RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Information security Kontur SearchInform (CIB Serchinform)

Product
Developers: SearchInform
Date of the premiere of the system: 2006
Last Release Date: 2024/11/05
Technology: Information Security - Information Leakage Prevention

Content

White Paper: DLP - Data Loss/Leak Prevention


A comprehensive solution to protect against confidential information leaks and control information flows in organizations.

The information security Kontur SearchInform 4.0 is certified by the FSTEC of Russia for compliance with the requirements for the level of control of the absence of NVA according to level 4 of control (RD Protection against NSD to information, part 1) and technical specifications 64457145.00001-01 90 01.

The SearchInform 4.0 information security Kontur can be used to create automated systems up to and including 1G security class and to protect information in personal data information systems up to and including class 1.

2024

The ability to manage writing to flash drives depending on the powers of employees

The DLP system "SearchInform CIB" has updated the functionality of DeviceController - a module for protecting removable devices. Now it is easier for information security specialists to manage writing to flash drives, depending on the powers of the employees who use them. The developer announced this on November 5, 2024.

DeviceController allows you to completely prohibit the use of flash drives in the company, and install locks pointwise: by the types of data downloaded to them. For example, you can prevent copying documents with PD or trade secrets to USB. To prevent such prohibitions from interfering with business processes, CIB provides flexible exceptions. Now you can set "whitelists" of employees who will not be affected by restrictions, as well as specify a list of trusted devices. Then the ban on recording documents with the "Confidential" stamp on flash drives will affect everyone, except, for example, the manual. Or copying will be possible only to flash drives issued by the information security department. For safety net, DeviceController also has the function of encrypting data written to USB: then the copied files will open from a flash drive only on the company's computers.

File:Aquote1.png
Many customers fear that blocking a channel will interfere with the normal work of employees. CIB helps to bypass this problem - not to deprive employees of a working tool, but to concentrate on data protection. DeviceController can apply prohibitions only when copying the most sensitive content types. And the "white lists" will retain the ability to transfer information on flash drives to those who need it on their official duties, "said Aleksei Drozd, head of the information security department of" SearchInform. " - The scheme with "white lists" is especially convenient in large companies, where point prohibitions are more difficult to establish than to set exceptions.
File:Aquote2.png

Earlier in the CIB it became possible to find documents on flash drives labeled "SearchInform FileAuditor," which immediately show what is contained in the file: data, comtine, etc. Thanks to this, the information security specialist can immediately determine how dangerous copying such a document to USB is and stop the attempt.

Ability to automatically archive server component databases

SearchInform has improved DLP fault tolerance. The developer announced this on October 22, 2024.

In the DLP system "SearchInform CIB" it became possible to automatically archive databases server components responsible for the operability of the analytical module, system configuration management, building reports, etc. This is necessary for recovery files if they are damaged, distorted, user errors or affected by malicious programs. For example, if there are hardware, on, DSS upgrade, or in failures OS , the DBMS system administrator can restore DLP settings from the copy in a few simple steps on the interface.

As a rule, backup is carried out by third-party means, the copied databases are built manually. The added CIB functionality minimizes these labor costs, the procedure is fully automated. At the same time, fast "unpacking" of data is provided from each archive, this makes it quick and easy to restore the system from scratch to working state.

Archiving service databases allows you to roll back to the working state in case of breakdowns, and the intercepted database archive information - to restore the picture of what is happening in the company without loss, even if the control system has "moved" to another infrastructure. In addition, database archiving helps to unload resources - SQL which servers increases system performance. The developer also provided for the ability to archive and transfer indexes (intercepted information after parsing and analysis) and interception databases to slower disks, so that only current data remains in "hot" storages. Finally, archiving affects the "heaviest" vaults - those where shadow copies of files transferred to are stored USB using FTP or, in the case of integration, falling under the markup of the DCAP system "."SearchInform FileAuditor

File:Aquote1.png
The reliability of systems is achieved not only by the high quality and fault tolerance of the product, but also by the convenience of backup and recovery procedures - after all, no IT system is immune from force majeure circumstances, for example, physical hardware breakdowns, problems with third-party system or application software, updates. We have built these tools into our platform to minimize customer maintenance activities and time. Now the whole procedure is done in several clicks in a single interface, - commented Alexey Parfentiev, Deputy General Director for Innovation at SearchInform.
File:Aquote2.png

Web Interface Availability

The DLP system "SearchInform CIB" can now be administered and configured from the web interface. An information security specialist will be able to control the DLP system remotely through any browser. SearchInform reported this on October 17, 2024.

Previously, DataCenter - CIB's main infrastructure management console - was only available on the workstation on which it was installed. Now WebAnalytic has a section of the same name with all the main functionality of the console. Through it, you can set the basic settings of the CIB and its components, manage indexes and databases, distribute [[licensing Software 'licenses]], configure synchronization with the Active Directory domain, etc. The functionality of DataCenter, available in the browser, will be expanded.

