You are here

Features InfoWatch Traffic Monitor Enterprise

Features of the new version 5.0:
A new approach to interfaces for enterprise solutions
Easy access to data for integrating business divisions
Improved potential for detecting and analyzing data
The most flexible and manageable tool for information security
The ability to fine tune DLP-systems for solving business problems
Identification of disloyal employees and malicious users

Monitoring employee risk groups

In tracing the pattern of possible threats, InfoWatch Traffic Monitor relies on more aspects than traditional DLP systems because of its built-in tools for communication with the HR department. The product allows the configuration and application of special targeted policies for monitoring personnel included in certain 'at risk groups,' generating reports on their activity and applying stricter security policies.

We recommend including the following types of employee in an 'at-risk group':

  • Employees on probation
  • Employees who have handed in their resignation
  • Employees who display suspicious recent activity

InfoWatch Traffic Monitor identifies culprits and their accomplices, keeping statistics of violations. This allows the prevention of the most alarming threats, including combined threats (internal and external culprits acting in collusion). All information is stored in a centralized database for further incident investigation, report generation, and quick response to the incident.

The product provides information on violations based on:

  • Time period
  • Threat level: low, medium, high
  • Type of rules violated: transfer, storage, or copying

InfoWatch Traffic Monitor allows the setting of different threat levels based on user type and the amount or categories of accessible information. Each threat level is associated with a corresponding response. Thanks to the access abuse function, an IS officer can detect both intentional violations of policy and negligent handling of confidential data by employees.

InfoWatch Traffic Monitor enables:

  • Monitoring and analysis of all messages sent and received by employees via corporate mail through mobile devices on iOS, Android and other platforms
  • Internal and external monitoring of information on employee laptops: Application agents stay active even if laptops are taken away from company premises, submitting collected information for analysis when the PCs reconnect to the corporate network.
  • Because of its network connection control technology, Internet access from employee laptops outside a company's premises is only possible through the corporate network gateway, which guarantees control over all network traffic
Incident investigation

InfoWatch Traffic Monitor prevents leakage of confidential information, protects intellectual property, investigates IS incidents related to unauthorized employee activity, discovers collusion, and identifies the culprits and their accomplices.

InfoWatch Forensic Storage is an archive which contains all intercepted data. This enables tracking of information routes and unauthorized use of corporate resources, and identifies the sender and receiver of information. It serves as a trusted evidence base source for thorough analysis and investigation of incidents related to confidential data leaks.

Investigation of information security incidents

Benefits:

  • The amount of data stored is only limited by DBMS and hardware platforms, which enables data storage over an unlimited period of time
  • The solution is scalable based on the amount of transmitted data and can be used in organizations with branch offices
  • Areas of responsibility make it possible to set up different models of employee access to stored data
  • The availability of intercepted data is restricted, which allows for privacy of correspondence
  • Extraction of stored information is available in its original form or including analysis results
  • Full-text search is performed on the content of intercepted messages and attachments
  • Employee activity can be monitored in real time

The InfoWatch DLP system and our unique deployment strategy provide companies with the necessary set of tools for internal investigation and further legal defense of their claims.

Prevention of confidential information leaks

Prevention of information leaks is carried out through monitoring, interception, and analysis of all company information flows, which is based on defined information security rules and policies.

What happens to transmitted data

InfoWatch technology supports document recognition and analysis even in the case of small text fragments which can be copied into any document and sent in informal communications or via IM systems.

InfoWatch Traffic Monitor enables:

  • Control of data transmitted via corporate email, Internet resources, and file sharing protocols (SMTP, HTTP, HTTPS, FTP)
  • Control of instant messaging systems (ICQ, Skype, Mail.ru Agent, GTalk, etc.)
  • Control of voice traffic (Skype)
  • Control of device and port use on workstations
  • Control of network connections of workstations
  • Shadow copying of documents printed or copied to removable media
  • Prevention of confidential information leakage by blocking the transmission of data in cases of security policy breach

List of channels monitored

Possible scenarios for leaks

 
 

A database is an essential part of any business application that contains clients' personal information, commercial or project documentation and other confidential information, the uncontrolled distribution of which may damage your business.

Data extraction from business applications is detected through the Database Extraction Detector. This feature instantly discovers data transfer from a database, blocks unauthorized distribution of data, and serves as a source of digital evidence for the investigation of an incident or a court hearing.

InfoWatch Traffic Monitor monitors and intercepts print jobs on any type or model of printer and tracks the number of printed copies.

Besides monitoring printed copies, InfoWatch Traffic Monitor tracks the circulation of scanned documents with the help of OCR (optical character recognition) technology. It detects scanned copies of confidential documents and controls internal as well as outward transfer of such copies.

InfoWatch Traffic Monitor Enterprise enables automatic updating of the digital fingerprint database if source documents are changed. In this way, Object Detector always works with the most recent reference documents database.

A customer places confidential files on public network storage.

DLP system will detect the violation of the confidential files storage policy, and will notify the information security officer.

One of our main project challenges was the ongoing adaptation of the InfoWatch information flow control system for the company’s dynamically changing infrastructure. Moreover, the integration project provided control tools for the main channels of data transfer, such as the company's email, Internet, IM systems (such as ICQ), mobile data media, network and local printing.

For banks, reputation risks related to confidential information leaks are the most important because reputation is the main asset of any financial organization. No reputation means no clients and therefore no future. Today, DLP systems are the most efficient systems of sensitive information protection.
We have chosen the InfoWatch solution because it combines the most innovative and advanced technologies.

The National Bank of Kazakhstan

The integration of InfoWatch Traffic Monitor has helped to decrease the number of possible threats related to information security, and it has also achieved a substantial simplification of activities when investigating alleged incidents.