InfoWatch Vision

The main articles are:

• Security Information and Event Management (SIEM)
• Big Data

InfoWatch Vision is a tool for visual analytics of information flows in real time. The technology can be used to conduct investigations in the field of information security of organizations.

2023: InfoWatch Vision 2.8 with Improved Link Graph

On February 28, 2023 InfoWatch Ledger , they announced the release of the next version of DLP InfoWatch Traffic Monitor the 7.6 system, as well as update InfoWatch Prediction 2.2 and InfoWatch Vision 2.8, which use InfoWatch predictive visual analysts Traffic Monitor 7.6 and other InfoWatch products for DLP systems and data.

Improved the usability of the link graph in InfoWatch Vision version 2.8. The link graph clearly shows the movement of messages between employees of the organization, now you can view the details of the event without going to InfoWatch Traffic Monitor. This applies to both mail correspondence and communication in instant messengers, information about which is now more detailed. The communication graph allows you to track in which chronological sequence the data moves along routes. When selecting any individual event, the corresponding edge on the column is highlighted. This allows you to quickly determine which employee started the file movement, and which employee was involved in the incident.

In addition, this version has a widget "User Decision," which allows you to assess the load of the information security department, systematically generating reports on the number of violations and legitimate events, and also shows how many of them have been processed or require additional actions by specialists.

With this information, it will become easier for information security managers to calculate the workload on the team, plan the work of personnel and assess the effectiveness of the DLP system as a whole, believes Rustam Farrakhov, Director of the Product Development Department of InfoWatch Group of Companies.

Read more here.

2022: InfoWatch Vision 2.3 with the ability to customize the composition of widgets and filters

On November 22, 2022, the GC InfoWatch announced the release of an updated version of its products for visual the and - predictive analytics data DLP system: InfoWatch Traffic Monitor InfoWatch Vision and. InfoWatch Prediction

The updated InfoWatch Vision takes into account the needs and trends of the market, including automation of information security services and increased decision-making speed. Among the changes: updated capabilities for working with risk groups and support for installing all InfoWatch products on one server.

The InfoWatch Vision product is designed for visual analysis of data DLP the -system and speeding up the investigation of incidents. information security Changes in the updated version of the product affected the visualization of the intensity of communications and the representation of the graph. In communications particular, the thickness of its edges now varies depending on the intensity of communications between nodes - this allows you to clearly determine which employees are most characteristic of this or that type of communication, and identify existing anomalies. Also, directly on the link graph, without going to other windows and without losing the context of the investigation, the user can see through which channels, in which time and what correspondence was conducted. The use of this version allows you to find out in detail about information the devices on which it is copied information from workers (computers displaying USB devices on the link graph). For greater convenience of the information security services, it became possible to search for events and view statistics on safety the verdicts made by the officer: "violation," "no violation," "no decision has been made," "additional processing is required." This will help you monitor the work of employees and their load, as well as adjust the setting. security policies

The presentation of big data in a visually understandable form "on the fly" allows you to analyze statistical slices and communication paths even in companies with tens of thousands of employees. The ability to customize the composition of widgets and filters provides the flexibility of the solution and the ability to use InfoWatch Vision as a single operational workplace for an information security specialist to protect against leaks. Point-and-click mechanics allow you to move almost instantly between different data slices and different views - statistics, a graph of connections, a dossier on employees and the events themselves, noted Rustam Farrakhov, Director of the Product Development Department of InfoWatch Group of Companies.

InfoWatch Vision and InfoWatch Prediction support domestic operational systems, as well as are closely integrated with each other and the InfoWatch Traffic Monitor DLP system, installed on one server, which optimizes equipment resources.  Read about the changes to the InfoWatch Prediction product here.

2021: InfoWatch Vision 2.3

On May 20, 2021, InfoWatch announced the release of the next version of the visual analytics system expanding the scope of DLP systems, InfoWatch Vision 2.3. The product visualizes a large array of DLP system data online, making it understandable and user-friendly.

In version 2.3, the set of available scenarios for investigation of information security incidents has been expanded and the function of delimiting access rights for employees has appeared. Also, as part of the release, the user interface of the system has been modernized, supplemented with new widgets and filters that make it faster and easier to extract the necessary information from a large array of data.

The use of InfoWatch Vision 2.3 reduces the time required to process incidents and test information security hypotheses, monitors the routes of information movement inside and outside the company, and simplifies the detection of atypical communications between departments and employees in different positions.

An important difference in version 2.3 was the possibility of distinguishing the rights of information security employees and related departments depending on the tasks performed - thus, access to work with data is provided in full accordance with the position and duties of employees. The function is especially useful in the case of a geographically distributed, branch-office structure of organizations with a large number of subsidiaries and dependent enterprises. This feature also allows you to strengthen the importance of information security for business. For example, providing access to economic security or HR provides an opportunity to effectively manage a company's risks.

Enhanced control of "gray zones" is provided by visualizing information flows, which allows you to identify atypical connections and suspicious activities between departments and individual employees to verify the legitimacy of the exchange of confidential information. The transition to the required level of detail by company, branch or employee is carried out in a single information space.

