InfoWatch announces the launch of InfoWatch Device Monitor, a new product that offers centralized control over the use of removable and stationary storage devices in the corporate environment and prevents leaks of confidential data.
Moscow, May 30, 2006 – InfoWatch, a developer of systems to protect confidential information from insiders, announces the launch of InfoWatch Device Monitor, a new product for preventing data leaks via portable and stationary storage devices and the unauthorized use of mobile appliances. As well as its broad range of functions, which offer the corporate network reliable safeguards from this form of IT threat, the new product supplements the InfoWatch Enterprise Solution to provide full-scale control and auditing capabilities over the confidential information inside an organization.
Today, portable storage devices pose a significant threat to corporate data. The “Internal threats in Russia 2005” study, which polled 315 state and commercial organizations, showed that namely this type of threat causes the most concern among security professionals. 91% of the respondents pointed to portable storage devices as being the main leakage channel, higher than both interactive Web-based services and e-mail. This is hardly surprising considering the enormous amounts of information, including large databases, which can be stolen using a device such as a USB flash drive.
InfoWatch Device Monitor (IDM) has been developed specifically to detect, prevent and enable retrospective analysis of such incidents. The product is a distributed network of agents that work unnoticed on the PCs of a corporate network. IDM monitors in real-time any portable (USB flash drives, portable hard drives, CD/DVD-drives) or stationary (hard drives) storage devices and other appliances (printers, scanners, modems, HID devices, WiFi and Bluetooth appliances etc.) that can be connected via USB, FireWire, IrDA, COM or LPT ports.
In accordance with the corporate IT security policy, rules regarding the use of portable devices (viewing, copying, and connection rights) are set out for each workstation or group of users via a centralized console. If the policy is violated (for example, a confidential document is copied or an unauthorized device is used) the system blocks the operation and immediately sends a message about the incident to the IT security officer’s central console. IDM also controls any activity on stationary hard disks. It enables the creation of an administrative division for the local storage of special documents (for example, internal use or confidential documents in the process of being created or edited) and to place particular controls over that division.
A detailed log of all user operations linked to the computer ports is also maintained simultaneously. In particular, IDM accumulates information about any files that are copied and devices that are connected. This means any suspicious insider activity can be detected and operational data used after the event to prove the guilt of anyone violating corporate policy.
To make the administration of network users more convenient, IDM is integrated with Active Directory. This provides the most efficient level of control over the distribution of access rights for portable devices connected to the centralized register of network objects. The new product can also work effectively in networks without Active Directory with the help of an integrated user support system and a domain IT security policy.
Unlike other specialized products, IDM governs access to mobile devices at the main operational level of the system. This provides the most reliable level of control and can thwart any attempts to bypass the security measures. To improve the effectiveness of the product, it comes with an invisible work regime function that completely conceals IDM from the list of task-manager procedures, which in turn prevents any unsanctioned disconnection of the monitoring process.
The new product has a convenient client and server management console interface, as well as “white” and “black” lists of portable appliances and storage devices.
A major benefit of using IDM in the corporate environment is the comprehensive protection given to all confidential data and possible leakage channels. Integration with InfoWatch Enterprise Solution provides effective controls and auditing capabilities over e-mail traffic, Internet services (Web mail, Web forums, instant messengers etc.), printers, and any work carried out on PCs. This approach offers much more reliable safeguards than piecemeal monitoring solutions for portable devices alone.
InfoWatch’s short-term plans include broadening IDM’s functionality by integrating it with Novell Directory Services (NDS) and Novell eDirectory, adding a function that shadow copies information transmitted to mobile devices saving it in the universal archive InfoWatch *storage, as well as connecting the corporate server to the content filter to scan the contents of any copied documents.
IDM is available as a separate product or as part of InfoWatch Net Monitor (an integrated system for monitoring PC user activity) and InfoWatch Enterprise Solution. An IDM license costs from $30 per network computer. Customers can also take advantage of the other services offered by InfoWatch and the company’s partners to carry out audits of their corporate networks, to create or modernize an IT security policy, as well as install, set up and provide system support for IDM.