InfoWatch Traffic Monitor Enterprise (IWTM)

White Paper: DLP - Data Loss/Leak Prevention

InfoWatch Traffic Monitor Enterprise is a comprehensive solution designed to protect information from internal threats, which allows you to control various data leakage channels, developed by InfoWatch. The solution is based on three modules, one of which provides protection of the perimeter of the corporate network, the second - protection of workstations, and the third (InfoWatch Forensic Storage) - the safety of system data and all performed actions with information inside it.

Network perimeter protection controls data transmitted through web mail, blogs, forums, encrypted Internet protocol, corporate mail system, as well as messaging systems, including popular instant messaging programs (for example, ICQ). The workstation module is responsible for monitoring document printing, access to I/O devices and copying information to removable media, and InfoWatch Forensic Storage allows you to analyze security policy violations, generate statistical reports and manage the solution using the Management Console.

Modules included in

Corporate network perimeter protection module - InfoWatch Traffic Monitor, which monitors data transmitted using web mail, blogs, forums, etc., encrypted Internet protocol, corporate mail system, messaging systems (for example, ICQ) and printed through network print servers

Workstation Security Module - InfoWatch Device Monitor, which monitors document printing through local printers, controls access to I/O devices and controls copying information to removable media

Central archiving and management module - InfoWatch Traffic Monitor Base. It stores all information for further investigation of security policy violations or statistical reporting and manages the solution using the Management Console.

InfoWatch Traffic Monitor Enterprise performs:

• monitoring and analysis of data sent outside the corporate network via mail, web, messaging systems printed or copied to various I/O devices
• prevent sensitive data from leaking by blocking the transfer process if a security policy violation is detected
• analysis and storage of data for investigations.

2023

Integration with Mailion

InfoWatch Traffic Monitor is integrated with the Mailion corporate mail system. This was announced on August 7, 2023 by the company New Cloud Technologies.

Integration will increase the level of security of corporate communications in domestic companies. As a result, the mail traffic of organizations will be protected by DLP - the system.

Through integration with Mailion, InfoWatch the Traffic Monitor DLP system monitors all emails and attachments sent using the mail system, analyzes the contained in them information and automatically decides whether it is acceptable to send it. The results of the joint testings showed that the DLP system and mail service operate effectively in several modes of operation, depending on the settings of the DLP system.

Now all mail traffic will be controlled by InfoWatch Traffic Monitor with several possible uses for DLP - the system. Depending on the result of the content analysis, InfoWatch Traffic Monitor either automatically sends a letter to its recipient (in the absence of threats), or blocks the sending of a message or quarantines the letter, notifying the information security officer of a possible incident. Integration with Mailion meets our strategic vision for the development of the DLP system, which is to provide the company's clients with a flexible and convenient set of tools for protecting corporate information, "said Rustam Farrakhov, Director of the Product Development Department of InfoWatch Group.

According to an expert at InfoWatch Group of Companies, the open API of the InfoWatch Traffic Monitor DLP system allows it to integrate with most corporate applications and business systems and create a configuration that can handle a large number of events and successfully prevent leaks of confidential information, the risk of which has significantly increased over the past year and a half.

Cooperation MyOffice and InfoWatch is another important step in creating a safe and productive workspace in the digital world, "said Rustam Farrakhov, Director of the Product Development Department of InfoWatch Group.

When implementing digital transformation programs, user companies of various Russian solutions must be confident in their full compatibility and security, since the operability of their IT infrastructure depends on this. Critical data transmitted through Mailion will be detected by the InfoWatch Traffic Monitor system and will not exceed the permissible boundaries of information exchange, "said Pyotr Shcheglov, Product Marketing Director of MyOffice.

InfoWatch Traffic Monitor 7.7 with the ability to record the fact of viewing information

On May 25, 2023, an updated version of the InfoWatch Traffic Monitor 7.7 DLP system was introduced to monitor actions with confidential information. Its output can significantly increase protection against incidents by supporting new scenarios that are not implemented in any other system. Version 7.7 uses a different approach to data protection, in which InfoWatch Traffic Monitor controls not only the transmission and output of information through various channels, but also the very fact of the employee's work with it, which until now has remained a gray area for DLP systems.

The main goal of the updates is to respond to the increased threats of information security. They are monitored by company analysts working closely with product developers who modify protection according to the latest trends. So, according to the latest study by the EAC InfoWatch, over the past year, the number of data leaks in the world has increased by 3.5 times, and the protection of organizations from the actions of cybercriminals directly depends on the level of development of information security tools and the ability to control unwanted actions with information.

One of the key changes in the DLP system is the ability of InfoWatch Traffic Monitor 7.7 to record not only the transfer of confidential data ones through the usual channels, but also the fact of viewing information sensitive from the point of view of privacy requirements by an employee on. monitor computer This is often a sign of a future leak - an employee can photograph, rewrite and simply remember what is viewed. data It is possible to configure monitoring for inclusion when working with specific business applications - document management accounting systems or management, which may contain sensitive data, - said the director of the product development department of InfoWatch Group of Companies Rustam Farrakhov.

It is important to note that such events remain out of sight of traditional DLP systems, but with the release of the latest version of InfoWatch Traffic Monitor - the latest generation DLP systems - they will be recorded, which should prevent many incidents.

InfoWatch Traffic Monitor 7.7 uses the technology to determine the acceptability of the distribution target. With this, DLP system policies can be configured so as not to miss dangerous incidents and, at the same time, not slow down business processes, since the decision on the possibility of transferring information is made automatically - taking into account the presence or lack of communication of specific data with a specific recipient. This opens up the possibilities for implementing different scenarios for monitoring the transfer of information. For example, allow the sending of personal data only to their subject or allow the transfer of confidential information only to the counterparty with whom a non-disclosure agreement is concluded. According to the developers, this made it possible to take a new step towards automating problem solving, since the DLP system can make decisions about the legitimacy of the recipient on its own.

InfoWatch also took into account the use of corporate mail on a user device - this channel, which until now was not controlled by DLP systems, is now under control. In particular, if the user does not forward the letter, but opens its draft on his smartphone to save a file with confidential information in the device's memory, then the InfoWatch Traffic Monitor 7.7 system will record this action and help prevent leakage.

Other important innovations in DLP system:

• Mechanism for decrypting and analyzing password-protected archives - the system quarantines the letter, independently requests the password from the sender, decrypts and analyzes its contents, decides on the admissibility of transmission;
• The ability to differentiate access to personal data for different departments of the company. As a result, employees will only see the information they need to do their job;
• Support for DBMSostgres Pro Enterprise, which allows you to transfer DLP to a Russian certified DBMS;
• Expansion of functionality in the environment OS Linux - the appearance of the interception setting, messenger Telegram the prohibition of the use of removable devices and traffic blocking (S HTTP) when the DLP system is triggered;
• Support for current cores for Alt OS.

In the updated visual analytics module InfoWatch Vision 3.0, a section "Investigations" has appeared, which allows you to combine all the information required for their implementation in one workspace, as well as add comments, maintain records and history of operations. This is especially true if several employees work with the system.

Here, information security specialists can collect all data on events, persons, documents, etc. related to an incident that has occurred or is suspected. This is necessary for conducting an investigation, working together with colleagues and preparing reports right in the system, without the need to use third-party funds, "Rustam Farrakhov emphasized.

Among the functions of the investigation editor:

• Add and review DLP system events from InfoWatch Vision.
• Add a dossier for all persons associated with the incident.
• Attaches files and images.
• Add notes and comments
• Change the structure of the investigation report.
• Print.

The InfoWatch booth was especially popular on Positive Hack Days 12, where the company's presentation materials were broadcast and there was live communication with its potential clients and journalists. The new approach to the prevention of information abuse and the capabilities of products demonstrated at the stand caused a positive response from information security specialists. Not least this happened because the topic of leaks is paid close attention - both from regulators and from business.

Integration with Roschat

On April 6, 2023, the GC InfoWatch announced the completion of integration DLP a system to prevent leaks confidential data InfoWatch Traffic Monitor Russian with corporate] developed messenger [[[Roschat]] by the GC "." Informtechnika Product compatibility allows you to secure traffic files containing confidential and information send messages through the messenger to prevent threats. information security

During the collaboration of systems, information about the movement of text messages, contact information, files and geolocation will be transmitted to the InfoWatch server along with information about the event initiator and message recipients, as well as information about the device in use. At the same time, two modes of operation were laid for chats and channels - with preliminary and background data verification. A negative result of any of them removes information from the chat, excluding a leak outside the perimeter of the organization.

The following events are monitored:

• sending a file, content , text message, external link in a chat, including a group;
• Sending a file, content, external link, message in the channel
• sending a contact, including from your personal address book;
• Create a survey
• sending geolocation;
• save the file/content to the device;
• taking a screenshot.

The nature of the DLP system's response to these events can be adjusted depending on the client's wishes by writing scripts in security policies. In particular, it can both warn the security service about suspicious actions and immediately stop them - for example, by removing a message from the correspondence, - said Rustam Farrakhov, director of product development at InfoWatch.

The level of cybercrime is growing annually in the world and companies are increasingly paying attention to tools to improve their cybersecurity. Integration capabilities make the joint use of the ROSCHAT corporate messenger with InfoWatch Traffic Monitor relevant for a large range of companies that prioritize the preservation of confidential data for themselves - from commercial organizations to government agencies, - commented Artem Cheprak, General Director of Informtechnika and Svyaz JSC.

InfoWatch Traffic Monitor 7.6 with improved browser file transfer control technology

On February 28, 2023 InfoWatch Ledger , it announced the release of the next version of DLP the InfoWatch Traffic Monitor 7.6 system, as well as update InfoWatch Prediction 2.2 InfoWatch Vision and 2.8, which use predictive visual analysts data from the InfoWatch Traffic Monitor 7.6 DLP systems and other InfoWatch products.

The updated versions of the products are fully consistent with the current to threats and challenges faced by the Russian the companies for December 2022 and January 2023. In particular, this is a sharp increase in the number of leaks confidential ones, to information which the developers responded with a universal mechanism for controlling transmission data through cloudy file storages and websites in InfoWatch Traffic Monitor 7.6. This version of the DLP system has improved technology control over the transfer of files through, browser so that they are detected to be downloaded to any cloud file hosting service and any other web resource. At the same time, a separate revision of the solution for each specific resource is not required.

The company has developed a universal interception technology that does not require refinement of the system for a specific site, unlike most DLP vendors who claim final lists of specific supported resources, it is reported that it is possible to control 99% of sites and storage. It is important that the technology works regardless of the protocols used and other features of a particular web service. This is not done by any other DLP system we know. Thus, the company managed to completely close another data channel, which can lead to leaks, noted Rustam Farrakhov, Director of the Product Development Department of InfoWatch Group of Companies.

This release has optimized incident analysis capabilities. The DLP system can now point to an incident where all security policy conditions are met in one element, not the entire email. The information security specialist can indicate in the security policies of the exclusion system what is not considered confidential information. For example, determine the labeled information by the phrase "Commercial Secret" and do not work on the disclaimer in the signatures of employees' letters. This significantly reduces the number of false system positives.

