InfoWatch: Centre for Investigation

The main articles are:

• DLP - Data Loss/Leak Prevention
• Situational centers (definition, main tasks)

2024

Junior Analyst View

On September 24, 2024, InfoWatch announced a technological solution at the InfoWatch Investigation Center - Junior Analyst. This is an AI-powered development to process information that InfoWatch products collect to ensure data security. The task of Junior Analyst is to optimize the time and resources for traffic monitoring and incident analysis. As of September 2024, the tool is undergoing internal testing and will be available to users of the InfoWatch Investigation Center console as early as 2025.

Junior Analyst is InfoWatch's own development based on artificial intelligence technologies using large language models. His work is based on interactive interaction: in a separate window inside the Investigation Center, the security officer asks a question with text or voice, asks to upload specific data, show the activity of the desired user or groups or other information. Junior Analyst processes data from the Traffic Monitor DLP system and all data protection products that work for the company (Activity Monitor, Data Discovery, Data Access Tracker), and provides a text response or on-demand data rendered on widgets. As a result, the security officer receives structured responses with links to data from the Investigation Center.

The "junior analyst" will be able to answer several categories of questions, including the formation of a sample of violators, the subject and intensity of communication between employees, the search and assessment of anomalies in working with confidential information, and a qualitative assessment of communications. The service does not answer questions that are not related to information security and suggests returning to the dialogue on the topic, the developers note.

With the Center for Investigations, an information security specialist spends three times less time on the entire chain of actions from the moment a suspicious event is discovered to the decision whether it is an incident. The interface allows you to see and map information in a common space with a single system of filters and crossovers from one data view to another. Now imagine that with the connection of "Junior Analyst" you will do this work even faster. We became the first in the market to focus on the effectiveness of the information security service. And thanks to this opportunity, we are accelerating the work on traffic analysis, decision-making on incidents, as well as at the request of other security departments and information security managers, "said Sergei Kuzmin, head of InfoWatch at the InfoWatch Investigation Center.

Junior Analyst is not licensed additionally and will appear in the default Investigation Center for all InfoWatch data protection users. You will need a separate installation of the service and video card. In the future, it can be customized and given its own name to the assistant. The tool will be available at the Investigation Center as early as 2025.

Add InfoWatch Vision, InfoWatch Prediction, and InfoWatch Data Discovery tools

On September 13, 2024, InfoWatch announced the expansion of products at the Center for Investigation. This version of the single InfoWatch console provides automatic markup of screenshots and decryption of audio recordings, a tool for working with risk groups, as well as other additional features for even faster work of a security officer.

The Investigation Center is the in-house development of InfoWatch Group of Companies, which works on the basis, OS Linux fully meets the requirements import substitution and is compatible with domestic operating systems. The Investigation Center combines the capabilities of working with events - DLP the system, data about the actions of InfoWatch Activity Monitor employees information , about the storage and access to files to InfoWatch Data Discovery, visual analytics InfoWatch Vision and notification of possible risks to the InfoWatch Prediction risk management module in a single interface space.

In the InfoWatch Investigation Center, an information security officer can see and match various data in a common space with a single system of filters and cross-transitions from one view to another. Thanks to this, the information security specialist spends three times less time from the moment of detection of a suspicious event to the moment of making a decision on whether this is an incident. And we went even further - firstly, we added opportunities to help CR users keep their focus on important events, since the speed of incident response depends on it. Secondly, they expanded the number of sources to which the information security specialist refers to understand the context of the violation in order to make decisions weighted and taking into account all factors. They also improved forecasting tools - with their help, security officers can work proactively and thus reduce the number of potential incidents in the future, "said Sergei Kuzmin, head of InfoWatch at the InfoWatch Investigation Center.

New InfoWatch Vision, InfoWatch Prediction and InfoWatch Data Discovery tools provide focus on important events. InfoWatch Vision Visual Analytics has developed additional functionality for displaying DLP system data. It became possible to edit the link graph for preparing reports - now the security officer can edit the link graph to focus the management's attention on the necessary details. InfoWatch Prediction has added tools for working with risk groups: in the "Risks" section of the Investigation Center, the "Risk Control" tab has appeared, which helps information security specialists quickly assess which employees are included in several risk groups at once and how the number of people changes in each of these groups. The InfoWatch Data Discovery module, in turn, now supports instant search for files that are similar in meaning.

The developers have supplemented InfoWatch Activity Monitor with wide context analysis - the updated module provides automatic markup of screenshots, recognizes prohibited or potentially dangerous graphic objects. Activity Monitor also translates audio into text, which allows an information security specialist to analyze the audio environment of a PC person under supervision twice as quickly, identify keywords in the text and use the document to compile a report. There are new widgets for print control, which makes it possible to track the events of sending documents for printing, as well as new widgets with statistics on employees and printers. This simplifies the control of printed matter and helps to identify its misuse. In addition, the context analysis extension provides new capabilities for the InfoWatch Vision module. In the "Events" section of the Investigation Center, you can now open and view messages from instant messengers as a dialogue. With the advent of this function, information security specialists can see the entire user dialogue at once and quickly assess the situation based on the context and history of communication.

