Makves DCAP (Data-Centric Audit and Protection)

The main articles are:

• DCAP Data-Centric Audit and Protection
• DLP - Data Loss/Leak Prevention

MAKVES DCAP (Data-Centric Audit and Protection) is a system for auditing and managing information assets. Included in the register of domestic software. The system collects information about the information resources of the organization and identifies potential problems related to storage and access to data. It is used to protect data from leakage or inappropriate access, suitable for the category of GDPR, FZ-152, trade secrets.

2024

Compatible with Astra Linux Special Edition 1.7

Astra Group continues to develop an ecosystem of compatible technologies and on March 25, 2024 announced the completion of the verification of work in the OCAstra Linux Special Edition 1.7 environment of the Russian audit and management system of corporate Inforesources Makves DCAP. Experts were convinced that the software stack works correctly and stably, and its functionality is available in full. The joint solution is officially certified under the Ready for Astra technology partnership program.

Ensuring a high level IT of security is traditionally one of the priorities for many state and private organizations. The more secure the infrastructure and data its contents, the more the customer can focus on what is important for business development rather than reducing the cost of risk management resources. Therefore, we pay considerable attention to establishing the trouble-free and correct operation of Astra OS Linux and our other products with the solutions of our colleagues in -. INFORMATION SECURITYindustries Makves DCAP certification ON under the Ready for Astra program is important positive news for our users: now they have even more opportunities to build just such a protection system that will meet their individual needs as much as possible, "said Alexey Trubochev, director of the support department of Astra Group.

Red OS Compatibility

Makves and Red Soft announced product compatibility on February 29, 2024. The use of the audit system and management of information resources of the enterprise Makves DCAP on the operating system Red OS will allow customers to comply with the requirements of Russian legislation on import substitution and improve the effectiveness of corporate data protection.

Based on the tests, the Makves DCAP software product is recognized as fully compatible with the operating system, all the functionality of the solution is available to Red OS users. Customers will now be able to strengthen data protection within the perimeter of the organization.

Partnership with Red OS is a logical step for the development of Makves software products, associated with the active introduction of domestic operating systems among our customers. We provide only compatible tools for correct work in the customer infrastructure, - Dmitry Petushkov, Development Director of Makves, commented on the event.

Makves DCAP 4.3 with improved classification of sensitive data

Makves has updated the Makves DCAP 4.3 Information Asset Audit and Management System. The company announced this on February 1, 2024. The updated version helps to minimize the risks of confidential data leakage, allows you to improve the effectiveness of incident investigation. The developer has improved the file audit and event configuration module, improved the classification of confidential data, and increased the speed of detecting threats related to access and user rights.

Makves DCAP continues to improve file audit - now the system can more accurately configure the classification of confidential data. In this release, you can view diagrams and drawings in DXF format. The option to read and inspect the MSIP (Microsoft Information Protection) and Titus labels allows you to increase the efficiency of indicating and tracking sensitive content in documents.

Finding and recognizing encrypted files helps the service information security minimize the risk of critical loss information when the user stores potentially suspicious files on encrypted files the work floor. computer

This version of Makves DCAP has a long-term event archive. You can now customize event storage settings to fit your IT infrastructure - for online and archival investigation. This has improved system responsiveness for large customers.

Setting up event change history tracking improves the effectiveness of incident investigations. In the system, you can create casts for all objects and events with them.

The updated version of Makves DCAP has improved user behavior analysis, which improves the accuracy of system recommendations. The Profiling tab for user cards provides detailed information about employee activities and connections. Atypicity markers based on recent events have also been added.

The progress and performance of the data analysis are displayed in the interface of the Makves DCAP 4.3 system. So the process becomes more visual.

Also available are inspecting attached files from the Atlassian Jira task tracker and sections of the Atlassian Confluence wiki system, creating reports on all administrable objects, and Kerberos authorization on network storage.

2023

Certification in the Republic of Belarus

On October 31, 2023, Makves announced certification at the Operational and Analytical Center under the President of the Republic of Belarus for the audit and management of information assets Makves DCAP. The solution will be applied for data protection in commercial and government organizations.

The issued certificate confirms that the Makves DCAP system fully meets the declared characteristics, meets the requirements of regulatory documents in the field of data security and can be used as part of non-state and state information systems, with the exception of class 1 in accordance with STB 34.101.30-2017.

