You are here

Technology

InfoWatch develops high-tech, integrated solutions, which allow you to effectively protect corporate information from being leaked or shared without permission.

InfoWatch's concept is to monitor the movement of data at all stages, beginning with an audit (what is stored and where), identifying content paths for information transfer (from who to who, what category of data is being transmitted) and ending with the use of a DLP system and the creation of an information security policy to control the distribution of confidential information.

InfoWatch technologies allow all of a client's documents to be analyzed, dividing them into categories, and enable information assets to be structured and confidential data to be identified from within large volumes of information.

InfoWatch Traffic Monitor Enterprise is a modern data protection solution that offers a selection of tools and technologies to prevent and monitor the transfer of confidential information outside a company's systems.

If confidential information is identified within a data transfer stream and the system classifies this transfer as an incident, the automated security mechanisms kick in and an incident reaction procedure is launched. For example, the data transfer is blocked, the sender receives a warning message or a notification is sent to the person responsible for information security. Details of the incident together with a copy of the intercepted document are retained in the archive.

The way the system works can be outlined according to the following diagram:

The key function of a DLP system is to automatically detect within data streams confidential information that needs to be protected. Therefore, the information analysis algorithm is the main factor in the success of a DLP solution and in reliably protecting corporate data.

InfoWatch solutions use several technologies simultaneously to identify confidential information within a data transfer stream.

Intercepted data is first analyzed by its external indicators or formal attributes – in the case of an email, for example, to determine who sent it to who, when, etc. The second stage involves the extraction of the content of the intercepted information, analyzing this content on the basis of the words and expressions it contains and then using various methods to determine the topic and the level of confidentiality of the intercepted data.

Depending on the category of information and the channels used to transmit it, the effectiveness of employing different technologies to identify data in a general stream varies. Currently, there are a number of approaches, and each has its strengths and weaknesses.

Analyzing texts using dictionaries and regular expressions enables messages containing a given set of words or numbers to be identified, which is the best way to detect files that follow a specific template. However, this method is useless for analyzing other types of text files.

The widely used 'digital fingerprint' technique can easily handle the protection of selected documents that have been pre-indexed; however, it is not suitable for analyzing informal correspondence and requires the indexing procedure to be carried out regularly in order for the technique to function.

The use of linguistic analysis enables documents to be protected at any stage of their lifecycle and permits analysis of any type of correspondence (emails, blog and forum posts, ICQ, etc.) or forwarding of documents or parts; however, it requires customization before it can be deployed and is not effective in cases where selective protection of documents is required.

Experts and InfoWatch are developing and deploying in our solutions hybrid analysis, which is an integrated approach, bringing together the following content analysis technologies: linguistic analysis, digital fingerprints, templates analyzer. The use of hybrid analysis improves the reliability and accuracy of the identification of confidential information, thereby offering more effective protection.

Experts at InfoWatch are developing and deploying in our solutions hybrid analysis, which is an integrated approach, bringing together the following content analysis technologies: linguistic analysis, digital fingerprints, templates analyzer. The use of hybrid analysis improves the reliability and accuracy of the identification of confidential information, thereby offering more effective protection.

More details...

Linguistic Analysis

 

Guarantees a high level of detection of critical information at any stage of a document's lifecycle.

More details...

Digital Fingerprints

 

A technology for protecting large documents, the contents of which do not change, or change little.

More details...

Templates Analyzer

 

This technology is designed to detect alphanumeric strings in data templates.

More details...

Advantages of InfoWatch Data Analysis Technologies

At the present time, existing DLP solutions are primarily focused on the protection of statistical information. InfoWatch Traffic Monitor is the only DLP system available on the market that, thanks to a combination of several content analysis technologies, enables the best of each to be used effectively, protecting information throughout its lifecycle.

InfoWatch Traffic Monitor uses several criteria at once to determine the level of confidentiality of an intercepted message:

  • the categories assigned to the message as a result of linguistic analysis;
  • phrases from the reference document database that are identified in the analyzed text;
  • detected text object templates.

As a result, not only is the effectiveness of the solution improved thanks to a more accurately formulated security policy, but an analysis of business processes can be conducted, identifying information content paths both within and outside the organization.

Significant emphasis is placed on the speed of the operational solution during the development and integration of content analysis technologies. The technologies used in InfoWatch products reduce the amount of time spent on processing texts without any loss of quality.

A distinguishing feature of InfoWatch technologies is the particular level of attention to the financial, government, insurance, oil and gas, and telecommunications sectors of the economy, which is based on many years of experience collaborating with leading companies in Russia, the CIS and further afield. This guarantees customers in these sectors maximum accuracy in detecting and protecting the types of confidential information found in these industries.

Hybrid Analysis Technology is Used in the Following Product

A software solution (DLP system) designed to monitor information flows and protect confidential information from leaks and unauthorized distribution.