Got Data Fence and want to jump right in? Check out our video blog Data Fence: First Data Set.
Data Fence is a personal security tool to monitor access to your data, alerting you when hackers, government spies, or overly curious co-workers access your personal files. It can also be fun just to discover all the activity that occurs behind the scenes such as when you create a document or plug in a USB thumb drive.
The majority of security tools fall into two broad categories. The first is static analysis, where potentially malicious software or documents are looked at carefully before being loaded. This is realm of the traditional antivirus tools. The second is the sandbox, where the programs or documents are loaded, but they are run in a sandbox that hopefully protects the rest of your system just in case the programs or documents are malicious. For example, all the Data Fence software, and any program from the Mac App Store submitted over the last two years or so run inside sandboxes.
Data Fence is a third level of protection. We know antivirus tools fail - and fail a lot. A lot of software still isn't sandboxed, and sometimes sandboxes don't work quite right. And sometimes legitimate users and software just abuse their privileges. This is were Data Fence comes in.
Data Fence puts a virtual fence around your data and alerts you when your data is accessed in a suspicious way. It doesn't care what the malicious software looks like. It doesn't care if a bad guy has logged in with stolen credentials. It doesn't care if you let a user mount your file system to access just some of your files. It doesn't care about any of the ways the threat might manifest itself, but it does care when the threat accesses your protected data.
Data Fence leverages Apple's built-in BSM auditing system. Also, once you have configured BSM for Data Fence, the BSM audit data can also be incredibly valuable for other misuse detection and forensic analysis.
For a video introduction to the Data Fence concept, see our video blog Data Fence, First Introduction.