The Makves DCAP software has been tested according to the requirements of the technical regulations of the Republic of Belarus "Information Technologies. Information security tools. Information Security "(TR 2013/027/BY) and received Certificate of Conformity No. BY/112 02.02. TR027 036.01 00967 of 24.10.2023. The document is posted on the website of the certification body.

A set of works for conducting certification tests of the product was carried out by the laboratories of Security Lab LLC and ITTAS LLC. The testing confirmed that the Makves DCAP solution meets the requirements of the Republic of Belarus in the field of information security.

Recently, we have noted an increased interest in our product on the territory of the Republic of Belarus. In this regard, it was decided to obtain a certificate of conformity in order to offer our partners and customers a mature and already proven DCAP solution on the Russian market, "commented Dmitry Petushkov, Director of Development at Makves.

Makves DCAP 4.1 with NetApp DSS Audit Support

On August 31, 2023, the Russian developer Makves presented an updated version of the Makves DCAP 4.1 information asset audit and management system: the file audit module was improved, support for new information assets was added and system performance was improved.

The file audit in Makves DCAP has become even more accurate and high quality. Now it is possible to view text from the archive in the "Content" tab and extract texts from MSG, EML and PST files. The function of determining text entities in inspected files that comply with international and state regulatory standards has become available. This allows you to quickly find data of a particular security category.

This version of the product supports more than 10 additional verification algorithms for verification of bank and registration data: Luhn, IBAN, SNILS, TIN and others. Thanks to this, it was possible to reduce the number of false positives by 10 times, which increases the accuracy of the analysis and significantly reduces the load on the security officer.

The File Operation Audit Engine, based on the file system driver, significantly improves the accuracy of file resource event analysis.

Makves DCAP 4.1 has the ability to separately install the agent and the Makves server. Agents can be managed either directly from the console or from the main Makves server. This event collection option is faster and allows you to more accurately distribute the server load.

Makves DCAP 4.1 adds support DSS NetApp for FPolicy auditing and auditing file operations on SMB/NFS shared folders through the SPAN mirroring mechanism. Now Makves DCAP can audit any DSS, regardless of the manufacturer.

2022: Makves DCAP 3.0

On February 14, 2022, Makves introduced an updated version of the Makves DCAP 3.0 information resource audit and management system.

According to the company, the solution helps to ensure data protection, control and eliminate risks associated with storage and access in the corporate environment. Updated features of Makves DCAP 3.0 include:

• Support for Linux operating systems - Ubuntu 18, Ubuntu 20, Astra Linux Orel, Alt Linux P10;
• Managing access rights to files and folders directly from the system interface;
• Modeling the consequences of changing access rights;
• Updated report visualization capabilities - customized dashboards, file summary report detail, file, user and computer statistics detail, storage growth report;
• Incident Notification Management;
• Ability to exclude service and other events from analysis using filters;
• Configure security policies for users, computers, and mailboxes;
• The ability to download files for analysis using a direct link;
• Update and enrichment schedule management; data
• Sending notifications to Slack, Telegram;
• Jatoba DBMS support;
• The speed of the system and reporting is increased by 4 times due to the use of version PostgreSQL 14.1 and TimescaleDb.

Makves DCAP analyzes access to a specific resource - file or folder. The detailed list displays the access levels to a specific file, the inheritance of rights for which access is available and the level of risk associated with the granted access, recommendations for fixing problems with each individual right or the entire file. In the updated version of the system, you can prevent or change access to the resource directly from the system interface for a user or group of users.

Changing Folder Access in the Makves DCAP Interface

With the sandbox feature, you can check how changes to file or folder rights will affect and avoid negative consequences for the customer's business processes.

Customize customized dashboard in Makves DCAP

Makves DCAP allows you to create customized summaries for a specific customer task and control all objects of interest to him within a single dashboard. With the help of the designer, you can add up to twenty widgets to a single summary panel.

The current version of the system implements a summary report on files, which allows you to obtain detailed information on duplicates, files in the public domain, including information regulated by standards, as well as a report on suspicious file owners.

The detailed report on information regulated by standards displays detailed information about documents that comply with a particular standard, as well as keywords and data in the file, according to which the information was identified as confidential.