DLP system InfoWatch Traffic Monitor 7.6 fully meets the requirements of import substitution and supports domestic operational systems Astra Linux, Alt, RedOS.

Improved graph usability communications in InfoWatch Vision version 2.8. The link graph clearly shows the movement of messages between employees of the organization, now you can view the details of the event without going to InfoWatch Traffic Monitor. This applies post to both correspondence and communication in, messengers information about which is now more detailed. The communication graph allows you to track in which chronological sequence the data moves along routes. When selecting any individual event, the corresponding edge on the column is highlighted. This allows you to quickly determine which employee started the movement, and file which of the employees was involved in the incident.

In addition, this version has a widget "User Decision," which allows you to assess the load of the information security department, systematically generating reports on the number of violations and legitimate events, and also shows how many of them have been processed or require additional actions by specialists.

With this information, it will become easier for information security managers to calculate the workload on the team, plan the work of personnel and assess the effectiveness of the DLP system as a whole, believes Rustam Farrakhov, Director of the Product Development Department of InfoWatch Group of Companies.

The version of the UBA predictive analysis and prediction system InfoWatch threats INFORMATION SECURITY Prediction 2.2 allows you to find deviations business processes in and actions of employees. Through the use of technology artificial intelligence , millions of DLP events are automatically checked against hundreds of criteria and a rating of suspicious employees is formed with details by risk groups that require verification in the first place. In particular, people can get into groups of suspicious employees, the analysis of whose behavior tells the system about their imminent dismissal, abnormal actions, atypical external communications, etc.

In this version, a function has appeared to notify about changes in employee ratings with suspicious behavior when the risk level increases, which allows information security specialists to more quickly respond to increased risks for specific employees. Notifications are sent instantly - when the rating goes beyond the established threshold.

Information analysis by information security employees, putting employees under control and initialization of service investigations are simplified when using reports in xlsx format, the unloading of which is available in this version of the product. They are formed according to the general rating or risk groups. It is also possible to upload data on the dynamics of anomalies. InfoWatch Prediction 2.2 allows you to control employees who have started using those that applications they have not previously applied. This innovation makes it possible to stop attempts data theft or, frauds as well as identify the facts of the use of unincorporated. software As an example, here we can cite, programmer which began to often use a graphic editor or a manager who to sales conducts videoconferences Skype with clients instead. In these protected video conferencings cases, InfoWatch Prediction 2.2 will change the employee's rating, which may serve as a reason for checking his actions by the service, safety noted Rustam Farrakhov, Director of the Product Development Department of InfoWatch Group of Companies.

2022

PrintXpert 3 and APMSiM compatibility

InfoWatch ARTI testing DLP GC and GC "" have completed the compatibility of InfoWatch Traffic Monitor systems the Russian with developments for monitoring and creating secure printing systems and. PrintXpert 3 APCS InfoWatch announced this on December 1, 2022.

Despite the decrease in the proportion of threats associated with physical printing of documents, they continue to be relevant because they remain an available channel for leaks of confidential information. Given the geopolitical situation at the end of 2022 and the high interest of cybercriminals in collecting sensitive corporate data, the security services of organizations need to control the maximum number of information channels that they can use. For this reason, the monitoring process needs maximum automation.

The use of Russian systems for the control and control of printing of ARTI PrintXpert 3 or ARTI APMSiM in conjunction with the InfoWatch Traffic Monitor leak prevention system ensures the necessary level of data security when transferring them inside the corporate perimeter to printing devices. The process of program collaboration was tested by the developers during tests in which print events (both standard and delayed) intercepted by the ARTI system were transmitted (including shadow copies) to the InfoWatch Traffic Monitor system. said Roman Varlygin, Director of Information Security of ARTI Group.

InfoWatch Traffic Monitor checks ON the data transmitted from PrintXpert 3/APMS for confidential information in them, upon detection of which, even in masked or partial form, DLP the system reports the incident.

The integration approach allows you to effectively control printing:

• From any connected devices, including mobile ones;
• Without installing additional agents on printing devices;
• With MFPs and printers of any vendors, including the Russian assembly.

PrintXpert 3 and ASUPiM systems are included in the Unified Register of Russian Programs for Electronic Computers and Databases Ministry of Digital Development Russia.

InfoWatch Activity Monitor 2.0 Release

InfoWatch Group announced on November 28, 2022 the release of InfoWatch Activity Monitor 2.0 as a standalone product. The solution is designed to monitor the actions of employees and control their activities behind the workstation. The InfoWatch Activity Monitor software product was previously a module of the InfoWatch Traffic Monitor DLP system and expanded its capabilities when investigating information security incidents. InfoWatch Activity Monitor 2.0 can now be used in conjunction with a DLP system or separately to monitor and analyze employee performance. Read more here.

Integration with MFlash software

GC InfoWatch and company "" MSoft tested for compatibility - DLP InfoWatch Traffic Monitor ON MFlash and for secure file exchange and secure access to. to data InfoWatch announced this on November 1, 2022. Integration the Russian Developers' products ensure the security of data transfer, including large volumes, and the legitimacy of access within organizations of various sizes and industry specifics.

The previously implemented integration of solutions received a different scenario, as a result of which it became possible to block files when information security events occur. When files are downloaded to MFlash, they first fall into a temporary area where the DLP system checks their contents. When a verdict of violation is received, file transfer is blocked.

The advantages of using MFlash software, in the context of an ever-growing volume of information, include the ability to quickly and easily exchange and provide access to files of any size and format. The compatibility of InfoWatch and MSoft software products suggests that Russian enterprises of any scale and orientation can organize a secure and authorized exchange of files, including those containing confidential information, in the shortest possible time and with minimal effort. Working with DLP in automatic blocking mode can reduce the burden on information security specialists and increase the speed of response to information security incidents, "says Rustam Farrakhov, Director of the Product Development Department of InfoWatch Group of Companies.

Given the constant increase in the cost of leakage of confidential information, it becomes extremely important for organizations not only to detect, but also to prevent the unwanted dissemination of confidential information. The integration of MFlash and InfoWatch allows employees of organizations to quickly and conveniently exchange files of any size among themselves and with counterparties, while full control over information flows is carried out, with the ability to automatically respond when information security events occur, - said Vladimir Emyshev, Development Director of MSoft.

Integration with Im'work messenger

InfoWatch Group and Gab Technologies LLC have completed compatibility testing of the InfoWatch Traffic Monitor DLP system and the Im'work communication platform. As a result of the project, the integration of the InfoWatch Traffic Monitor confidential information leakage prevention system with the Im'work messenger was implemented to ensure a secure corporate communication environment. InfoWatch announced this on October 18, 2022. Read more here.

Compatibility with Russian OS directory services

InfoWatch On September 27, 2022, the Civil Code announced support by the Communications Prevention confidential information leaks and Analysis System () DLP InfoWatch Traffic Monitor for identification user management directory services from domestic SambaDC developers operating systems , based on FreeIPA and OS, OS RedOS as well as Alt Server Astra Directory Linux Pro on OS. Astra Linux

Accelerated import substitution requires tools for efficient migration to software Russian origins, including operating systems (). OS Claimed OS support in most cases means that certain software will run on or server on a workstation running this system. However, this is not enough for full import substitution due to the specifics of centralized management of user accounts, groups, workstations using directory services and group policies. On their basis, a significant part is managed. IT infrastructures

{{quote 'Therefore, it is extremely important to talk not only about the support of any corporate software of the domestic OS - this is just the fact of working under it. This is not enough, as it should support domestic directory services. For our InfoWatch Traffic Monitor product domain , service support means that DLP the system must be integrated with it and be able to pick up users and groups from it, etc. This is not just support for operating systems on workstations, but also integration with the catalog, which is extremely important from the point of view of managing corporate IT infrastructure and using tools information protection that should fit tightly into this landscape. This is especially true when switching from the previously used one, "said Active Directory от MicrosoftAndrey Arefiev InfoWatch, Director of Innovative Projects. }}

Thus, as a result of support for directory services, which are an integral part of the IT infrastructure, support is provided for synchronization by the InfoWatch Traffic Monitor server with directory services supported by Red Software, Astra Linux GC and BASEALT authorized in the directory service used. For Russian organizations, this means solving one of the problems - support for InfoWatch Traffic Monitor for additional operating systems allows you to quickly and safely abandon Microsoft components on the server side, as well as ensure competitive requirements when choosing IT solutions.

Compatibility with Alt OS

InfoWatch and BASEALT ensured the compatibility of the InfoWatch Traffic Monitor Confidential Information Leakage Prevention and Communication Analysis (DLP) system with Alt operating systems. This was announced on September 22, 2022 by InfoWatch. Russian developers agreed to cooperate in providing domestic companies with the opportunity to install and operate Alt operating systems as part of manned projects to implement the InfoWatch Traffic Monitor DLP system.

As a result of comprehensive compatibility testing, the correct operation of InfoWatch Traffic Monitor in the Alt OS environment was confirmed. In the course of cooperation, compatibility of current and latest versions of software products of companies will be ensured. The software package, which includes Alt OS and DLP InfoWatch Traffic Monitor, will help government corporations and large commercial enterprises significantly strengthen the protection of key information systems and make a significant contribution to the formation of a stack of independent high-tech solutions that have proven their effectiveness in practice.

Abandoning foreign operating systems and a complete transition to domestic counterparts is a laborious process complicated by the widespread and long-term use of foreign software by Russian companies. We are interested in developing partnerships with Russian developers to ensure the earliest possible technological independence and replacement of foreign software with mature domestic ones. The combination of InfoWatch and BASEALT software products will allow customers to build a stable and secure IT infrastructure when migrating to domestic IT solutions, "said Andrey Arefiev, director of innovative projects at InfoWatch Group.

The Alt operating systems developed by BASEALT are developing on the basis of the Russian development infrastructure and the Sisyphus repository of free programs. Repository development rules independently define "BASEALT."

The InfoWatch GC Agreement provides customers with our Alt Server, Alt Workstation and Alt SP products for our partner's pilot projects. Thus, the Russian market will have the opportunity to assess the advantages of sharing a means of protecting information from leaks and its stable operation on the basis of domestic operating systems demanded by state-owned enterprises and large commercial corporations. In addition, it is extremely important for us that the IT infrastructures of customer companies built on the basis of the Alt OS are comprehensively protected - we are confident that our cooperation will provide them with the required high level of protection, - said Roman Myskin, Commercial Director of BASEALT.

Compatible with Astra Linux 1.7

Astra Group and InfoWatch Group, a Russian developer of information security solutions for organizations, have confirmed the compatibility of the InfoWatch Traffic Monitor DLP system and the updated version of OC Astra Linux. This was announced on September 20, 2022 by the Astra Group of Companies

The set of tests consisted of installing InfoWatch Traffic Monitor on a PC running Astra Linux 1.7, checking the functionality declared by the developer and the correctness of the subsequent removal of software from the operating system. Tests confirmed: InfoWatch Traffic Monitor functions correctly, according to the test results, the software received a certificate of the Ready For Astra Linux technology cooperation program.

