The Database Detection can record reference database dumps in network traffic and in text documents. This technology makes it possible to quickly intercept copied database information, determine the mailfactor, block data transfers to outside parties, and collect digital evidence of the incident for investigative or legal purposes.
Configuring the Database Detection requires minimal effort. Before generating a reference dump, the database structure must be analyzed and fields (or field combinations) containing confidential information must be selected. For example, a client list itself may be unclassified, but it becomes confidential information when coupled with clients' direct contact information. One or more fields, or a combination of a field and any of the predefined fields, can be viewed as confidential information (for example, different spelling of a company's name). Next, a sample dump of the selected fields is generated, which is saved to a text file. This file is then used by InfoWatch Traffic Monitor as the sample reference dump.
When traces of the reference dump are detected in network traffic, a leak alert appears in the 'Reports' section of the InfoWatch Traffic Monitor console. Details of the interception 'Incident' contain the name of the reference file that matches the detected dump. The 'Relevance' field in the 'Context' section shows the score for the strongest condition that triggered the confidential information alert.