InfoWatch Traffic Monitor Enterprise consists of several modules that can be combined to meet a client’s needs.
Device Monitor agents installed on workstations monitor local information processing. If a document is saved to removable media, the agent generates an identical copy of this document. If the document is printed, a graphic copy is created. These cloned documents are called shadow copies. Shadow copies are transmitted to the Traffic Monitor server for further analysis.
Data is transferred through network channels (web services, instant messaging services, mail and file servers) via the network gateway and controlled by the network interception module, which also transmits intercepted data to the Traffic Monitor.
If confidential information is detected and the system rates this transfer as an incident, the protection mode is automatically activated, which triggers a reactive process, for instance, blocking the transfer of data, or delivering a warning message to the data sender or to the information security officer. Incident data are stored in the archive with a copy of the intercepted document.
Модуль InfoWatch Crawler scans shared network storage and document workflow systems and makes shadow copies of existing documents. The shadow copies are transmitted to the Traffic Monitor server for further analysis and application of policies.
The Traffic Monitor server analyzes collected data and automatically identifies breaches in security policy. If the security policy requires the prevention of data transfer, Traffic Monitor blocks the process. All intercepted data and analysis results are stored in InfoWatch Forensic Storage.