The DLP system InfoWatch Traffic Monitor protects digital assets and prevents the risk of leakage of confidential information of organizations of various industry specifics and scales. The wide possibilities of analyzing information flows make it possible to prevent attempts to distribute sensitive data through all communication channels, mobile devices, social networks, clouds, etc.

We make every effort to provide our customers and our partners with a seamless product experience. integration As of September 2022, it is impossible to overstate the importance of sustainability IT infrastructures when migrating to new software. Our partner's operating system has been supported since 2017. Thanks to the stable operation of InfoWatch Traffic Monitor on Astra Linux 1.7, Russian organizations can ensure uninterrupted operation in terms of managing corporate IT infrastructure with the proper level of security, noted Andrey Arefiev, Director of Innovative Projects of InfoWatch Group of Companies.

By working with companies like InfoWatch, our customers get a truly smart information security solution. It is nice to see that our interest in integration meets the understanding of our colleagues, and together we create an extensive ecosystem of secure Russian software products, commented Anton Rudevsky, Director of the Department for Work with Partners of Astra Group of Companies.

Lexicom Voice DLP Compatibility

InfoWatch Group and Lexicom announced the compatibility of InfoWatch Traffic Monitor and Lexicom Voice DLP products. Russian software developers conducted functional testing of the system to prevent leaks of confidential information and the platform for analyzing the topic of conversations and identifying features in speech behavior. This was reported by InfoWatch Group on August 30, 2022. Read more here.

InfoWatch Data Explorer - InfoWatch Traffic Monitor Release

On July 20, 2022, the InfoWatch group of companies announced the commercial release of its next development in the field of information security - InfoWatch Data Explorer.

The module based on artificial intelligence technologies is part of the latest version of the InfoWatch Traffic Monitor leak prevention system for July 2022 and solves the problems of automatic clustering of documents and automated tuning of DLP system policies in accordance with emerging information security risks. Read more here.

Integration with tada.team

On July 7, 2022, the GC InfoWatch announced that Smart communication technologies it had integrated its own products together with. As a result of the compatibility tests, the correct functioning of the DLP InfoWatch Traffic Monitor system and applications for working communications was established. tada.team More. here

Integration with MyOffice Mail

Implemented with MyOffice Mail integration DLP InfoWatch Traffic Monitor. This was announced on April 13, 2022 by the company. "MyOffice" More. here

Postgres Pro Enterprise Compatibility

On April 5, 2022, the GC InfoWatch announced the compatibility of its products with the domestic industrial management system databases () DBMS for high-load systems of large enterprises. Postgres Pro Enterprise The carried out technological testing confirmed the correct functioning of the products under high load conditions. More. here

2021: State Grant for Product Development

In January 2021, the Russian Foundation for the Development of Information Technologies (RFRIT) reported that InfoWatch became one of the winners of the competition for grants for the development of domestic software products. One of them, in the amount of about 118 million rubles, is intended for the development of InfoWatch Auto DLP - the new functionality of the InfoWatch Traffic Monitor DLP system.

Infowatch told TAdviser that this is a next-generation DLP system that will help an information security officer identify gray areas uncovered by information security politicians and make decisions on whether they need to be monitored and how to do it.

The company says that the uniqueness of the development integrated into InfoWatch Traffic Monitor is that it will not only provide an opportunity to identify and study the "gray" areas of information circulation in the company, but also how information flows change over time. Based on a deep analysis of this data, the self-learning system will automatically collect all the necessary information, offer its categorization and form holistic information security policies that at any given time very accurately close all potentially dangerous areas through which confidential information can "leak."

The declared date for the emergence of new functionality is 1 year.

We laid the prerequisites for the development of the system for a long time, in the form of such modules as, for example, an autolinguist, which we released on the market relatively recently. Initially, the general development was assessed by us at about three years and affected not only the study of "gray" areas, but also involved the study of the movement of these areas within the company and the automatic proposal of the formation of information security policies. If now we are making an "assistant" that will increase the efficiency and accuracy of the implementation, then in the future it will be a system that can implement itself, - told TAdviser in Infowatch.

Another grant, in the amount of about 68 million, rubles is intended for the development of a new product of the company - a system for protecting critical information infrastructure facilities () CUES from cyber threats. InfoWatch ARMA

2020

Update Phishman Integration

On December 16, 2020, InfoWatch announced that, together with Phishman, they had completed work on updating the joint solution in order to finer the automation of the process of raising awareness of information security events processed in Phishman. Read more here.

Integration with Dialog Enterprise messenger

On November 10, 2020, InfoWatch Group of Companies and Dialogue (part of the Sberbank ecosystem) presented a joint solution - a data leakage-protected environment for communications and work, the central part of which is the Russian corporate messenger. To create this offer on the market, the developers implemented the integration of their products: the InfoWatch Traffic Monitor DLP system and the Dialog Enterprise messenger . Read more here.

Obtaining a OUD-4 certificate for compliance of Traffic Monitor 6.11 with the requirements of the information security standard in Kazakhstan

On July 28, 2019, InfoWatch Group of Companies announced the certification of the InfoWatch Traffic Monitor 6.11 product in the Republic of Kazakhstan. The DLP system fully complies with the requirements of the PT RK ISO/IEC15408-3-2017 standard according to the fourth assessment level of trust (OUD4). Based on the test results, a certificate of compliance with the standard registered in the register was obtained.

The certificate, valid until June 26, 2023, will allow the group of companies to introduce a software product in state and commercial organizations of the Republic of Kazakhstan that have increased requirements for information security.

Fulfilling the requirements of the regulator, employees of the InfoWatch Group of Companies representative office in Nur-Sultan provided a package of software documentation for the product, a completed information security task with the most clearly defined goals and security threats, as well as functional security requirements for both the product itself and its working environment. In addition, the specialists of the certification company analyzed the source codes of the DLP system transmitted to them by InfoWatch for vulnerabilities. Based on the results of documentation study, functional testing and other certification tests, InfoWatch Traffic Monitor 6.11 is recognized as complying with all the requirements of OUD4 standard ST RK ISO/IEC 15408-3-2017.

We prepared for certification throughout the year, in close contact with the specialists of the Infosert test center. During this time, all security functions implemented in InfoWatch Traffic Monitor were checked. The user documentation was evaluated, the internal structure of the information system was analyzed, the implementation of safety procedures during development was checked. The certification company also tested for penetration into the perimeter of organizations, using a model of an attacker with enhanced basic attack potential. This is especially true in the case of state organizations and, of course, will help them protect themselves from well-prepared attacks in order to steal confidential information, - said Ruslan Surmay, representative of InfoWatch Group of Companies in the Republic of Kazakhstan.

InfoWatch Traffic Monitor 7.0

On July 22, 2020, InfoWatch released an updated version of InfoWatch Traffic Monitor 7.0. to control information flows and prevent sensitive data leaks. The functionality of the updated solution has been expanded with the predictive analytics tool InfoWatch Prediction to detect anomalies and suspicious patterns of employee behavior.

According to the company, the change in the digital environment and the maturity of the processes of working information with require safety increased attention to its protection and safety, and from the business of continuity and constant growth in efficiency. As of July 2020, the market DLP of systems is developing towards analysts big data financial risk management, increasing labor productivity, based on analysis, including behavioral factors of employees.

The ability to analyze a large amount of data accumulated by customers is an updated quality of DLP class solutions. We observe the interest of customers in tasks related to improving the quality of business processes, in the use of predictive analytics technologies that allow them to act proactively - in the event of a risky pattern of employee behavior. We have added a predictive analytics tool and machine learning content analysis technology to the visual analytics system that our customers already use . told Stepan Deshevykh, Head of Product Development at InfoWatch Group of Companies

As of July 2020, millions of events are processed daily in companies, InfoWatch Traffic Monitor 7.0 analyzes all of them, even the most insignificant ones. The analysis is carried out taking into account the context and relationships of events, allows you to take into account risks, and inform the security officer about them in advance. InfoWatch Prediction calculates many parameters of the employee's behavior, based on the analysis of which the employee can be classified as a risk group. Warning of abnormal behavior in automatic mode allows you to identify potential threats at the earliest stage and see how employees interact with the company's information assets. Minor events, minor violations of security policies in most cases are ignored, but it is precisely these chains of events that most often lie behind serious violations. For example, an employee can copy valuable data in small quantities in advance. If you look at this action in time, and later combine with other types of events - a change in the beginning and end of the working day, a decline in activity in e-mail communications, you can predict that the employee is at risk of "quitting." Thus, the security service has the opportunity to work the incident ahead of time until the company and its assets have suffered real damage.

In addition, the updated version has developed content analysis technologies - now the client can independently train the system to identify various types of graphic images, which complements the previously announced protection of vector images. This is functionality based on. artificial intelligence Support has also been expanded cloudy applications (). MS Exchange Online

2019

Integration with the Kribrum social media monitoring system

On December 12, 2019, the GC InfoWatch announced the release of the next version of the flagship InfoWatch Traffic Monitor solution - 6.11 to control information flows, protect against threats information security and prevent leaks confidential ones. information The main focus is on content analysis technologies and integration capabilities of the solution, which significantly expands the range of tasks to be solved.

One of the properties of the updated InfoWatch Traffic Monitor 6.11 is integration with the Kribrum social media monitoring system, which allows you to track leaks of corporate information in public posts of company employees.

This is a special functionality that is not available in any information flow control system. Using the social media analysis tool takes DLP beyond the perimeter of the organization. For December 2019, we are trying the first version, notes InfoWatch CEO Natalya Kasperskaya

The updated solution provides the ability to fine-tune monitoring and blocking file movement between network infrastructure elements: between network folders and FTP, terminal connections, removable drives, including specifying specific folders. Traffic Monitor 6.11 intercepts and blocks files containing confidential information if they are copied.

{{quote 'author = said the head of the InfoWatch Traffic Monitor Alexander Klevtsov' This ensures control over compliance with the confidentiality requirements of information, which can only be accessed by a limited number of employees of the organization and should not leave a certain internal circuit. The ability to describe detailed policies allows you to control the movement of files between different elements of the network infrastructure. }}

As part of the release, users have access to InfoWatch's patented vector copy analysis technology to protect AutoCAD drawings, approved by Autodesk, the leading developer of design products. Detailed analysis of vector images prevents unauthorized transfer of both the entire drawing and its fragments in any scenarios.

For enterprises where the design documentation is a trade secret or contains know-how, it is necessary to ensure a safe internal corporate perimeter. Our technology for protecting drawings in vector format helps to effectively control complex data types , concluded Alexander Klevtsov

Integration with MCDS

On December 3, 2019, the company InfoWatch announced that it had ATI Bastion jointly conducted integration solutions to prevent leaks confidential information InfoWatch Traffic Monitor and. the Russian system for monitoring the actions of privileged users of the MCDS More. here

Compatibility with Aurora OS (Sailfish Mobile OS RUS)

On October 1, 2019, InfoWatch announced the successful completion of compatibility tests for the InfoWatch Traffic Monitor DLP system and the Sailfish Mobile OS RUS protected mobile operating system from the Open Mobile Platform developer. Integration of solutions allows for multi-level control of mail services and Internet traffic when using mobile devices in a corporate environment.

