Keeping Tabs on Email Content

KLA-Tencor isn't taking any chances with its intellectual property -- nor that of its semiconductor clients -– slipping out the door in an email message. With a recently installed analysis appliance, the company has automated email discovery to better secure its sensitive data.

The $2-billion San Jose, Calif.-based company, which tests semiconductor wafers for defects with its proprietary tools and software, runs Clearwell Systems' Email Intelligence Platform to help it sort through any potential data leaks via its Exchange email system.

Jeff Gurulé, director of global security for KLA-Tencor, says the biggest data-compromise worries are its clients' wafer designs, as well as KLA-Tencor's own financial data, algorithms, or source code for its wafer-testing tools, and any sensitive content that raises ethical or legal concerns.

"We invest heavily in R&D in source code and algorithm development for our tools," Gurulé says. "We also have design tools specific to our semiconductor companies, so we have to acquire their intellectual property as well. It's important for us to protect this."

Gurulé won't reveal how often the company uses the Email Intelligence Platform appliance to investigate mail leaks, nor its investment or ROI on the product, but he says the software has saved the company from manually sifting through suspected leaky messages. The tool has reduced its cost and time for investigating email by 90 percent and sorts through suspected leaks in incoming or outgoing email messages.

This isn't a daily task for the company, however. "It depends on our investigation caseload," he says. "We initiate a case when we have concerns from our internal employees or of a loss of intellectual property."

Interestingly, KLA-Tencor isn't using the Clearwell appliance the way it's typically deployed -- for regulatory compliance purposes. "Our use of this product is as an investigative tool," Gurulé says. "It's very quickly lowered the cost of sorting through tens of thousands of emails by pulling out the data we need to support our investigations."

Gurulé says the company is considering expanding its use of the email analysis tool to scan all of its email sometime this year, not just suspected breaches of intellectual property and sensitive data. That would give the company an even tighter rein on what goes in and out via email. "We would have to add more appliances," Gurulé says, to support all incoming and outgoing mail for its 7,000 email user accounts.

List pricing for the Clearwell appliance starts at $50,000 per 100 Gbytes of email analyzed.

KLA-Tencor also runs various network monitoring and packet-sniffing tools to help monitor what data arrives and leaves the company. The appliance is yet another layer of security for protecting sensitive data, he says. "When we suspect we have an IP loss, we have to root out the problem and see if losses were incurred and follow through on any prosecution," says Gurulé, who won't give specifics on any previous or ongoing data-leak investigations.

The appliance sits passively on the network, and Gurulé's security team does its queries at the Clearwell box itself, he says. It provides email analysis by relevance, group, and individual and does the "journaling" of messages for the company, rather than its former method of manually poring over email contents and attachments. "We now do that sorting 100 times faster," he says. "My investigators used to spend hours, if not days on this."

Email messages and attachments are journaled, and KLA-Tencor then can sort, correlate, and index it by any category to pinpoint any breaches. Gurulé says it works like a Google desktop search. "We query against the index, not the data itself," he says. "If we get a hit on index data, it points to where to find actual data."

KLA-Tencor did have a little trouble initially with the tool. "We're limited at times in the amount of data we can view," Gurulé says. "So we narrowed the scope to data we're searching to only data selectively choose or users," he adds. "We choose users we have particular concerns about, for instance, or who are under investigation and focus only on that email data."

And KLA-Tencor has plans for securing its sensitive data even more tightly. Gurulé says it's looking at digital rights management and some on-the-wire detection tools such as packet sniffers. "We've been looking at those for the last year or so and are now feeling more comfortable with the [maturity] of these products."

— Kelly Jackson Higgins, Senior Editor, Dark Reading