Security when working with a web interface is arranged in the same way as when working with consoles on a local network. Traffic from the browser to, servers it is ciphered authorization mechanisms and a role-playing access model for information security department employees are implemented.

File:Aquote1.png
Now the CIB administration work is not "tied" to the server or PC, but is available at any time from anywhere. This will allow information security specialists to monitor DLP status remotely and quickly make decisions if you need to change settings or fix problems. For example, connect to the database or distribute new licenses while on a business trip, "said Alexey Parfentiev, Deputy General Director for Innovation at SearchInform. - In addition, porting DataCenter to WebAnalytic is a big step towards cross-platform. You can work with the web console on different operating systems and devices, including mobile devices.
File:Aquote2.png

Automatic conversion to the text of audio messages and recording calls from instant messengers

In the DLP system, SearchInform CIB has strengthened audio recognition functions. Now the program automatically converts audio messages and recording calls from instant messengers into text. This allows you to analyze them and search them by content. For example, to detect the facts of information leaks, collusion with competitors, the organization of fraudulent schemes and other incidents of internal security. SearchInform reported this on September 23, 2024.

To "decrypt" voice recordings, CIB refers to the ASR engine (automatic speech recognition). Out of the box, ASR options are available to choose from, including free distribution. They can run on servers on both Windows and Linux. Recognition can be configured in favor of speed or processing quality. More than 30 languages are supported.

Based on recognition results, you can search the Analytics Console or configure security policies in AlertCenter. As a result, the DLP system can detect incidents in any audio content from instant messengers and social networks, as well as in MicrophoneController records.

File:Aquote1.png
If there is more than one interested person in the fraudulent scheme, they agree on it. The job of a security professional is to detect such negotiations before insiders' plans are implemented and damage. SearchInform CIB finds signs of fraud in any employee communication channels, including oral negotiations. Thus, information security specialists have more tools for preventive protection, - said Aleksei Drozd, head of the information security department of "SearchInform."
File:Aquote2.png

Add online call blocking to Skype and Viber

Blocking of online calls appeared in SearchInform CIB. SearchInform announced this on September 17, 2024.

Now the information security service can limit employees' ability to call and send audio messages to Skype and Viber.

CIB prohibits access to the microphone when using Viber on an employee's PC. In Skype, restrictions, in addition to the microphone, work at the traffic level: when calling, there will be no connection, and audio messages will not be sent. You can supplement such blocking with prohibitions to send messages and files with confidential content. Restrictions work both in desktop versions of instant messengers and when accessing them through a browser.

Also, control over negotiations in instant messengers is strengthened by "decryption" of audio. If calls through instant messengers are allowed in the company, CIB will receive their content for analysis in the form of text. If the system detects a suspicious topic in it, for example, a discussion of kickbacks, it will automatically inform the information security service.

File:Aquote1.png
Audio control in instant messengers is a demanded function among our clients, for example, when business processes do not allow the use of third-party software for negotiations. In this case, blocking will help implement the regulations in practice and be sure that employees do not disobey the bans. - said Alexey Parfentiev, Deputy General Director for Innovation at SearchInform. - So far, the function is available only for two messengers, but we are already working to expand this list.
File:Aquote2.png

In total, SearchInform CIB controls more than 60 messengers, as well as social networks platforms. AEROSPACE FORCES So, earlier the vendor reported DLP support in Russian VKS services TrueConf and "."Yandex.Telemost

What DLP should be able to do outside the local infrastructure

There are several options for organizing a workspace outside the perimeter. One of them is that a business can use separate services beyond the perimeter: communications, storage or software. They can be based on the company's servers, but employees have access to them from any device so that work is uninterrupted. DLP needs to be implemented on the servers of these services in order to see what "leaves" from them to smartphones, home PCs, etc. For each of these options, there are specific requirements for DLP. For convenience, I will tell you about them using the example of our system - "SearchInform CIB." Read more here.

Expanding the list of supported instant messengers and cloud storage

The SearchInform CIB DLP system has added to the list of supported instant messengers and cloud storage. Additional controls have also emerged for long-available sources. The changes will make it possible to more effectively identify possible incidents in corporate communication and data exchange channels. The developer announced this on June 24, 2024.

The system has received additional options for working with instant messengers. For example, ICAP interception has become available for RocketChat. It became possible to control the web versions of instant messengers from the sidebar: browser the option is available for,, WhatsApp Telegram RocketChat and. Using TrueConf the HTTPIM protocol, support for Squadus has appeared. Finally, CIB supported the latest current versions of business messengers, such as. Skype for Business

Interception of the cloud storage of the Kontur.Diadok EDO system and the cloud environment for Google Colab developers has become available. The refinement will strengthen control over especially important data: business documentation and source code.