The integration of the InfoWatch Traffic Monitor solution and the mobile OS allows you to offer a special solution to the Russian market. Aurora OS (Sailfish Mobile OS RUS) is independent of third-party services, has built-in information protection and provides control over data processed using mobile devices. Therefore, the compatibility of our operating system with the company of the Russian DLP solutions market is of particular interest in terms of increasing control over the company's information flows, noted the head of the sales support department "Open mobile platform " Nikonchuk Vladimir

According to the head of the InfoWatch product development department Andrei Arefiev,

The InfoWatch Traffic Monitor function when working with Aurora OS (Sailfish Mobile OS RUS) is to analyze Internet traffic from a mobile device, including uploading data to, cloudy storages sending documents for to web mail and other operations that resulted in the output of confidential information outside the company's perimeter. In the event of an unauthorized transfer data , security officers will be notified of a violation of security policies,

Vector Digital Fingerprint Technology for Drawing Protection

On September 24, 2019, InfoWatch announced that it had developed and patented vector digital fingerprint technology to protect AutoCAD drawings for the InfoWatch Traffic Monitor DLP system. The principle of the technology is to analyze vector images in detail. In the event of an unauthorized transfer of even a fragment of the drawing, the system will determine its belonging to a specific reference document and notify the security officer of a possible data leak.

Prior to this, AutoCAD drawings were protected using digital fingerprint binary data technology. However, practice has shown that scenarios where it is necessary to detect the presence of small fragments of binary digital prints are not enough. According to Alexander Klevtsov, head of InfoWatch Traffic Monitor,

{{quote 'a significant number of our customers are manufacturing companies, developers, for whom drawings are an important part of confidential information. After examining the needs of customers, we found that we need to create vector image protection technologies to improve the protection of AutoCAD files in any scenario }}

Vector image protection technologies used in the modern market did not allow the detection of fragments (for example, parts of details) in public files that represent confidential data.

We understand that project data security is extremely important for our users and their businesses. In this regard, we are very pleased that the development of information security technologies does not stand still, and we can offer customers a different level of data protection in AutoCAD. Grateful to InfoWatch for its progressive development and attention to our industry,

JaCarta SF/GOST compatibility

On August 22, 2019, InfoWatch and Aladdin R.D., announced the completion of compatibility tests for InfoWatch Traffic Monitor and JaCarta SF/GOST products. The operability and correctness of the cross-functioning of the InfoWatch Traffic Monitor DLP system and the secure JaCarta SF/GOST service media are confirmed by the corresponding protocol of August 15, 2019.

Conflict-free operation of the secure service media JaCarta SF/GOST with InfoWatch Traffic Monitor allows you to ensure the necessary level of security when working with corporate information. We are actively working in the direction of import independence, so integration with Russian developments is an important condition for development in the domestic market, "said Andrei Arefiev, head of the InfoWatch product development department.

JaCarta SF/GOST USB tokens are one of the latest developments of Aladdin R.D., provide secure storage and alienation (transfer) of restricted information, while only an authorized user can access information on an authorized computer. According to Oleg Levenkov, director of the Secure Media product area at Aladdin RD, "the integration of the two flagship products of the leading companies in the Russian information security market offers new functionality, while ensuring a high level of information security. We hope that the created solution will be widely used among customers in the Russian market. "

2018

Demand for Traffic Monitor implementation projects grew by 25%

On December 19, 2018, the company InfoWatch reported that in 2018, the demand for product implementation projects to prevent leaks confidential information and protect businesses from internal threats InfoWatch Traffic Monitor increased by 25% compared to 2017. According to the company, the main share of implementation projects for 2018, more than 95%, fell on regular customers, the rest of the projects - on the installation of additional solution modules by existing customers.

At the preparatory stage, the company's specialists, together with the client, classify the information that needs to be protected, determine the current level of information security of the organization, as well as bottlenecks in business processes related to the processing of sensitive information. Protection processes are built taking into account the described factors, and, where possible, vulnerabilities are eliminated at the preparatory stage. Next, the DLP system is implemented, configured, all the necessary procedures and incident response processes are worked out. Konstantin Levin, VP Sales, InfoWatch Group

More than half of the projects were implemented in industrial enterprises, state and municipal institutions, banking and financial organizations, as well as oil and gas companies. A quarter of the implementations are due to demand from enterprises in the field of wholesale and retail trade, transport and logistics, power, as well as medicine and pharmaceuticals.

According to Konstantin Levin, thanks to InfoWatch's long-term experience with the largest enterprises, the InfoWatch Traffic Monitor solution for December 2018 is optimized for the needs and features of various sectors. 29 industry content filtering databases (BKF) allow you to categorize organization documents taking into account professional terms and well-established phrases used in this area. This allows you to ensure the accuracy of detecting confidential data in the information flows of the organization, the expert added.

Integration of InfoWatch Traffic Monitor with SIEM-system "Komrad"

On August 1, 2018, a group of companies, InfoWatch a Russian developer of complex solutions for providing information security organizations, and a group of companies "," Echelon specializing in integrated provision of information security for enterprises and the development of security tools information protection and control, announced the completion of the integration of a solution to prevent leaks confidential information and protect businesses from internal threats () DLP systems InfoWatch Traffic Monitor with centralized security event management (- SIEM system). ""Comrade

The InfoWatch Traffic Monitor DLP system monitors information flows in organizations and prevents accidental and deliberate leaks of corporate information by applying the full range of InfoWatch technologies to events by analyzing information flows. As a result of the integration of solutions, the events analyzed in the InfoWatch DLP system are transferred for processing to the Komrad information security event management system.

In the SIEM-system "Komrad," the data transmitted from InfoWatch Traffic Monitor are supplemented with information from other information security systems: antivirus protection tools, intrusion detection systems for the organization's computer infrastructure, routers, firewalls, servers and automated user workstations. Thus, the security officer of the organization, correlating information from the DLP solution with other means of protection, gets the largest picture of the incident, which helps with investigations and prevents attacks aimed at stealing confidential information.

author '= Marina Batalova, Head of Integration Solutions at InfoWatch Group of Companies The joint use of InfoWatch and Echelon allows customers to gain additional opportunities to protect their business processes, as well as minimize financial, operational and reputational losses.

Combining the capabilities of the InfoWatch Traffic Monitor DLP system and the Comrad SIEM system will allow companies to respond even more quickly to emerging information security incidents and prevent emerging threats.

InfoWatch Traffic Monitor 6.10

On July 2, 2018, InfoWatch announced the release of InfoWatch Traffic Monitor 6.10, a flagship solution for preventing confidential information leaks and protecting organizations from internal information security threats (DLP system). The latest version of the product contains tools for expanding the secure perimeter of the corporate network to cloud services and mobile devices, as well as monitoring the level of information security in organizations with a geographically distributed structure by updating the InfoWatch Vision visual analytics module .

To solve the problem of data leakage protection in companies with an extensive structure, we supplemented the InfoWatch Vision module with the Branch Structure application. With this tool, the system administrator at the company headquarters can assess the level of information security in each of the branches and in the organization as a whole. The module also allows you to monitor the quality of DLP systems in all units and assess the actions of security officers in the field, the number of incidents handled by them and the verdicts issued on them. Alexander Klevtsov, Head of DLP GC InfoWatch

Information on monitoring information security events and incidents in branches is presented in the form of interactive tiered reports in a single virtual console of the InfoWatch Vision module. Events in the report can be grouped by information security policies, objects of protection and verdicts of security officers on incidents.

According to Alexander Klevtsov, one key addition to InfoWatch Traffic Monitor 6.10 is to control the transfer of confidential documents of the organization in a blurred corporate perimeter by ensuring the protection of information in the cloud. The solution prevents data breaches in the Microsoft Office 365 cloud environment by integrating with Microsoft Cloud App Security. In addition, version 6.10 has expanded the list of supported mobile devices and added interception of unauthorized data transfer on workstations, phones and tablets through the Telegram instant messaging service.

To reduce the number of false positives of the system to almost zero, InfoWatch Traffic Monitor 6.10 has improved linguistic analysis technologies and added updated categories for classifying information flows that detect data on new topics, such as "Summary," "Company Strategy," "Security System" and others.

Integration with Microsoft Cloud App Security

On June 7, 2018, the InfoWatch group of companies, a Russian developer of complex solutions for ensuring information security (information security) of organizations, and Microsoft in Russia, announced the creation of an integration solution to ensure the security of information flows of organizations using Microsoft Office 365.

Integration of Information Loss Protection Product (DLP System) InfoWatch Traffic Monitor with Microsoft Cloud App Security (part of the Enterprise Mobility + Security solution), designed to provide security in the cloud, will enable existing and potential customers to centrally manage data protection policies for both employee workstations and cloud environments, as well as provide centralized access to all incidents related to information breach threats.

Integration is implemented through Internet Content Adaptation Protocol (ICAP) technology, thanks to which a copy of traffic from the Microsoft Office 365 server is transferred to the InfoWatch Traffic Monitor server. Next, the DLP system automatically uses analysis technologies to identify security policy violations and notifies the organization's information security officer about them.

Among the main advantages of the integration solution is the ability to control and prevent leaks of confidential information, which can be detected with high accuracy thanks to linguistic patented technologies for analyzing the information flows of the InfoWatch Traffic Monitor DLP system. Companies using this solution will be able to get a complete picture of the movement of their corporate data in Microsoft Office 365.

author '= Marina Batalova, Head of Integration Solutions at InfoWatch Group of Companies "Microsoft's convenient integration technology has enabled us to develop a collaborative enterprise security solution for customers who work with office tools in the Office 365 cloud. We plan to develop cooperation with developers of business applications and office programs, adding additional functionality to InfoWatch solutions in the field of corporate information security. "

2017

InfoWatch Traffic Monitor 6.9

In November 2017, InfoWatch Traffic Monitor 6.9, the flagship solution for preventing leaks of confidential information and protecting organizations from internal threats (DLP system), was announced.

According to an InfoWatch expert, this function allows you to assess the effectiveness of security policies and adjust them in a timely manner. This possibility is especially important at the stage of pre-project inspection of organizations for the presence of risks associated with information security - pre-DLP, and when transferring the DLP system to the mode of preventing leaks and blocking unauthorized actions of employees, added Alexander Klevtsov.

InfoWatch Traffic Monitor 6.9 adds a request manager tool to simplify the distribution of tasks by the information security manager and reduce the risks of abuse of access to the incident database. This tool allows you to distribute access rights to event samples among security officers, in accordance with the assigned monitoring tasks. The "request manager" also implements the function of creating an archive of incidents in MS Word and PDF formats, which are familiar to various structural units of the organization and can be used in workflow.

Another key addition was the improvement of the automated feedback process of the system with the information security service and employees of other departments of the enterprise. Alerts about incidents and changes in the status of investigations are sent to employees by e-mail, for example, "a violation is recorded," "quarantined," "sending is allowed/prohibited." This tool aims to minimize the risks of accidental data breaches and increases the level of cyber hygiene in the company. Recall that according to the InfoWatch Analytical Center, every third data leak from organizations in the world occurs unintentionally - by mistake or ignorance of personnel.

