Investigation of Information Security Incidents | InfoWatch

You are here

Investigation of Information Security Incidents

InfoWatch solutions help to prevent confidential information leaks, enable information security incidents resulting from illegal activities by staff to be investigated, and identifies perpetrators conducting industrial espionage.

Courts will not call into question evidence presented by participants in legal proceedings in the following format:

  • emails;
  • log files from operating systems and applications that handle restricted access information;
  • log files obtained through the use of specialized programs.

In modern legal practice, a range of precedents exist where evidence presented by employers' IT and information security departments has been accepted as evidence that disciplinary and criminal offenses have been committed.

InfoWatch Forensic Storage is an archive for all intercepted information that provides the ability to trace the path taken by information and to investigate cases of inappropriate use of corporate resources, to determine the sender and receiver of the information, and provide a reliable evidence base for the investigation and thorough analysis of confidential information leaks.

Advantages of InfoWatch solutions:

  • the volume of data that can be retained is limited only by the capabilities of the DBMS and hardware platform, which means that data can be stored for an unlimited period of time;
  • the solution can be scaled up as the volume of transmitted information increases and can be used in organizations with branch structures;
  • the responsibility zones function allows different models for employee access to stored data to be set up;
  • includes the ability to limit access to the contents of intercepted information, enabling compliance with the law on privacy of correspondence.

If information has been placed on the Internet, on publicly accessible sites, then it is important to have a tool that can trace the illegal distribution of corporate information, dark PR, negative reviews, irresponsible behavior of staff on the Internet, and so on.

InfoWatch solutions enable you to monitor information that appears on the Internet about your company and everything it does, quickly and automatically processing and analyzing the data collected, identifying the source of the information and its qualitative attributes.

InfoWatch Kribrum is used by information security services as an add-on to DLP systems as a tool to search confidential data in the external information environment. This allows you to:

  • track mentions of any key words and topics on all significant Internet sites;
  • determine your audience's perception of the activity of representatives of your organization;
  • monitor the activity of specific individuals, particularly company employees (illegal distribution of corporate information, activity on recruitment sites, etc.);
  • track consumer signals regarding violations committed by employees (theft, fraud, insults, etc.);
  • identify instances of distribution of defamatory material detrimental to the company's reputation.
By employing InfoWatch solutions, security professionals will have a complete, systematized picture of the information environment within and around the company, and they will be able to monitor and identify crisis situations in real time.


The introduction and use of InfoWatch solutions provide a company with confidence that their valuable and confidential data is secure, an awareness and system-wide understanding of all of the organization's internal and external information flows, a reduction in business risks, and:

  • confidence that illegal access to confidential information is prevented in a timely fashion;
  • automated collection of digital evidence in distributed corporate network environments, taking into account the specific features of the state's legal system, including
    • legally admissible evidence base for each incident
    • legal support for internal corporate investigation of information security incidents;
  • the ability to quickly identify perpetrators of industrial espionage, or cases of negligence among employees working with confidential information;
  • analysis and business intelligence tools to monitor staff activity and determine their degree of loyalty toward the company;
  • real-time tracking of the information security environment with the help of accountable records;
  • unlimited data storage;
  • full, systematized picture of the information about the company available on the Internet;
  • real-time identification of crisis situations both within and outside the company.

Solutions are based on the following products:

A software solution (DLP system) designed to monitor information flows and protect confidential information from leaks and unauthorized distribution.

A software product providing information security for workstations, removable media and mobile devices, designed for quick deployment and ease of management.