InfoWatch Traffic Monitor Enterprise is a modern data protection solution that offers a selection of tools and technologies to prevent and monitor the transfer of confidential information outside a company's systems.
If confidential information is identified within a data transfer stream and the system classifies this transfer as an incident, the automated security mechanisms kick in and an incident reaction procedure is launched. For example, the data transfer is blocked, the sender receives a warning message or a notification is sent to the person responsible for information security. Details of the incident together with a copy of the intercepted document are retained in the archive.
The way the system works can be outlined according to the following diagram:
The key function of a DLP system is to automatically detect within data streams confidential information that needs to be protected. Therefore, the information analysis algorithm is the main factor in the success of a DLP solution and in reliably protecting corporate data.
InfoWatch solutions use several technologies simultaneously to identify confidential information within a data transfer stream.
Intercepted data is first analyzed by its external indicators or formal attributes – in the case of an email, for example, to determine who sent it to who, when, etc. The second stage involves the extraction of the content of the intercepted information, analyzing this content on the basis of the words and expressions it contains and then using various methods to determine the topic and the level of confidentiality of the intercepted data.
Depending on the category of information and the channels used to transmit it, the effectiveness of employing different technologies to identify data in a general stream varies. Currently, there are a number of approaches, and each has its strengths and weaknesses.
Analyzing texts using dictionaries and regular expressions enables messages containing a given set of words or numbers to be identified, which is the best way to detect files that follow a specific template. However, this method is useless for analyzing other types of text files.
The widely used 'digital fingerprint' technique can easily handle the protection of selected documents that have been pre-indexed; however, it is not suitable for analyzing informal correspondence and requires the indexing procedure to be carried out regularly in order for the technique to function.
The use of linguistic analysis enables documents to be protected at any stage of their lifecycle and permits analysis of any type of correspondence (emails, blog and forum posts, ICQ, etc.) or forwarding of documents or parts; however, it requires customization before it can be deployed and is not effective in cases where selective protection of documents is required.
Experts and InfoWatch are developing and deploying in our solutions hybrid analysis, which is an integrated approach, bringing together the following content analysis technologies: linguistic analysis, digital fingerprints, templates analyzer. The use of hybrid analysis improves the reliability and accuracy of the identification of confidential information, thereby offering more effective protection.
Experts at InfoWatch are developing and deploying in our solutions hybrid analysis, which is an integrated approach, bringing together the following content analysis technologies: linguistic analysis, digital fingerprints, templates analyzer. The use of hybrid analysis improves the reliability and accuracy of the identification of confidential information, thereby offering more effective protection.
Guarantees a high level of detection of critical information at any stage of a document's lifecycle.
A technology for protecting large documents, the contents of which do not change, or change little.
This technology is designed to detect alphanumeric strings in data templates.
Advantages of InfoWatch Data Analysis Technologies
At the present time, existing DLP solutions are primarily focused on the protection of statistical information. InfoWatch Traffic Monitor is the only DLP system available on the market that, thanks to a combination of several content analysis technologies, enables the best of each to be used effectively, protecting information throughout its lifecycle.
InfoWatch Traffic Monitor uses several criteria at once to determine the level of confidentiality of an intercepted message:
the categories assigned to the message as a result of linguistic analysis;
phrases from the reference document database that are identified in the analyzed text;
detected text object templates.
As a result, not only is the effectiveness of the solution improved thanks to a more accurately formulated security policy, but an analysis of business processes can be conducted, identifying information content paths both within and outside the organization.
Significant emphasis is placed on the speed of the operational solution during the development and integration of content analysis technologies. The technologies used in InfoWatch products reduce the amount of time spent on processing texts without any loss of quality.
A distinguishing feature of InfoWatch technologies is the particular level of attention to the financial, government, insurance, oil and gas, and telecommunications sectors of the economy, which is based on many years of experience collaborating with leading companies in Russia, the CIS and further afield. This guarantees customers in these sectors maximum accuracy in detecting and protecting the types of confidential information found in these industries.
Hybrid Analysis Technology is Used in the Following Product
A software solution (DLP system) designed to monitor information flows and protect confidential information from leaks and unauthorized distribution.