The security services of large, multifilial organizations, the system allows you to quickly analyze incidents and their surrounding context, taking into account all the details associated with them.

"Working on version 2.3, we were guided by the needs of our customers, so InfoWatch Vision 2.3 in its current form is a visual system that meets modern market requirements. analysts big data Where convenience comes first when obtaining an objective picture, information security events taking place in the company and, as a result, the efficiency of making the right decisions to prevent information security risks. The visual analytics tool helps information security specialists to be not a center of defense costs, but an important link supporting the adoption of management decisions in related divisions of the company, "said the Stepan Deshevykh head of the product development department of InfoWatch Group of Companies.

The interface has been improved in terms of the mechanism for cleaning and removing filters, clarifying search criteria from widgets and a list of events, displaying contacts from events in a pop-up window about personality, and also simplifying the copying of text attributes for searching on third-party systems.

2019: InfoWatch Vision 2.0

In August 2019, InfoWatch, a Russian developer of innovative software products and complex solutions for information security of organizations, released a new version of the InfoWatch Vision 2.0 product.

As part of the product release, functionality has been expanded, usability has been improved and system performance has been significantly increased, which significantly reduces hardware requirements and simplifies implementation in large territorial-distributed companies.

InfoWatch Vision is a visual analytics system that expands the scope of the InfoWatch Traffic Monitor DLP system. This version is distinguished, first of all, by increased performance: now operational data processing is possible in corporate networks up to 100,000 workstations, which seriously affects work across organizations. InfoWatch Vision 2.0 is a completely domestic solution developed on the basis of its own technologies. "Our company pays great attention to tools that allow us to build efficient work with big data processed by the DLP system. The ability to quickly get a visual picture of the information security processes taking place in the company brings business to a qualitatively new level of management, "said Andrey Arefiev, Head of Product Development at InfoWatch.

Vision 2.0 has increased the number of nodes displayed on the link graph. This increases the convenience of working with the count and opens up new opportunities for the security officer. For example, a security officer may display a communications map for entire units or selected groups of employees to identify atypical interactions. In addition, the security officer can route the selected information in order to identify all suspicious activities or understand how the DLP system policies correspond to the current business processes of the company. Thus, improved visualization of information flows helps to strengthen control over "gray zones" and reveal hidden patterns and "insights."

Expanded functionality for working with employee files, which allows you to consolidate in one place all relevant information about the employee, his activity profile and circle of communication. Thus, security officers are provided with an effective tool for interaction and collaboration as part of incident investigation. According to Andrei Arefiev, "conducting an investigation on a specific incident can be a rather long process and it is important for a security officer to have a convenient tool for accumulating and systematizing all the facts discovered. Vision 2.0 allows you to accumulate information about all identified incidents in the employee's file, as well as supplement it with information from external systems. When making decisions, the "dossier" helps to look at the picture as a whole, including taking into account retrospective data. In addition, security officers are given the opportunity to share information as part of joint investigations, which is especially relevant for large organizations. "

2016: InfoWatch Vision 1.0

On November 1, 2016, InfoWatch announced the release of InfoWatch Vision 1.0.

The software product provides the information security specialist with tools for visual analysis of the company's information flows and is focused on identifying incidents in the field of information security, including those that are not violations in terms of security policies in the organization. According to the developers, the solution will help the information security specialist in making decisions during the investigation, providing additional data on requests based on all stored information about information security events.

InfoWatch Vision Architecture, (2016)

InfoWatch Vision consists of four functional modules:

• summary,
• link graph,
• file
• Report Designer.

The modules are mutually complementary, helping in the analysis of the company's information flows by a single data slice through built-in data visualization mechanisms and filtering elements. If you use one or more filters on the selected block, the solution automatically rearranges all other modules.

Sergey Malyarov, Product Development Manager of InfoWatch Group of Companies' System, as it were, predicts the questions that an information security specialist can ask at the next moment. The solution provides data not only strictly on a given request, but also additional information that helps to conduct the investigation. In addition, InfoWatch Vision allows you to control the "gray areas" of the company's information flows, identifying events that are atypical for the organization processes and abnormal behavior of employees.

The security summary is designed to assess the level of information security in the company. The module helps to perform retrospective analysis by detecting anomalies in information flows and can serve as a starting point in the conduct of investigations.

The link graph is designed to analyze information flows that arise within an organization and when interacting with external counterparties. Interactive decision mechanisms help to visually visualize information flows generated by employees in various aspects of information security in real time.

Sheets, Summary, Link Graph and Dossier, (2016)

The interactive dossier contains consolidated data for each employee or external contact of the organization, allowing flexible filtering of data according to various criteria, helping to move to another dossier from the link graph built into the dossier card.

The report designer assists in the structuring and preparation of information obtained during the investigation in the form of a single document.

The first version of the product integrates with the DLP product InfoWatch Traffic Monitor and takes into account the logic of the original data source.