To protect corporate data on employees' mobile devices, InfoWatch Traffic Monitor 6.9 supports operating system Android 6.x and intercepts unauthorized data transfers in popular ones, messengers for example, and. Viber Telegram

Version 6.9 adds the ability to prohibit the interaction of workstations with mobile devices using the Media Transfer Protocol (MTP). In particular, the DLP system can block the transfer of data to a smartphone based on the results of content analysis.

InfoWatch Traffic Monitor 6.9 adds more than 20 options for easy use of DLP solutions at all stages of operation: from pilot to full implementation and investigation.

Integration with NeuroDAT SIEM

The group of companies InfoWatch and the company ("Information Security Center" CBI) in early September 2017 entered into an agreement on technological cooperation. As part of the partnership, it was possible to work together a solution to prevent leaks confidential information and protect businesses from internal threats InfoWatch Traffic Monitor and monitoring system (information security SMIB). NeuroDAT SIEM

As a result of solution integration, data processed in the InfoWatch Traffic Monitor DLP system becomes available for analysis in the NeuroDAT SIEM system. In addition to information from the DLP system, as part of a joint solution, the SIEM console also displays data from antivirus protection tools, intrusion detection systems for the organization's computer infrastructure (IDS), routers, firewalls, servers and automated user desktops. You can read more about this here.

Compatibility with Astra Linux SE and certificate of the Ministry of Defense of Russia

The InfoWatch group of companies announced on August 22 that the InfoWatch Traffic Monitor solution for preventing leaks of confidential information and protecting organizations from internal threats (DLP system) with support for the Astra Linux Special Edition special-purpose operating system (OS) for building secure automated systems received a certificate from the Ministry of Defense of the Russian Federation.

Certification

We successfully passed the certification of the product by the relevant department in the second level of control of undeclared capabilities, which aroused interest from a number of enterprises of the military-industrial complex, - said Alexander Klevtsov, leading product development manager of InfoWatch Group of Companies. - Currently, the system has been tested in a number of enterprises of this sector, demonstrating stable operation in industrial conditions.

Astra Linux compatibility

Earlier, InfoWatch and NPO RusBITex, the developer of the Astra Linux family of operating systems, signed a cooperation agreement in the field of joint development and testing of products for compatibility. According to the test results, the InfoWatch Traffic Monitor solution is certified by NPO RusBITex under the Software ready for Astra Linux program, which means full compliance with the requirements for software with support for the domestic OS Astra Linux Splecial Edition.

Multiplatform

According to Alexander Klevtsov, a number of Russian organizations are either already using Russian-made operating systems to build their infrastructure, or are preparing to switch to them. So that the transition from one OS to another does not violate the continuity of security, InfoWatch Traffic Monitor supports work in the multi-platform infrastructure of the organization. This allows you to gradually transfer the workstation fleet to the Astra Linux Special Edition special purpose operating system. The simultaneous support of Microsoft Active Directory and Astra Linux Directory allows you to maintain uniform security policies.

Maintaining OS integrity

The InfoWatch Traffic Monitor solution for the Astra Linux Special Edition 1.5 OS environment includes server and agent security subsystems.

The agent part of InfoWatch Traffic Monitor protects information regardless of which application software is used on workstations, as it operates at the kernel level of the operating system using proprietary drivers.

The issued Software ready for Astra Linux compatibility certificate confirms that the interaction of the InfoWatch product with the Astra Linux Special Edition special purpose operating system at the kernel level is carried out correctly and does not violate the integrity of the OS and its normal operation, including in terms of built-in information protection, - said Dmitry Donskoy, Deputy Director of the NPO RusBITech Computer Technology Center.

InfoWatch Traffic Monitor protects sensitive information in key data channels, including copying to removable media, sending data via the Internet, and corporate mail. The entire range of data analysis technologies from InfoWatch is applied to the traffic intercepted by the system: linguistic analysis, analysis of text objects, digital prints, a detector of filled out forms and a printer detector, as well as industry solutions of the company.

Integration with Phishman Awareness Center

On InfoWatch Fishman August 8, the Group of Companies (GC) and Phishman ("") announced the completion of the integration of the solution to prevent leaks confidential information and protect businesses from internal threats (- DLP the solution) InfoWatch Traffic Monitor and the user awareness system. Phishman Awareness Center Sharing solutions is aimed at increasing the culture cyber security in organizations.

The DLP system InfoWatch Traffic Monitor records all events on the workstations and corporate mobile devices of the organization, analyzes them, detects the facts of violation of security policies and, if necessary, blocks the transfer of data. Events intercepted by the DLP system that fall into the category of unintentional violations are then transmitted to the Phishman Awareness Center system. The system selects relevant training rules and courses for each incident and assigns training to the employee who violated the information security policy, corresponding to the identified problem. Upon completion of the training, the employee is tested. For convenience, the Phishman Awareness Center is integrated with the Learning Management Systems/LMS.

By integrating InfoWatch with Awareness Center, a new approach to using DLP systems is being added, "said Marina Batalova, Lead Product Development Manager at InfoWatch Group. - Having committed an illegal act with confidential information, the employee will not see notifications of violations of security policies, but tips and rules that will help him learn the principles of handling information assets of the organization. Thus, the overall level of cyber literacy in the team increases and, as a result, the number of incidents in the field of corporate information security decreases.

Each manager knows that most of his employees are poorly versed in information security. Companies are exposed to big risks from cyber threats. It is simply impossible to find a staff of subordinates who will perfectly cope with their official duties and understand the information security field well. We, in the Fishman company, set ourselves a goal - a minimum of costs at the maximum of the result. The integration of the Awareness Center with the InfoWatch Traffic Monitor system will allow you to train those users who really need it, automatically determining the required information, with the ability to master it in a minimum of time, "said Nikolai Agrinsky, founder of Fishman .

InfoWatch Traffic Monitor integrated with RuSIEM

On June 29, 2017, the company InfoWatch and the company RuSIEM announced the completion of the integration of InfoWatch Traffic Monitor technology and. information security event management systems RuSIEM

As a result of technology integration, InfoWatch Traffic Monitor Enterprise automatically connects to RuSIEM as a source of information security events. Data coming from the InfoWatch DLP system is simultaneously available for processing and analysis in the RuSIEM information security event management system.

A security officer using the RuSIEM SIEM system in conjunction with the InfoWatch DLP solution can control the transfer of confidential organization data and the actions of privileged users in real time, track correlations between different types of events and prevent unauthorized actions of employees.

In addition to information from the DLP system, SIEM displays data from the intrusion detection system (IDS), routers, firewalls, servers, and user workstations. The wide scope of incidents simplifies the process of identifying intruders in the organization and collecting evidence during internal investigations.

Many information security vendors today receive customer requests for integration with DLP systems as the number of sensitive data leaks from organizations grows annually. Thanks to the ability to integrate InfoWatch Traffic Monitor with third-party solutions, we regularly receive requests for technological cooperation. As a result of integration with RuSIEM, mature analysis technologies and a wide range of data interception channels InfoWatch Traffic Monitor will be available on a single panel of the RuSIEM SIEM system. Marina Batalova, Lead Product Development Manager at InfoWatch

The joint solution will allow you to timely detect and record really important incidents, carry out an operational contextual search of the services used, the circle of communication, the interests of personnel and the movement of critical data through various communication channels. Olesya Shelestova, CEO of RuSIEM

In the Middle East market

On June 2, 2017, following the results of the Dubai Gulf information security Information Security Expo & Conference (GISEC) held in the United Arab Emirates, InfoWatch Group plans to bring products to the Middle East market that have aroused the main interest of forum participants and potential partners and customers of the company. Among them is a solution for preventing information leaks and protecting organizations from internal threats InfoWatch Traffic Monitor with an additional module for conducting investigations; InfoWatch Vision a solution for protecting Internet banking systems, marketplaces, public service portals, group work systems, online stores and other web resources, InfoWatch Attack Killer as well as a set of services for protecting automated process control systems (), PCS including conducting an information security audit and introducing PCS protection systems, including for projects within the framework of the concept "."smart city

Data Transfer Control Integration Adapter

On April 6, 2017, InfoWatch announced the release of an integration adapter for controlling data transfer in the Cisco Unified Communications Manager (Cisco UCM) corporate messenger.

Integration is done by connecting the InfoWatch Cisco UCM Adapter module to the Cisco UCM database. The adapter intercepts text documents, tables, images and other attached files and sends them for analysis to the InfoWatch Traffic Monitor system for preventing confidential data leaks and protecting organizations from internal threats.

The technology reveals illegal actions:

• malicious correspondence of employees,
• Transfer a confidential file or piece of text.

If security policies are violated, the system notifies the organization's security officer of the incident. All events are stored in a single InfoWatch Traffic Monitor database for incident investigations.

Corporate messengers are gaining popularity and often act as the main channel for communication and data exchange in the organization. Employees use them to communicate sensitive information, discuss important tasks, projects and pressing issues, so this channel requires careful control in terms of preventing information leaks and other risks associated with misconduct of organization personnel. The integration of the Cisco UCM corporate messenger with the InfoWatch Traffic Monitor DLP system increases the overall level of security in the company and reduces the risks of internal fraud by employees. Marina Batalova, Product Development Manager of InfoWatch Group of Companies

2016

Results of the year

According to the results of 2016, more than 30% of the number of projects implementing a solution to prevent leaks of confidential information and protect businesses from internal threats InfoWatch Traffic Monitor. In 2016, the average annual norm for the number of implementations of previous years was exceeded by more than 2.5 times.

As part of pilot projects for the implementation of InfoWatch information security solutions, Lenovo server equipment will be used

At the end of 2016, the InfoWatch group of companies (GC), a Russian developer of complex solutions for ensuring information security (IS) of organizations, and the global technology company Lenovo, a developer and manufacturer of innovative products, entered into a technological partnership agreement. The parties have begun testing the compatibility of the solution to prevent leaks of confidential information and protect businesses from internal threats InfoWatch Traffic Monitor and Lenovo server equipment. Lenovo servers will be used in pilot projects for the implementation of InfoWatch information security solutions.

Integration with MaxPatrol SIEM

On December 8, 2016, InfoWatch and Positive Technologies announced the integration of InfoWatch Traffic Monitor Enterprise 6.1 technology and MaxPatrol SIEM system. As part of the collaboration, the MaxPatrol SIEM support program for subsequent versions of InfoWatch Traffic Monitor has been launched.

As a result of integration, data coming from the InfoWatch Traffic Monitor DLP system has simultaneously become available for processing and analysis in the MaxPatrol SIEM information security event correlation system. SIEM users have the ability to track the history of the transfer of confidential information through corporate email and various web resources, messaging systems and file sharing tools, and block unauthorized actions of employees.