The Suspicious Owners report shows whether users whose ID is unknown in the domain, as well as users who have not logged in or are disconnected for several months, are found in file access rights.

Suspicious Owners report in Makves DCAP

Makves DCAP helps optimize information resources by detecting duplicates and non-human files on storage. The updated version of the system implements a storage growth report, which records information on the time when files were created. The report helps to spread the burden on the company's information resources.

When registering an incident, as well as processing it, the system sends notifications to department employees information security in the console, on e-mail or in. messengers With a large number of analysts security incidents, they see too many events, sometimes this can negatively affect the effectiveness of the department. Setting up incident notification logic allows you to organize the work of the information security department in accordance with the features of the business process.

Makves DCAP collects information about events, Active Directory file operations, user authorization, mail actions. Using filters to exclude service events (proxy logs servers or) from the database CRM allows you to concentrate on analyzing important events and optimize its performance.

Makves DCAP provides subtle security policy settings for individual folders. When you configure updated rules, the folder will not fall within standard policies. Using the setting, you can restrict access to a file that contains sensitive information, even if it accidentally ends up in a shared folder.

The updated version of Makves DCAP has policy settings for users, computers, and mailboxes. This security policy setting allows you to configure access to specific information resources for specific users or groups of users.

2021

Makves DCAP 2.5.1: Emergence of anomaly detection mechanism and optimization of access analysis

On August 13, 2021, the Russian developer of monitoring and auditing systems for information resources Makves announced additional capabilities of the DCAP system.

Makves DCAP has expanded functionality in terms of detecting abnormal user activity and analyzing access to corporate resources.

Makves DCAP Features v2.5.1:

• added an anomaly mechanism that displays critical deviations in the number of events per day;
• added an index of atypical behavior and user parameters;
• added a map of user parameters and behavior;
• optimized analysis of user access to company resources.

Mechanism of anomalies

Abnormal behavior includes connecting to a network outside of working hours, time trying to connect to resources to which the user is not allowed by official duties, as well as bulk downloading, deleting or changing. files

Identification of deviations from the norm of user behavior may be the reason for further investigation and is recorded in the section Anomalies of the DCAP system.

To display the dynamics of abnormal activities in Makves DCAP, use the table of critical deviations of the number of events in the day segment.

Anomalies in the daytime

Atypicity index

Makves DCAP monitors user access to devices, files, and mailboxes. Based on the data obtained using anomaly detection algorithms, the system builds an atypicity index for each user. This allows timely detection of suspicious activity and prompt administrator response.

Atypical index of user actions

User map

A map of user parameters and behavior has appeared in the system, which displays the level of atypical activity. The operator can pay attention to users with a high degree of atypicity and take appropriate measures - initiate a password change for the user, restrict access to certain resources, block the user, and so on.

Access analysis

Makves DCAP optimizes the analysis of access to a specific resource - file or folder. A detailed list with configurable filters that displays access levels to a specific file, inheritance of rights, e-mail addresses of users for whom access and risk factor are open can be exported from the console.

Access List Detail

The appearance of thin security policy settings for individual folders

The Russian developer Makves on May 13, 2021 announced that it had released an updated version of the Makves DCAP information asset audit and monitoring system. As part of the product release, the functionality of the product has been significantly expanded.

DCAP (Data-Centric Audit and Protection) solutions are used to audit data in the IT infrastructure. The DCAP system helps you identify violations related to storage and access to sensitive data and control the change in the contents of files and folders.

Makves DCAP in real time monitors and records all the main actions of users - reading, modification, copying, deletion. One of the advantages of the Makves DCAP version is continuous control over all system events bypassing EventLog.

In a typical company IT infrastructure, users with administrator privileges have the ability to view event history and clear the EventLog. In case of compromise of the administrator account or its unauthorized actions, the event history can be changed. You can also change the audit policy under the administrator account and stop the EventLog from recording unauthorized activity.

Using event monitoring, the DCAP operator will immediately receive a notification in the console and in email, even in the event of unauthorized actions by the administrator.

This version of the product has thin security policy settings for individual folders. With their help, you can restrict access to a file that contains confidential information, even if it accidentally ends up in a shared folder. When setting up rules, the folder will not fall within the framework of standard security policies, which helps you respond quickly to incidents.

