored within a management repository that is insecure or – in many cases – in multiple repositories. Your first step should be finding the code and consolidating it into one version management system that has audit trails and robust security options. For instance, are immutable history logs and file-level access control offered by the system? Who is allowed access and to what? When was the data last accessed?
- Place context around your risks
This is especially true of code assets, since typically traditional SIEM tools are not designed to offer understanding around processes, tool usage and file types that are used as part of the software development process.
According to intellectual property attorney Feinberg Day, vulnerability management system may require large amounts of continuous fine-tuning in order to detect real risks or flag a very high number of false positives. The answer to this problem is placing context around your risks, by most importantly, comparing it with whatever you have agreed constitutes normal as well as content type and user activity and behavior.
- Ignore the noise and focus on real risks
The software development environments of today invariably generate large volumes of data. That won’t be changing any time soon. A large corporation’s version management systems might very well be processing millions of transactions every day. The solution is again to have solid analysis and context. In order to achieve this, behavioral analytics is being adopted more and more, since it is able to narrow down thousands of different potential incidents then then identify those that most likely are the real risks.
When it comes to behavioral analytics, human behavior plays a significant role. ‘Wanderers’ might be developers who are checking large volume of code from a project that they don’t normally work on, and ‘horders’ may be downloading code that they don’t check back into its versioning repository. There could be reasons for those actions that are perfectly acceptable, but the organization will at least have a starting point for investigating them further.
Some other aspects that should potentially be considered include making the automatic assumption that there is a higher risk factor that is associated with staff getting ready to leave the organization or when staff accessed data outside of their normal working hours.
- Detect and then react
Although it is necessary to have perimeter-based security tool, it is shown by evidence that they don’t provide a 100 percent guarantee. In addition, they don’t really address the potential problem of access rights being abused by a trusted insider. As has been demonstrated by many high-profile information security accounts, the ‘bad guys’ still get in. Since it is impossible to guarantee prevention, numerous organizations are taking on a mode of operation based on ‘detect and react.’
After behavioral analytics tools have been used for scrutinizing the data coming from the organization’s version management tool and algorithms have been applied for identify risking behavior, action needs to be taken and quickly. That might including locking access down, and then examining the version management system’s log data forensically.
Here is a real-life example of the way this process works: a famous global hip manufacturer was aware of the fact that someone was stealing its software Intellectual Property and passing on it. However, they were unable to prove was carrying the theft out, or when or where. The company hired a large consulting firm and spent more than one million dollars. However, after a year, they still had not determined what was causing the theft. The discovery came after applying a behavioral analytics tool to their Perforce version control log data. Concrete evidence was discovered against two suspects. It was also discovered that an additional 11 unknown developers were replicating as many as 500,000 files on a daily basis.
To provide some perspective, more than nine billion events were examined by the behavioral analytics engine that covered around 20,000 software developers.
A fundamental aspect of risk mitigation strategies is protecting IT assets.
The chip manufacturer story perfectly demonstrates that no matter how strong security process are, or how many sophisticated security systems might be in place, or how aware employees might be of risky behavior, there will still be security risks that occur. Although prevention is of course better than cure, any security plan needs to have a ‘detect and react’ secondary line of attack as well.
Since software is such a critical aspect of numerous organizations’ IP, a fundamental aspect of risk management strategies should be to protect IT assets.