The main task of integrating InfoWatch Traffic Monitor Enterprise and MaxPatrol SIEM is to protect the business processes of organizations from illegal actions of attackers at an early stage of their planning. Integration allows the company's information security service not only to quickly identify distributed attacks by correlating information from a DLP solution with other security tools, but also to block targeted attacks aimed at stealing confidential information. Minimizing financial, operational and reputational losses of customers is the main driver of the partnership between InfoWatch and Positive Technologies. Marina Batalova, Product Development Manager of InfoWatch Group of Companies

The methods of actions of attackers are improving every day, so manufacturers of security tools are forced to constantly expand the functionality of their systems in response to modern threats. The problem of information leakage is no exception. Often, a bundle of class and decision is used to quickly identify such incidents SIEM. DLP Today MaxPatrol SIEM it supports the means of protection of most domestic manufacturers, including companies. InfoWatch We continue the work that has begun to adapt to MaxPatrol SIEM work with InfoWatch Traffic Monitor. In particular, we aim to expand the list of supported versions DLP of the system, collect new types of events, simplify this process for the end user and maximize its automation. Alexey Goldbergs, Head of Technology Partners at Positive Technologies

Integration with UserGate UTM

On November 29, 2016, the press service of the InfoWatch group of companies announced an agreement with Entensys on technological cooperation in ensuring the collaboration of InfoWatch Traffic Monitor software and enterprise Internet access control technology UserGate UTM.

On November 29, 2016, companies implemented system interaction through the Internet Content Adaptation Protocol (ICAP). Technology sharing is aimed at ensuring the security of organizations from leaks of confidential information, comprehensive protection of enterprises from threats associated with the use of the Internet by employees.

The integration of InfoWatch Traffic Monitor and UserGate UTM solutions will enable customers to gain additional capabilities to investigate information security incidents in their organizations and provide centralized incident storage in a single database. Timely response to such incidents will help minimize the company's reputational, operational and financial risks. Marina Batalova, Product Development Manager of InfoWatch Group of Companies

The joint use of two Russian solutions and their coordinated work make it possible to ensure a higher degree of protection for a wide variety of companies. From several first projects, we see that the ability to integrate InfoWatch Traffic Monitor and UserGate UTM solutions is of interest to many companies using these products. Dmitry Kurashev, director of Entensys

InfoWatch Traffic Monitor and R-Vision IRP Integration

On November 24, 2016, the InfoWatch group of companies and the R-Vision company announced the signing of an agreement regarding the joint development, production and distribution of corporate information security tools on the market.

Under this agreement, it is planned to ensure the integration of the platform for organizing an information security incident response center R-Vision Incident Response Platform with technology to prevent leaks of confidential information and protect businesses from internal threats InfoWatch Traffic Monitor.

As a result of integration, it is planned to implement the ability to send events from InfoWatch Traffic Monitor to the R-Vision IRP system for analyzing and storing incidents of the corporate information security system in a single information system, simplifying access to it by the company's security officer.

Another aspect of the integration, aimed at improving the conditions for comprehensive analysis of situations and prompt detection of incidents related to information security in the organization, will be to ensure the ability to compare events coming from InfoWatch Traffic Monitor with events coming to R-Vision IRP from other systems.

Integration-The DLP solution InfoWatch and system R-Vision IRP will provide customers with advanced tools to prevent possible internal threats related to the company's information security, when comparing the actions of external attackers with the actions of employees within the organization, identifying collusion, determining the circle of accomplices and involved persons, and will significantly simplify the process of investigating such incidents. Marina Batalova, Product Development Manager of InfoWatch Group of Companies

In modern realities, prompt response to information security incidents requires consolidation of information about incidents from various sources and means of protection. The partnership opens up new opportunities for the implementation of solutions of our companies, as well as prospects for expanding customer and partner bases. Many organizations use InfoWatch Group products to protect critical data, and through technological partnership we plan to provide users with additional synergies achieved through the close integration of our company's developments and InfoWatch solutions. Alexander Bondarenko, General Director of R-Vision LLC

Industry Distribution of InfoWatch Traffic Monitor Implementation Pilots

On November 2, 2016, InfoWatch presented data on the industry distribution of pilot projects for the implementation of InfoWatch Traffic Monitor.

In 2016, about a third of IW TM pilot projects were implemented in the public and municipal sector - 32%. Organizations representing the banking sector - 13%, industrial enterprises - 12%, oil and gas companies - 10%, energy complex - 9%, wholesale and retail enterprises - 5%.

Less than one percent of the total number of IW TM pilot projects were conducted in investment and legal companies, in metallurgy and the media industry.

From January to November 2016, the total number of implementations of InfoWatch Traffic Monitor pilot projects in organizations in annual terms increased by 38%.

Integration of InfoWatch Traffic Monitor and MFlash

On October 27, 2016, InfoWatch and MSoft, a developer of electronic document management systems, announced the integration of InfoWatch Traffic Monitor and MFlash products. At the same time, the first pilot project and sales of a joint solution began.

As part of the partnership, InfoWatch and MSoft specialists have developed a software adapter for analyzing events in the corporate cloud storage MFlash, for example, transferring documents outside the company's perimeter. To control the MFlash cloud file storage, the adapter intercepts the forwarded data and downloads it to the DLP system using the InfoWatch Traffic Monitor SDK. Next, we analyze the intercepted events using InfoWatch technologies and security policies configured in InfoWatch Traffic Monitor.

Often, breaches of enterprise information security, both intentional and accidental, occur due to the use of unsafe file sharing tools. Enterprise cloud storage allows employees to work with electronic documents using various devices, including outside the secure perimeter of the organization. The transparency of these operations is becoming critical to the business. It is important for companies to control the movement of data in the cloud and understand who and when gets access to certain files. The integration of MFlash and InfoWatch Traffic Monitor ensures the holistic information security of enterprises when employees work with documents in the corporate cloud storage. InfoWatch Product Development Manager Marina Batalova

According to the partners, the use of an integration adapter allows you to easily configure the collaboration of InfoWatch Traffic Monitor and MFlash solutions, storing all information security incidents in a single database.

InfoWatch Traffic Monitor 6.5

On October 17, 2016, InfoWatch announced the release of InfoWatch Traffic Monitor version 6.5.

In TM 6.5, the main analysis technologies are applied both at the network gateway level and on end devices, including personal computers and laptops. This helps to instantly block unauthorized actions of employees: theft, disclosure, modification of confidential information. Which reduces the likelihood of damage from the leakage of business-sensitive data.

The new version of InfoWatch Traffic Monitor 6.5 allows customers to move from monitoring incidents to preventing them directly. With high accuracy, with minimal workload on the workstation, the TM 6.5 detects the unauthorized transfer of confidential information from an employee's device and blocks it without disrupting the continuity of the company's business processes. As a result, a high level of secure work with information is maintained both within the office and abroad of the protected perimeter. Alexander Klevtsov, Lead Product Development Manager at InfoWatch Group of Companies

The integration of InfoWatch Traffic Monitor into the company's infrastructure involves the presence of a software agent on employee workstations. Unlike the previous version, the agency part of the TM 6.5 performs linguistic and signature analysis of the processed data, determination of text objects, and these analysis technologies can be combined to more accurately identify confidential information. Thus, the blocking of sensitive data leaks is performed directly on the end devices of employees.

The configuration of TM 6.5 security policies for workstations is implemented through a single control center - the InfoWatch Traffic Monitor console. You can use industry templates or create unique policies for each target device.

With TM 6.5, you can prohibit certain employee actions in different applications even if the software manufacturer does not provide for the delimitation of access rights to these functions. For example, a security officer can differentiate between the rights of individual employees to perform a copy-to-clipboard operation, to print, or to take screenshots in a document management or accounting application.

In TM 6.5, a company security officer can investigate incidents with the ability to view screenshots of employees' desktop taken by the system before and after an event occurs, the ability to filter snapshots by workstation, employee, or software application.

InfoWatch Traffic Monitor 6.1

On July 27, 2016, InfoWatch announced the release of InfoWatch Traffic Monitor 6.1.

Special agent Traffic Monitor 6.1 is installed on a mobile device (smartphone, tablet) running Android and iOS and monitors user actions when working with corporate data, information transfer through all main communication channels:

• SMS messages,
• web and mail traffic,
• messengers (including Skype, WhatsApp),
• cloud storage,
• social media.

The launch of individual applications and the camera^[1] mobile device^[1]

Through mobile agent Traffic Monitor version 6.1 analyzes the images taken by the phone camera: if an employee photographed a confidential document, the system will respond to this event. The technology will work even when the picture is not transmitted outward through communication channels, but only stored in memory. smartphone

Mobile devices remained a "shadow zone" in the controlled perimeter of corporate security. Many companies simply forbade their employees to bring a device to work, trying to avoid data leaks. However, we have always believed that any restriction negatively affects the business. Tablets and smartphones, including personal ones, are a tool for optimizing the work of employees. The use of such a tool should not be prohibited, but should be monitored. Alexander Klevtsov, Lead Product Development Manager at InfoWatch

The mobile agent can be installed on corporate and personal devices, with the consent of the owner. It is assumed that the control of mobile devices will reduce the risks associated with the use of mobile devices (including personal ones) in corporate communications.

Counterparty information collected in various databases is one of the most valuable assets for any company. At the same time, the name of counterparties, the names of counterparty companies, addresses and other information from these databases represent a special type of data that cannot be formalized.

To detect them, a reference fingerprint of the base is created (it can be formed from several sources - CRM systems, ERP, Excel files, etc.). Then, in the traffic stream, InfoWatch Traffic Monitor analyzes each message (letters, publications on the web, files saved in the "cloud," etc.), compares the text fragments found in these messages with data from the reference fingerprint. If a match is found, the company's security officer will be notified of the incident.

The technology was called "Database Download Detector." According to the creators, its use helps prevent the leakage of information about counterparties as a result of errors or intentional actions of employees, regardless of whether the entire client base or a fragment of it is transmitted.

Traffic Monitor 6.1 directly connects to protected data (sources - ERP, CRM systems), which allows you to constantly keep the reference fingerprint of the database up to date.

To identify leaks of personal data and other formalized (for example, in the form of questionnaires) information, the "Completed Forms Detector" technology is used. The performance of this technology in the new version has grown 28 times with the ability to simultaneously control 150 questionnaires.

The mentioned technologies can be used together. In this case, the system looks for combinations of formalized (credit card numbers, TINs, other text objects) and non-formalized objects (information about counterparties), which allows you to reduce the number of false positive positives, increase the speed of traffic processing and detection accuracy.

The SDK software interface helps InfoWatch Traffic Monitor accumulate data from its own interceptors and from third-party business systems, security systems, applying the full range of analysis technologies and policies to them.

For third-party partners, having an SDK will be a pass to the InfoWatch ecosystem. Through cooperation with other security developers, we hope to increase the functionality of our product in order to offer the customer the optimal solution to his tasks in the field of information security. Marina Batalova, Lead Manager for Integration Solutions Development InfoWatch

As part of this direction, free support has been added to InfoWatch Traffic Monitor. DBMS PostgreSQL Oracle The Text search technology previously used in the product was replaced by the Sphinx search engine developed in. Russia

InfoWatch Traffic Monitor protects AutoCAD files

In January 2016, InfoWatch announced the creation of technology that protects AutoCAD files from leakage. The detection of confidential information in AutoCAD drawings and 3D projects is carried out thanks to the technology of digital fingerprints of binary data.

