The name of the base system (platform): | Garda DB |
Developers: | Garda Technology |
Last Release Date: | 2023/01/25 |
Technology: | Information Security - Information Leakage Prevention |
Content |
The main security control tool for enterprise information flows is DLP systems. With the development of data technologies, there is too much data for analysis, and it is impossible to formalize all rules for working with information without compromising business. In addition, such systems are typically difficult to use and require more time for those skilled in the art.
The Garda Enterprise product implements the functionality of monitoring employees' workplaces using software agents. Thanks to the use of workplace agents, there are opportunities to control and block external USB devices. The functionality of intercepting messages transmitted via the Internet has expanded messengers - message ICQ Mail.Ru IRC MSN Jabber Miranda QIP control has been added to the list of previously controlled programs (, Agent,,,,, etc.). Skype
Features
Garda Enterprise monitors the traffic of mail clients using POP3, SMTP, IMAP4, MS Exchange Server protocols, including attached files.
The Garda Enterprise system is able to control external postal services (gmail.com, mail.ru, rambler.ru, etc.), messages on social networks, forums and blogs, and other web services using the HTTP and HTTPS protocol.
The functionality of intercepting files sent via FTP, SMB, P2P, Gnutella, E-Mule, DC++ protocols and services is implemented. Moreover, Garda Enterprise has the ability to intercept telephone conversations made using IP telephony.
The solution allows you to control messages transmitted over the corporate Wi-Fi network using devices on mobile platforms (iOS, Android, Windows Phone, etc.).
The system analyzes traffic at speeds up to 10 Gbps per analyzer, which allows you to track incidents in real time.
2023: Certification of FSTEC of Russia
DLP system to protect and prevent leaks of confidential information "Garda Enterprise" and the database protection system "Garda DB" passed certification tests of the FSTEC of Russia. The systems ensure the protection of confidential information and personal data and comply with the information security requirements for level 4 trust. Garda Technology announced this on January 25, 2023.
The systems "Garda Enterprise" and "Garda DB" can be used to protect limited access information that does not contain information constituting a state secret in significant objects of critical information infrastructure, in state information systems, in automated systems for managing production and technological processes, in information systems of personal data of higher categories and classes.
The passage of tests within the framework of the certification of the FSTEC of Russia suggests that the solutions provide optimal conditions for the protection of critical information, too, - said Dmitry Filippov, head of the certification department of the technical expertise group of the information security company Garda Technologies. - For many customers, the availability of such a Certificate of Conformity is a mandatory requirement when choosing information security tools. He, in turn, becomes a kind of quality guarantor. Now, along with Garda DB (a certificate for the system has been re-issued in connection with the release of a new version), Garda Enterprise can also be used at KII facilities. |
2022: Certification according to the requirements of the technical regulations of the Republic of Belarus
Software complexes for protection against data leaks "Garda Enterprise" and "Garda BD" passed certification tests according to the requirements of the technical regulations of the Republic of Belarus "Information Technologies. Information security tools. Information security "TR 2013/027/BY and can be used to protect state-owned companies. This was announced on November 23, 2022 by Garda Technology.
Software complexes have passed a multi-level check of the declared functions and safety of their own components. Obtaining documents indicates the success of the tests necessary for certification.
Certification is carried out by the Operational and Analytical Center under the President of the Republic of Belarus. The list of requirements is defined by the technical regulations TR 2013/027/BY. The procedure is carried out by means of information protection, which can later be used to protect information in state information systems.
2020
Garda Enterprise on microservice architecture technologies
On November 26, 2020, the Russian developer of information security systems Garda Technologies (part of ICS Holding) presented an updated version of the Garda Enterprise information leakage protection system, built on microservice architecture technologies for scaling performance, as well as optimizing configuration for individual features of customer traffic.
The updated version of Garda Enterprise is built on a modernized technology platform. By migrating to a microservice architecture, it has become possible to scale the performance of the system indefinitely in terms of processing complex objects, such as printing objects, document scans and images from which text information needs to be extracted.
Scaling is done linearly by adding the right type of microservices to additional hardware resources. The calculation and launch of the required number of microservices is performed automatically by using the containerization and virtualization tools of processes and applications. The installation package includes modules for balancing the connections of workplace agents. Thus, scaling the system to tens and hundreds of thousands of jobs becomes more transparent and efficient, which is especially true for highly loaded and geographically distributed systems (geocluster).
Also, the updated platform allows you to optimally configure the system for the individual features of the customer's intercepted data flow, which increases the efficiency of using the customer's server equipment, including virtualization systems.
Additionally, in the presented version of Garda Enterprise, it became possible to authorize users through Active Directory (AD). Configuring the association of AD groups with user roles in the system allows you to manage user rights directly through AD, adding or excluding users to certain groups, expand or narrow user rights in the system to a complete lock. This approach simplifies the task of monitoring the actions of system users from a single point of management of the company's infrastructure (AD), as well as further increase the level of security of the customer's infrastructure, the developers explained.
