Translated by

InfoWatch Vision

The name of the base system (platform): InfoWatch Traffic Monitor Enterprise (IWTM)
Developers: InfoWatch
Date of the premiere of the system: November, 2016
Last Release Date: August, 2019
Technology: ITSM - Management systems for IT service

InfoWatch Vision is the tool of visual analytics of information flows in real time. The technology can be used for conducting investigations in the field of information security of the organizations.

2019: InfoWatch Vision 2.0

In August, 2019 InfoWatch, the Russian developer of the innovation software products and complete solutions for information security of the organizations, released the new version of the product InfoWatch Vision 2.0.

Within product release advanced functionality, the usability is improved and system performance is many times increased that considerably reduces requirements to the hardware and simplifies implementation in the large geographically distributed companies.

InfoWatch Vision represents the system of the visual analytics expanding a scope DLP- systems InfoWatch Traffic Monitor. Given the version the increased performance distinguishes, first of all: now operational data processing is possible in corporate networks to 100,000 workstations that it seriously influences work in scales of the organizations. InfoWatch Vision 2.0 is completely domestic solution developed based on own technologies. "Our company pays much attention to the tools allowing to construct effective work with the Big Data processed by a DLP system. Capability quickly to receive an evident picture of the processes happening in the company connected with information security bring business to qualitatively new level of management", - notes Andrey Arefyev, the head of development of the products InfoWatch.

In Vision 2.0 the quantity of the nodes displayed on a bond graph grew. It increases convenience of work with the graph and opens new opportunities for the security officer. For example, the security officer can display the card of communications for the whole divisions or the selected employee groups with the purpose to reveal atypical interaction. Besides the security officer can construct a route of movement of the selected information to reveal all suspicious activities or to understand as far as politicians of a DLP system correspond to the current business processes of the company. Thus, the improved visualization of information flows helps to strengthen control of "gray zones" and to reveal the hidden patterns and "insights".

Advanced functionality on work with the file of employees which allows to consolidate all significant information on the employee, a profile of its activity and a circle of contacts in one place. Thus, security officers are provided with the effective tool for interaction and joint work within investigation of incidents. According to Andrey Arefyev, "conducting investigation on a specific incident can be rather long process and it is important to security officer to have the convenient tool for accumulation and systematization of all detected facts. Vision 2.0 allows to accumulate information on all revealed incidents in the file of the employee and also to supplement it with information from external systems. At decision making of "file" helps to look at a picture in general, including taking into account retrospective data. Besides, security officers have an opportunity to communicate within conducting joint investigations that is especially relevant for the large organizations".

2016: InfoWatch Vision 1.0

On November 1, 2016 the InfoWatch group announced release of the solution InfoWatch Vision 1.0.

The software product provides to the cybersecurity specialist tools of the visual analysis of information flows of the company and is focused on identification of incidents in the field of cybersecurity, including — not being violations in terms of security policies in the organization. According to the statement of developers, the solution will help the cybersecurity specialist with decision making at investigation, providing on the basis of all stored information on cybersecurity events optional data on requests.

Architecture of InfoWatch Vision, (2016)
Architecture of InfoWatch Vision, (2016)

InfoWatch Vision consists of four functional modules:

  • report,
  • bond graph,
  • file
  • designer of reports.

Modules mutually supplement each other, helping with the analysis of information flows of the company on a uniform cut of data by means of the built-in mechanisms of data visualization and elements of filtering. When using in respect of the selected block of one or several filters, the solution automatically rebuilds all other modules.

Sergey Malyarov, the manager on development of products of InfoWatch Group
a System kind of foresees questions which the specialist in cybersecurity can set at the next moment. The solution provides data not only strictly on the set request, but also the additional information which helps to conduct investigation. Besides, InfoWatch Vision allows to control "gray zones" of information flows of the company, revealing the organizations of an event, atypical for processes, and aberrant behavior of employees.

The report of security is intended for assessment of level of information security in the company. The module helps to make the retrospective analysis revealing anomalies in information flows and can serve as a starting point in conducting investigations.

The bond graph is intended for the analysis of the information flows arising in the organization and in interaction with external partners. Interactive mechanisms of the solution help to provide in real time visually the information flows generated by employees in different aspects of cybersecurity.

Sheets, Report, Bond graph and File, (2016)
Sheets, Report, Bond graph and File, (2016)

The interactive file contains the consolidated data on each employee or external contact of the organization allowing flexible data filtering by different criteria, helping to pass into other file from the file of a bond graph which is built in a card.

The designer of reports assists in structuring and preparation of information obtained during the investigation in the form of the uniform document.

The first version of a product is integrated with DLP- a product InfoWatch Traffic Monitor and considers logic of work of initial data source.