Binary digital fingerprint technology makes it possible to accurately detect the transfer of confidential data, but until now it had a serious limitation: changes in the file led to the fact that it ceased to match its digital fingerprint and therefore could no longer be intercepted by the system. In this regard, file protection using binary digital fingerprint technology was recommended for rarely modified documents and was always duplicated by other, more flexible data analysis technologies.

Another difficulty for a long time was that most DLP systems do not know how to work directly with binary data, which includes AutoCAD files. When you create a digital fingerprint, you work with metadata (drawing part names, etc.) or another text environment. Deleting this text information from the file leads to the fact that the document ceases to be recognized by the system, which means that it loses protection against leakage.

InfoWatch has created technology that not only processes binary data directly, but also detects a confidential file with any number of changes made to it. The "sensitivity" of the system to the number of document modifications depends on the settings that the user can set at his discretion.

"DWG files created in AutoCAD are a significant part of the intellectual property of any company where design engineers and designers work. Controlling the circulation of such files is of interest to both secure enterprises and companies operating in a strong competitive environment. Engineering file formats are complex because they quite reflect the complexity of the objects designed by engineers. They use a huge number of different elements and metadata. It is not easy to offer them effective DLP technology. Therefore, it is especially gratifying to see interesting Russian development in this area, "said Vladimir Ananyev, technical consultant at Autodesk Developer Network.

2015: JaCarta keys compatible with InfoWatch Traffic Monitor

On April 29, 2015, InfoWatch Group of Companies and Aladdin R.D. announced the final test for compatibility of their products.

"The company pays "Aladdin RD" great attention to the compatibility of its solutions with the products of technological partners, conducting certification tests on a regular basis. At the moment, the correctness of smart cards and USB tokens JaCarta has already been confirmed with more than a hundred products of development companies ON and equipment manufacturers, - said the Aleksei Alexandrov head of the department for work with technological partners of the company. "It "Aladdin RD" is especially pleasant when such market flagships as the GC become participants in the company's technological partnership program." InfoWatch

2014

InfoWatch Traffic Monitor 5.0

On March 5, 2014, InfoWatch announced the release of InfoWatch Traffic Monitor 5.0, an insider action prevention software.

The new version of the product offers user interaction logic, where the business role in security management prevails.

InfoWatch Traffic Monitor 5.0 is created on the basis of a fundamentally new platform that independently analyzes the completeness of the specified conditions and in the formation of information security policy. Among other things, this ease of configuration and use will dramatically change the situation with the spread of DLP systems in the SMB segment, which suffers from data leaks no less than large companies, but usually does not have the resources to implement and operate such solutions.

The solution takes into account more data to form a threat picture than traditional DLP systems. All ^[2]. For example, built-in tools for interacting with HR service allow you to configure and apply special targeted control policies for personnel belonging to the so-called "risk group" with the creation of special reports on the activity of such employees. In the "risk group" are, first of all, recently hired and quitting people.

Role and Group Policies

InfoWatch Traffic Monitor 5.0 provides role-based access for different groups of users - HR service, legal department, marketing department, top managers, etc., with the ability to control and protect information that they classify as confidential.

Violation Alert

To prevent violations, it is possible to notify the manager of incidents in which his subordinates are involved. This applies to both direct violation of information security policies (sending, copying confidential information) and illegitimate storage. Such alerts prevent both simple negligence in handling information and a likely malicious leak.

Reporting and statistics

InfoWatch Traffic Monitor identifies violators and the circle of persons involved, maintains statistics of violations, which allows you to prevent the most dangerous threats, including combined (internal and external violators acting in collusion). All information is stored in a single database for further investigation of incidents, generation of reports and prompt response to an incident. The product presents information on violations in the context of: the selected period of time; disturbance level: low, medium, high; Types of broken rules, such as transfer, store, and copy.

Analysis and interception

Improved technologies for information interception and analysis - InfoWatch Traffic Monitor 5.0 recognizes the transfer of confidential information, regardless of the type of presentation: excerpts from text, a graphic file (for example, photos) or binary data. At the same time, an attacker cannot deceive the system by changing the file resolution, adding "noise" to the image, etc. - unlike other DLP systems, InfoWatch Traffic Monitor 5.0 understands the content of the file, and not only determines its compliance with formal criteria

InfoWatch Traffic Monitor is compatible with Huawei Tecal RH servers

Huawei, an ICT developer, and InfoWatch tested in the fall of 2014 and confirmed the compatibility of the InfoWatch Traffic Monitor solution with Huawei's Tecal RH series servers. Based on the results of the load testing, a certificate was signed certifying that the InfoWatch Traffic Monitor 5.x internal threat protection solution is recognized as fully compatible and is recommended for installation on Huawei Tecal RH servers.

The RH series includes servers with dual or quad-core Xeon processors with 1U, 2U, or 4U rack heights. Huawei Tecal RH servers are highly productive, providing ample scalability, the company said.

The joint use of InfoWatch Traffic Monitor and Huawei servers allows you to achieve high system speed with low load on the organization's network. Thus, customers can be sure that the implementation of the DLP system will protect confidential information, but will not negatively affect the existing business processes in the company, Huawei emphasized.

2013

Experts of Belarus gave the go-ahead InfoWatch Traffic Monitor Enterprise

On October 29, 2013, InfoWatch announced a positive expert opinion of the Operational Analytical Center under the President of Belarus regarding the use of the InfoWatch Traffic Monitor Enterprise information flow control system.

The document notes that InfoWatch Traffic Monitor Enterprise 3.5.3 "is allowed to be used in information systems of classes A2, B2, A3, BZ, TZ in accordance with STB 34.101.30-2007" Information technologies. Methods and means of safety. Objects of informatization. Classification of "."

Thus, it is allowed to use the product as a means of protecting information in any information systems, excluding information classified as secrets of national importance. Obtaining an expert opinion allows Belarusian customers, who are obliged to use only solutions that have passed certification or expertise to protect information, to use InfoWatch technologies in the fight against information leaks.

The positive expert opinion of InfoWatch Traffic Monitor Enterprise is of strategic importance for the development of product sales in the region, since none of the systems positioned on the Belarusian market as DLP has an expert opinion of this ^[2].

InfoWatch Traffic Monitor Enterprise 4.1

The InfoWatch group of companies has released an update to the InfoWatch Traffic Monitor Enterprise 4.1 solution for controlling information flows and protecting corporate information, the organization's press service said on August 1, 2013.

Optimization

In this release, it became possible to intercept HTTPS traffic of users on workstations, and not on the gateway, which increases system performance significantly. In addition, a security officer can exclude intracorporate traffic from the information control flow to reduce the load on the server.

"An efficient DLP system should not only provide the necessary functionality, but also meet high performance requirements," said Alexander Klevtsov, DLP Development Manager at InfoWatch. "Therefore, when developing this update to our flagship product, we focused on providing processing and analysis of large amounts of data."

Archive processing

InfoWatch Traffic Monitor Enterprise 4.1 has built-in self-extracting archive detection (SFX), which allows the system to analyze archived data for confidential information.

Control of print languages

The new version includes an expanded list of printing languages and controls printing not only on office, but also industrial printing devices, often used in large enterprises. An attempt to print confidential documents will be detected by InfoWatch Traffic Monitor Enterprise 4.1, regardless of print language or printer model.

Advanced Print Event Logging

Incident descriptions now contain the most complete information: the name and location of the printer, an indication of the number of copies of the printed document. This information is used to investigate incidents and identify intruders.

InfoWatch Traffic Monitor Enterprise 4.0

One of the key innovations in InfoWatch Traffic Monitor Enterprise 4.0 is the InfoWatch Crawler subsystem, which provides control over the placement of documents on network resources and allows you to determine where information is stored and who has access to it. InfoWatch Crawler scans employee workstations, public network storage and document management systems, and then creates shadow copies of the documents found. Subsequently, these shadow copies are transmitted to the InfoWatch Traffic Monitor server for analysis and enforcement of security policies.

The unique technologies of linguistic analysis used in InfoWatch Traffic Monitor Enterprise have also been supplemented and improved. The solution allows you to detect confidential information transmitted not only in text format, but also in the form of binary data and, as a result, control the movement of documents such as audio and video files, CAD drawings, etc.

So, if the company needs to control the movement of the PowerPoint presentation, it is enough to add it to the database of reference documents. From that moment on, the system will record the fact of movement through controlled channels not only the entire presentation document itself, but also simple text copied from the file, as well as a presentation from which all text was removed, leaving images and diagrams.

The many years of implementation experience of InfoWatch experts indicate that the DLP system cannot be a "solution out of the box," so the new version takes into account the features of types of vulnerable data that are relevant for various industries. New objects for such industries as finance and insurance, oil and gas, production, telecommunications were added to the database of text templates, and new templates were separately added to the personal data section. These facilities take into account the specifics of countries such as Russia, Belarus, Kazakhstan, UAE, Vietnam and many others.

In addition, now if a company needs to track data corresponding to an entire category of text templates (for example, everything related to personal data), InfoWatch Traffic Monitor Enterprise 4.0 provides this functionality. Data corresponding to specific text templates not presented in the system can be added as soon as possible (it is carried out at the initiative of users and developers similar to antivirus updates).

InfoWatch Traffic Monitor Enterprise 4.0 has expanded the list of detected file formats, as well as monitored channels. To fully monitor information flows on workstations, the system has added support for intercepting and blocking recording information on removable CD/DVD media. Also implemented is the interception of encrypted messages transmitted through popular instant messengers such as GTalk and the Mail.ru agent, as well as Skype, which has recently been very popular and is often used in the business environment. At the same time, the InfoWatch Traffic Monitor system monitors both text messages transmitted via Skype and calls.

The list of monitored information transmission channels over the network is supplemented with the FTP protocol. In addition, it is possible to prohibit connection to network segments that are not included in the allowed list. For example, an employee's attempt to connect to some "extraneous" Wi-Fi network will be blocked, which allows the company to control employees' portable devices, even when they are outside the protected perimeter of the organization.

For the convenience of users, InfoWatch Traffic Monitor Enterprise 4.0 implements the ability to control information by the format of transferred files. For example, all CAD files in an organization are intellectual property. To protect these files, you do not need to enter them into the database of reference documents, just configure control over the movement of files of this format in InfoWatch Traffic Monitor. Office documents Microsoft have improved analysis, which allows you to analyze the structure of documents in more detail and take into account elements such as footnotes, underlays, notes, etc. The content data analysis system has also become more efficient through the function of recognizing text typed with typos or transliteration.

In addition, when employees access corporate mail from mobile devices running iOS or Android, the new version of the system will analyze and control all messages transmitted on this channel. This will help companies that have implemented the principles of remote work and BYOD to ensure the security of corporate information and beyond the protected perimeter.

