InfoWatch Traffic Monitor Features

InfoWatch Traffic Monitor is a comprehensive modular data monitoring, analysis and archiving software solution.

Traffic monitoring and filtering

Gateway protection

The Gateway Protection Module intercepts:

• Email (SMTP)
• Web (HTTP)
• Secure Web (HTTPS) - In integration with partner solutions
• Instant messaging traffic (OSCAR-based IMs – 40+ client types are currently supported)

The solution supports both inline traffic filtering and interception in monitoring mode (for example, Cisco SPAN), as well as features proxy-server integration via ICAP. These flexible deployment options facilitate implementation of a complex data protection solution into existing customer IT-infrastructure.

Endpoint protection

The Endpoint Protection Module (InfoWatch Device Monitor) includes a local security agent – Device Monitor – that is installed at user workstations to control information copied to removable mass-storage devices and printed via local and network printers and InfoWatch Device Monitor Server to centrally manage security policies at controlled PCs.

InfoWatch Traffic Monitor Enterprise features integration with 3^rd party endpoint protection software to recoup customer’s investment in endpoint security while creating comprehensive corporate information protection systems.

Learn more about integration with partner solutions

Analysis and Decision Making

The information intercepted in communication channels and shadow copies of data printed or copied to mass-storage devices are sent to the high-performance (up to 200Mbps) Linux-based InfoWatch Traffic Monitor server for analysis and decision making.

Here the data is first analyzed according to its formal attributes (such as monitor type, sender/recipient, sent date and time, file name/type/size, etc.).

Then the contents of data packets are extracted and analyzed using several content analysis technologies: digital fingerprints, templates analyzer and linguistic analysis (English, German, French, Italian, Spanish, Russian, Vietnamese, Arabic, etc.).

The analysis results trigger an automatic decision on how to handle the intercepted information further: either allow transmission, or forward for additional processing to the person in charge or block it.

Data Archiving and Reporting

The intercepted data along with the analysis results is stored in a centralized protected archive InfoWatch Forensic Storage for the required time. Due to the responsibility zones feature hierarchical access of several information security officers to reporting and analysis results can be easily introduced. InfoWatch Traffic Monitor allows viewing the data transmission history and features monitoring of current actions with sensitive data (online queries) as well as retrospective analysis and investigation (analytic queries).

The required data can be searched by:

• formal attributes of the intercepted objects (monitor type, sender/recipient, sent date/time, etc.)
• attributes added during the object’s content analysis
• contents of the intercepted objects (full-text search). In accordance with existing privacy regulations special legal or workers’ council permission is required to enable full-text search.

The integrated graphical reporting system clearly shows the specifics of sensitive information flow. For example, graphic Web-usage reports can be applied to track uploading confidential information to various web sites.

The solution includes 60 pre-installed reports, developed by InfoWatch after careful study of various industries needs and our customers’ feedback. Custom reports can be easily created.