The updated Makves DCAP also adds features for detecting non-inheritable access rights and the ability to display the contents of available files in the console. The detailed statistics on events and anomalies have been expanded, the speed of reporting has been increased, and the ability to configure scheduled reports has been implemented.

Makves DCAP is included in the Register of the Ministry of Telecom and Mass Communications of domestic software.

2020

Release of the next version of the Makves DCAP system: enhanced functionality, increased performance

On May 27, 2020, Makves announced the release of the next version of the Makves DCAP Information Asset Audit and Management System. As part of the product release, the functionality of the system has been expanded, its performance has been increased, and the user interface has been improved.

Makves DCAP, as a solution to the Data-Centric Audit and Protection class, solves two main problems:

• Identifies and stops overstating access rights to confidential documents.
• Identifies file owners and maintains data privacy within the corporate network.

The efficiency of the DCAP system is largely determined by the set of dictionaries that the system refers to when analyzing data (when searching for and identifying confidential information within the corporate network). In the next version of Makves DCAP, "secret" and GDPRBank "Medical secret" are added to existing standards (152-FZ,, PII, etc.).

The changes included in the release will help increase the productivity of the system operator. A tiered search system, simplified navigation between objects and pre-installed filters will save time when searching and analyzing large amounts of data.

The release has an additional point for monitoring the activity of employees on the network - an anomaly detector based on behavioral analysis of users. The absolute advantage of the next version is the ability to calculate the "Effective File Owner." With this feature, system administrators will be able to identify "unnecessary" access rights to sensitive documents.

The Makves DCAP system is software the Russian a development and became the first DCAP system included in the Register (Ministry of Digital Development, Communications and Mass Media Register of the Ministry of Telecom and Mass Communications of the Russian Federation dated 07.04.2020 No. 162 [161528])

Key features of the system:

• Define file access rights. Identifying access to other people's mailboxes, reading other people's letters.
• Search for duplicates of sensitive files with access violations.
• Activity history with files and folders (who, when he created, changed, deleted).
• Categorize files for compliance with standards (152-FZ, GDPR, PCI DSS, etc.).
• History of changes in the rights of users and groups in AD (who, when, what he did).

What makes Makves DCAP business:

• Audit of personal data to comply with FZ-152 requirements.
• Monitor network storage for junk information (movies, music, etc.).
• Identify unauthorized access to files within the network.
• Control access to other people's mailboxes, reading someone else's mail.
• Understanding the employment of employees during the day: the beginning and end of active activity, the average daily amount of work (processed letters and files).
• The ability to make sure that after returning personnel to offices, their access rights returned to "pre-quarantine" settings.
• Help in detecting attacks by ransomware viruses and spammer viruses.
• Help in eliminating the consequences of ransomware and ransomware attacks.

Inclusion in the Unified Register of Russian Programs

On April 8, 2020, Makves announced the inclusion of the MAKVES DCAP information asset audit and management system in the Unified Register of Russian Programs for Electronic Computers and Databases. The register of Russian software also includes the Makves IRP incident management system.

The decision was made in accordance with Order Ministry of Digital Development, Communications and Mass Media Russia No. 162 dated 07.04.2020. The document confirms that the development of Makves is recognized domestic software and can be used for procurement state and municipal institutions.

MAKVES DCAP became the first DCAP (Data-Centric Audit and Protection) class product included in the register of domestic software. As a result, Russian customers will be able to purchase a competitive domestic product that increases the efficiency of managing access to unstructured data.

Software Makves becomes especially relevant during the period of self-isolation and transfer of employees to the regime. In remote work most cases, companies do not have a complete picture of what is information it is stored on file servers and corporate portals, who has access to it and how it is used. Unstructured data in "file dumps" often contains confidential information and. personal data Duplicate documents with initially restricted access become available to everyone.

MAKVES DCAP helps you identify these violations, adjust settings according to security policies, and further monitor access rights changes without exposing the company to risks.

For April 2020, Makves continues to increase the functionality of the product. Technical support of customers is carried out normally.

Taking into account the current situation provoked by COVID-19, until June 30, 2020, you can use Makves products for free.

Presentations and testing are carried out remotely.

Makves engineers provide technical support and advice on any issues that arise normally.