To work ahead of the curve, the developers of the Center for Investigation have added functionality to InfoWatch Data Discovery to automatically group 100% of text documents in the perimeter of the organization. Thanks to the technology of grouping documents of its own development, it became possible to automatically sort all text documents on file stores and PCs of employees. In addition, risk analysis tools have been added to InfoWatch Prediction, taking into account the current geopolitical situation.

Investigation Center Submission

On March 28, 2024, InfoWatch Group introduced a new development for business in the field of confidential data protection - the Center for Investigations. This is an interface solution that combines data from the entire InfoWatch line to protect information in a one-stop shop. This approach to organizing the work of information security specialists allows you to monitor traffic, analyze and investigate incidents at a fundamentally new level of immersion in data and work with all InfoWatch data protection products, including the latest generation DLP system, at the same time.

𝓲

InfoWatch

The Investigation Center combines DLP system events, InfoWatch Activity Monitor employee activity data, InfoWatch Data Discovery file storage and access information, InfoWatch Vision visual analytics, and InfoWatch Prediction risk alert in a single interface space.

The Investigation Center is the in-house development of InfoWatch Group of Companies, which works on the basis, OS Linux fully meets the requirements import substitution and is compatible with domestic operating systems.

The user capabilities and appearance of the Investigation Center are designed to meet the requirements of modern UX design, tested on focus groups of security officers of customer companies and market experts and created taking into account their feedback. According to focus group participants, the InfoWatch Investigation Center triples the time from the first suspicion of violation to the result - decision-making, which was made possible thanks to the main options:

• a single console allows you to work with the required data in one window
• a single filter and interactive interface help you quickly switch between different data slices, maintain investigation context and focus on important details
• You can match information from multiple modules and quickly interpret data for decision-making.

This is a fundamentally new approach for the information security industry to the daily work of an information security specialist, which allows a security officer to analyze data from different sources in a single context and work with a comprehensive picture of events when investigating information security incidents. This approach is especially relevant for enterprise companies with large staff and large data arrays on them.

We discussed with the business community advanced options for data protection and received feedback: despite the interest in new opportunities, organizations often do not have enough information security resources even to analyze all incidents in a day. Each security tool generates many different data and multiples the load on the security officer to search for them in different modules, compare, interpret and prepare reports. We set ourselves the task of making it as easy as possible for an information security specialist to collect information and help him concentrate on conducting investigations and making decisions. So we came to the development of the Center for Investigations - a single information space with operational access to the most complete set of data. Now the security officer will be able to form a slice of data of interest to him in a few clicks, if necessary, adjust and supplement it, without switching between several consoles, track the employee's digital footprint, analyze him and, if necessary, act proactively, "said Sergei Kuzmin, head of InfoWatch Employee Monitoring Group InfoWatch.

The logic of work in the Investigation Center is designed in such a way as to provide the information security specialist with a maximum of relevant data, which can be controlled using interactive tools for matching and searching for relationships, in a convenient visual representation. For example, an information security specialist draws attention to the incident on the dashboard for daily monitoring and adds related events to the investigation. Then evaluates the employee's actions before, during and after the incident in the Monitoring section. Without reconfiguring the filter, you can go to the Analytics section and look at the employee's social circle in the link column to find all those involved in the incident. In the Risks section, you can see which risk groups include the employees involved. If an information security specialist needs to evaluate information on network storages, then he can do this in the "File Storage" section. The collected information from the four InfoWatch Vision, Activity Monitor, Prediction and Data Discovery modules, including data on past incidents and threats, is accumulated in the dossier in the "Persons" section. You can draw up the results of the investigation without going to third-party text editors in the "Investigations" section and then upload the final report. And thanks to the flexible reporting function, it is possible to regularly or on request provide the necessary data to related departments.

Thus, after the release of the Center for Investigation, the InfoWatch Traffic Monitor solution becomes the only DLP system in Russia that unites all new generation DLP technologies in a single window, namely:

• monitoring of all necessary data transmission channels;
• accurate detection of confidential information;
• automated configuration;
• interactive visualization;
• behavioral analytics;

It is important that the Investigation Center does not require the purchase of additional licenses and is available to all customers as part of a regular update of any of the InfoWatch data protection products. If your company has an InfoWatch DLP system, but does not use one or more of its additional modules, this will not interfere with the work of the Investigation Center. In this case, it will work taking into account the capabilities of the installed information security solutions. At the same time, its functionality in terms of investigations and reporting will be fully available with any configuration of security software.