InfoWatch Traffic Monitor Enterprise Architecture

InfoWatch Traffic Monitor Enterprise consists of several modules that can be combined to meet a client’s needs.

• InfoWatch Traffic Monitor is a control module for network channels of data transfer
• InfoWatch Device Monitor is a module for the protection of workstations, which monitors document printing and copying to removable media, and also ports and portable devices
• InfoWatch Crawler is a module for monitoring information in shared network storage and document workflow systems; it scans and applies policy to information 'at rest' and keeps reference documents and extracted files up-to-date
• InfoWatch Forensic Storage is specialized storage containing an archive of all information flows in the organization, including incidents of security policy breach and leakage of confidential information; this storage is a legally relevant evidence base for internal incident investigation and court proceedings

Device Monitor agents installed on workstations monitor local information processing. If a document is saved to removable media, the agent generates an identical copy of this document. If the document is printed, a graphic copy is created. These cloned documents are called shadow copies. Shadow copies are transmitted to the Traffic Monitor server for further analysis.

Data is transferred through network channels (web services, instant messaging services, mail and file servers) via the network gateway and controlled by the network interception module, which also transmits intercepted data to the Traffic Monitor.

If confidential information is detected and the system rates this transfer as an incident, the protection mode is automatically activated, which triggers a reactive process, for instance, blocking the transfer of data, or delivering a warning message to the data sender or to the information security officer. Incident data are stored in the archive with a copy of the intercepted document.

Модуль InfoWatch Crawler scans shared network storage and document workflow systems and makes shadow copies of existing documents. The shadow copies are transmitted to the Traffic Monitor server for further analysis and application of policies.

The Traffic Monitor server analyzes collected data and automatically identifies breaches in security policy. If the security policy requires the prevention of data transfer, Traffic Monitor blocks the process. All intercepted data and analysis results are stored in InfoWatch Forensic Storage.