The updated solution improves the protection of the macOS workplace agent: agent processes are hidden and protected from employee attempts to stop or remove the agent at the workplace. Additionally, the list of agent functionality for macOS has been expanded, including support for the latest version 11.0 (BigSur): control of Viber desktop, printing documents, keyboard input, launching processes and applications and external media (USB, CD/DVD), screenshots, searching for documents at workplaces via crawler, visiting websites (HTTP/HTTPS). The updated macOS workplace agent provides full control over the actions of employees using personal machines on this operating system.
Ability to intercept and detect personal data on graphic images in real time
On January 14, 2020, the Russian developer of information security systems Garda Technologies (part of ICS Holding) announced an updated version of the Garda Enterprise information leakage protection system with the ability to intercept and detect personal data on graphic images in real time.
The updated DLP system detects scans and photographs of such types of documents as a passport, RUSSIAN FEDERATION driver's license in the traffic of the organization, bank card distinguishing documents by type. This allows the security service, even in geographically distributed companies, to identify and prevent the possibility of leakage of personal data customers or employees of the company.
Additionally, in the presented version of Garda Enterprise, a drawing detector of such popular CAD systems as AutoCAD, SolidWorks, Compass is preinstalled. The system recognizes files of formats such as drawings in the stream of intercepted objects and extracts text information from them. This allows you to flexibly configure security policies, as well as search text using the entire set of relevant product technologies. For drawings of individual formats, it is possible to quickly preview in the Garda Enterprise web interface.
2019: Geo Cluster Configuration
On October 16, 2019, Garda Technology"" announced an update to the functionality of the leaks information Garda Enterprise incident protection and investigation system.
The updated version of Garda Enterprise implements a geo-cluster configuration that allows you to centrally manage a network of free-standing DLP systems distributed across the company's branches. The solution provides the ability to apply global security policies to all network complexes, build global reports based on data from all complexes and manage the rights of administrators on all APCs of the network from a single web interface.
The release also includes workplace agents for OS families Linux (,) and Ubuntu, Astra Linux which macOS allows you to ensure control at employees' workplaces regardless of the type of employee used. operating system
2014: Garda Enterprise 3
MFI Soft fundamentally changed the look at the logic of DLP systems, made a convenient tool for daily use - Garda Enterprise 3. The new development is based on: Big Data logic, multi-level analytics and a simple web interface.
Garda Enterprise 3 is a DLP system based on the principles of working with big data. The data storage system in Garde Enterprise 3 provides a total record of all information objects of the enterprise transferred by employees, and a quick search of the accumulated database. Thanks to the use of the Big Data storage and analysis methodology, the Garda Enterprise DLP system has wide possibilities for analyzing accumulated information - automatic construction of an information exchange picture, retrospective analysis of any incident, identification of statistical anomalies, construction of drill-down graphs based on any data, etc.
Another important advantage of Garda Enterprise 3 is a cross-platform interface that is intuitive even without reading instructions.
The main advantages of the Garda Enterprise solution 3:
- Methods of working with information used in the field of Big Data - the possibilities of predictive analysis, detection of patterns and anomalies;
- Reporting system - built using drill-down technology, provides multi-level analytics on a wide range of parameters - employee communications, document distribution schemes for the enterprise, various statistical schedules;
- The interactive interface is both efficient and understandable, even without reading the instructions;
- A proprietary data storage system that allows you to store information of any amount and provides quick access to them. However, the storage organization does not require expensive equipment.
"We
have moved away from the traditional view of the DLP system as a complex specialized tool and have revised the journey towards data storage and analysis. We have expanded the standard functionality by working with Big Data, - comments on the new development Ponomarev Vladimir, Deputy General Director of MFI Soft. - This approach allows you to look at the picture of communications in the complex, build a map of the movement of information flows and identify deviations. We offer a new approach to retrospective analysis and provide new opportunities to assess information risks and threats before they even become incidents. "
2013: Update
On September 24, 2013, MFI Soft announced the release of an update to the Garda Enterprise DLP system. In the new version, workplace control has become more functional, the list of controlled communication channels has been expanded.
Workplace control
- The capabilities of the system for monitoring employees' jobs have expanded. Security officers now have screenshots of employees of the enterprise put under control.
- The possibility of monitoring the local and network printing of documents from employee workstations has been implemented, the function of shadow copying of documents sent for printing has been added. The functionality of intercepting information on document properties has been expanded - the ability to intercept information on document properties, such as "Author," "Title," "Tags," "Notes," etc. has been added to the capabilities of intercepting keywords.
- Improved information control management capabilities. Added CSV Information Export for Table Data View and added Automatic Data Export setting when creating a monitoring session - this is useful if you want to monitor specific employee activities on a schedule.
- The functionality of monitoring the use of social networks has become more convenient - it has become possible to track employees' search queries on social networks, their presentation in the form that the user receives.