In accordance with the strategy to provide the most functional and at the same time convenient solutions, the principle of interaction with the user in InfoWatch Traffic Monitor Enterprise 4.0 is built in such a way that monitoring and investigation of incidents can be carried out as soon as possible. This optimization was made possible by using technologies that allow multiple simultaneous requests to the InfoWatch Forensic Storage incident database, as well as automatically generate a request to the database based on the incident - by sender, recipient or workstation. It is enough to select the incident so that a request is formed for the participants in the correspondence. Assigning access rights to the queries, reports, and folders in which they are placed has become simple and intuitive.

To differentiate incidents and flexibly form security policies, the new version has added the ability to categorize web resources. This update aims to use web resources taking into account the nuances of the company's work.

InfoWatch Traffic Monitor Enterprise 4.0 allows you to quickly notify security officers and violators about incidents that correspond to the information security policies of the organization. The new version allows you to configure the alert system to be received by a specific security officer.

InfoWatch Traffic Monitor Enterprise Appliance

InfoWatch, a developer of solutions for protecting against leaks of confidential information, announced in February 2013 the launch of the InfoWatch Traffic Monitor Enterprise Appliance. The product is designed for medium-sized businesses and branches of large corporations and is easily integrated into the organization's infrastructure without additional software installations and settings .

InfoWatch Traffic Monitor Enterprise Appliance consists of software and hardware optimized for maximum collaboration. This complex eliminates the need for time and resource costs of the client for selecting equipment and installing software.

The hardware component is based on Hewlett-Packard and Fujitsu Technology Solutions servers and is optimized for working in a network of enterprises with up to a thousand employees. Equipped with a dual-port network card with bypass mode, it allows you to connect the InfoWatch Traffic Monitor Enterprise DLP system in traffic copy mode, which ensures uninterrupted network operation.

The product is delivered in a fully operational state with a maximum set of components. The Administrator Web Console provides quick and easy access to the following features:

• Setting product network settings and system service monitoring settings
• collection of diagnostic information (system configuration, status, errors, etc.) by pressing one button;
• license management;
• Install product updates with support for reverting to previous version settings
• View the status of the basic system parameters.

"We believe that information security solutions should be functional and convenient for the customer," says Konstantin Levin, Sales Director at InfoWatch. "The advantage of the new product is that it allows you to implement a project for the implementation of a fully functional DLP system in the shortest possible time, taking into account the specifics of the client industry: information security policies and categories of tracked information are focused on data types that are sensitive and specific to the area of ​ ​ work of the organization."

2012

Integration with STC Voice Monitor

The Center for Speech Technology (CST) introduced in September 2012 a new STC Voice Monitor solution based on speech technology, which allows the company to control leaks in the voice channel. Thanks to the technologies of searching for keywords in the audio stream, recognizing topics and identifying identities by voice, you can automatically monitor the voice channel.

InfoWatch and the Voice Technology Center presented in the fall of 2012 a joint solution for automated control of compliance with security policies when using voice communication tools. The solution is aimed at specialists of information and economic security services, quality control departments, service divisions. The main idea of ​ ​ integration is a combination of the advantages of the InfoWatch Traffic Monitor Enterprise DLP system and the STC Voice Monitor.

Until recently, voice communication was a virtually uncontrolled channel of information transmission. Enterprise security systems, including DLP solutions, could not prevent the leakage of critical data if this data was transmitted by voice during video conferencing sessions, telephone conversations using landline and mobile phones, via Skype.

The integration of InfoWatch and Speech Technology Center developments allows you to "close" this channel. Voice traffic is recorded by STC Voice Monitor. Next, the system converts it into text, searches for keywords specified by general security policies, determines the subject and author of the message. Voice traffic is then returned to InfoWatch Traffic Monitor Enterprise as text. The DLP system uses linguistics to analyze the text for confidential information in the transmitted messages. A copy of the traffic (files with service labels - subject, message author, keyword occurrence) is saved in the InfoWatch Traffic Monitor (Forensic Storage) store.

Dmitry Dyrmovsky, director of the Moscow branch of the Center for Speech Technologies, notes that the reliability of the technology for converting voice traffic into text is up to 85%, and the accuracy of identifying the author of the message using the existing voice pattern is 97%: "At the moment, there are no other automated solutions that allow controlling voice traffic within companies. And you need to control it automatically, since the average company with a staff of 350 people per month generates 500 or more hours of telephone conversations. Listening to this "manually" is simply impossible. "

The STC Voice Monitor software solution is integrated into the corporate infrastructure, compatible with the communication equipment of leading manufacturers - Cisco, Juniper, Avaya.

2011

InfoWatch Traffic Monitor Enterprise 3.5

InfoWatch Traffic Monitor Enterprise 3.5 is a modular solution that allows you to monitor data sent outside the corporate network (via mail systems, web, messaging systems, printed or copied to various I/O devices). The product implements the function of blocking the transfer of information in case of security policy violations. The solution also allows you to analyze data and ensure its storage with the possibility of conducting investigations.

• In January 2011, it was announced that it had received FSTEC Certificate No. 2226, according to which InfoWatch Traffic Monitor Enterprise was recognized as a software means of protecting against unauthorized access to information on level 4 of control and technical conditions for the absence of undeclared capabilities. The certificate assigned by FSTEC allows you to use InfoWatch Traffic Monitor Enterprise when creating systems up to and including 1G security class, as well as to protect personal data up to and including class 1.

• In May 2011, it announced the completion of certification tests, as a result of which the InfoWatch Traffic Monitor Enterprise Edition software package received a positive conclusion confirming compliance with the requirements of the TNPA (technical regulatory legal acts) of the Republic of Belarus. The assigned certificate allows you to use "InfoWatch Traffic Monitor Enterprise" in the information protection systems of the state information systems of Belarus, as well as information systems containing information, the distribution and/or provision of which is limited in accordance with the current legislation of the Republic.

InfoWatch Traffic Monitor Enterprise 3.5 provides full integration with Active Directory, 2x product performance, improved reporting and interface, enhanced search capabilities and much more.

The new version of the product allows unified user identification, regardless of which channel was used to send the message. At the same time, for each employee, a detailed card is created in the system containing personal and contact information (for example, corporate email address, UIN in any instant messaging system, his personal email address and other parameters). This makes it possible to analyze all the actions of a particular employee (for example, if the system detected suspicious transactions with corporate information: sending confidential information to irrelevant recipients, copying to removable media, and much more).

InfoWatch Traffic Monitor Enterprise 3.5 also expanded search functions: employees' personal cards increased the number of search criteria, which allowed for greater accuracy and flexibility in analyzing search results. Through Active Directory integration in Traffic Monitor Enterprise 3.5. You can automatically import detailed employee cards and user group lists, and automatically configure areas of responsibility.

Thanks to technical improvements to the ICQ interceptor, the new version of the product has improved monitoring and analysis of traffic sent via HTTP (including the ability to intercept files, as well as information sent using the SMS-over-ICQ function). In addition, the interface has been updated in the product - now it has become even more convenient and friendly.

InfoWatch Traffic Monitor 3.4

The changes made to the new version of the product made it possible to improve it both in terms of ease of use (thanks to a more friendly and intuitive interface) and from the functional side, by expanding the system's capabilities for intercepting and analyzing monitoring objects in the Open Source document format (files with the extension ODT, ODS, ODP).

Among other new options that improve the usability of the system are visual typical reports with the display of intercepted objects in the form of graphs and diagrams. In addition, InfoWatch Traffic Monitor 3.4. changed the detailed view of the object, which now includes information about the content of the object, content analysis results, and displays this data as an xml context tree.

In addition, InfoWatch Traffic Monitor 3.4 is distinguished by the presence in the management console of a pre-installed "Security Officer" role, which has all privileges, except for managing users and roles. Also, the product adds the ability to save the context of the intercepted object to disk and preinstalled 2 groups of tags - "File Types" and "Web Resources," which allows you to determine at first glance the contents of attachments (music, video, image, etc.) and sites to which HTTP requests are sent (blogs, job search sites, etc.).

2010

October 19, 2010 It was announced the expansion of the InfoWatch Traffic Monitor - Content Filtering Base (BKF) components. BKF is the core of our own technology of linguistic analysis and is used to categorize information and detect confidential data in the company's information flows. The capabilities of the updated content filtering base from now on allow solving problems of both corporate and state scale, for example, such as compliance with the implementation of the legislation of the Russian Federation to combat extremism, corruption activities, to counter the spread of narcotic drugs, pornographic products, etc.

The severity of these questions is evidenced by inexorable statistics: in the period from 2008 to 2009, the number of extremist sites in Runet increased 5 times! According to the data published on the website of the Russian newspaper, our country ranks second on the Web after the United States for the distribution of pornographic sites! The situation with corruption in Russia, too, unfortunately, leaves much to be desired.

It is no secret that quite often illegitimate content is distributed by employees of companies at the expense of the employer. Exactly with this threat and fights InfoWatch Traffic Monitor. InfoWatch content filtering databases that have no analogues in the world allow you to regulate the circulation of such illegal information. The BKF data contains more than 4,000 terms, distributed in categories such as corruption, drugs, terrorism, prostitution, pornography, etc. Using these databases, you can identify both certain terms and complex word chains in the organization's information flows, as well as categorize the data obtained by areas: for example, extremist information, data on corruption activities, information related to the spread of pornography, drugs, etc.

Despite the fact that most of this kind of information is not specially created in organizations and is not stored in certain places on the corporate network, but is created spontaneously by cybercriminals and almost immediately leaves the organization for the outside world, the only way to track and stop the use of company resources for illegal purposes is to analyze information online using InfoWatch linguistic technologies.

InfoWatch Traffic Monitor Standard

InfoWatch Traffic Monitor Standard Appliance is a comprehensive software and hardware solution for medium-sized businesses and branches of large companies (50-300 employees). The solution is designed to monitor and protect corporate information from leakage or unauthorized dissemination. The product offers a wide range of functionality, ease of installation and maintenance, and an ideal price-quality ratio for midsize companies.

InfoWatch Traffic Monitor Standard monitors, filters, analyzes and stores data transmitted using SMTP (corporate mail), HTTP (web resources) and messaging systems (ICQ, etc.). The solution is focused on small and medium-sized businesses.

The solution is developed on a single technology platform with the flagship product InfoWatch Traffic Monitor Enterprise, the high efficiency of which is confirmed by numerous successful projects in large companies.

InfoWatch Traffic Monitor Standard will replace InfoWatch Data Control 2.0 in early 2011. At the same time, the product will have new functionality implemented in InfoWatch Traffic Monitor Enterprise 3.4, such as an improved reporting system that provides visual and detailed statistics on Internet use, and also allows you to conduct a retrospective analysis of information flows. In addition, the modified integration scheme with Microsoft Active Directory provides advanced options for configuring information security policies.

InfoWatch Traffic Monitor и Lumension Device Control

The product provides complete control over the circulation of confidential information, including centralized management of the use of removable media - the most typical route of information leakage from the corporate network.

The solution monitors and analyzes data sent outside the corporate network through mail systems, web, messaging systems, printed or copied to removable media. The product also allows you to enforce corporate security policies by blocking unauthorized employee actions. The centralized storage and categorization of the collected data in a single, unaltered archive allows subsequent analysis and, if necessary, collection of the evidence base in the event of a litigation.

Notes