File:Aquote1.png
We strive to make the work of information security specialists with our products more convenient and variable. Not only give new tools, but also open more ways to solve familiar problems, because in each company control is arranged differently. Developers have two areas of software development - to create new functions or improve existing ones. We have never stopped at one thing, "said Alexey Parfentiev, Deputy General Director for Innovation at SearchInform.
File:Aquote2.png

Ability to monitor memory consumption on DLP servers

  • SurchInform DLP CIB system has updated the settings that data storage it collects during monitoring of user activity on the PC and transmission information via communication channels. The developer announced this on June 11, 2024. Additional features have appeared for managing the storage of data about the operation of the system itself. Information security specialists can control memory consumption servers DLP and flexibly adapt settings to the individual needs of the company.

The developers have expanded the capabilities of managing logs in which CIB logs its work. You can manually set the maximum log volume and limit logging by time (for example, store logs only for the last week or 24 hours - the period is indicated arbitrarily). Different logging levels are available, the more detailed the log, the more it weighs - but now even the largest log files will not take up more space allocated on the server. You can also take the log record to alternative vaults: for example, to a separate server. It is enough to manually set the path to the desired directory.

You can also optimize the amount of system data by disabling event logging from agents or SSL connection logging. Records of standard events will no longer consume space.

As a result, memory consumption on the system hard disk is reduced - there is more space left for interception.

How DLP will "write" data from different control channels can now also be customized. So, you can individually configure the amount of files that the system will check when sending to the cloud, by mail, etc. This is useful so as not to overload the interception module with processing too large files - in particular, this applies to media.

At the same time, the maximum amount of files allowed for processing has increased depending on the channel. For example, for CloudController, it will be 2 GB, because "heavy" files are often downloaded into the clouds. If such large volumes of interception are not needed, information security specialists can specify any other values ​ ​ within the limits available for the channel.

File:Aquote1.png
We are constantly developing the functionality of our products, and at the same time we strive to make working with them more convenient. It is important for customers to flexibly integrate DLP into their infrastructure, so we provide various customization options - including how to organize the CIB. Information security specialists can optimize the resources that the system spends, depending on priorities, - said Alexey Parfentiev, head of analytics at SearchInform.
File:Aquote2.png

Support for displaying labels "SearchInform FileAuditor"

SearchInform CIB supported the display of labels "SearchInform FileAuditor" in the main console. DLP you do not need file to subtract to "see" what is inside:, personal data or financial information corporate passwords - DCAP has already done this work. Information is available on the main screen, you can not go to FileAuditor to see details about the content of files. The developer announced this on May 15, 2024.

FileAuditor and CIB work in a complex and strengthen each other. In the CIB, you can see if files with the FileAuditor label were transferred in instant messengers, the mail that was quarantined was printed, recorded on a flash drive or uploaded to the cloud. Tags show an information security specialist how dangerous it is to send a document. Also, an information security specialist can see in the main console who did what with a file with a label: opened, changed, copied, etc. This saves time in investigations, allows you to quickly navigate and prevent the incident.

File:Aquote1.png
The update allows you to combine the benefits of using DCAP and DLP in the company, because it ensures transparency in the movement of tagged files outside the organization and allows them to organize additional protection, "said Alexey Parfentiev, head of analytics at SearchInform.
File:Aquote2.png

Earlier, SearchInform announced the release of FileAuditor for Linux infrastructures. This update will also be available in Linux CIB if the company uses control of file storage and PCs of employees with DCAP.

Enhanced "open control" capabilities

The "SearchInform CIB" has updated the capabilities of "open control" and the user interface. The developer announced this on April 8, 2024.

The updated design and functionality of the user interface in DLP will simplify the interaction of the information security department with employees.

The updated version of SearchInform CIB completely changed the user interface on the agent. This interface helps employees interact conveniently with the information security department, for example, if you need to request access to a printer or folder. Now it is possible to confirm the reading of notifications and find out the reason for the refusal to access a specific file, directory or device. This not only simplifies communications, but also allows you to strike a balance between user freedom and protective measures.

Example of access request generation

The CIB user interface shows employees on their computers which devices, printers and network folders are available to them, notifies them of locks, and also displays information about activity during working hours. The window "hides" in the taskbar, highlighted when notifications are received. Expanded - shows a list of all available and blocked directories, devices, actions and files. The employee can leave a comment for the information security specialist, indicating the reason for the request for granting/expanding access and the required time for using the device. Working time tracking clearly shows the employee how his activity is recorded behind the PC - this supports work discipline.

File:Aquote1.png
We made the interface more convenient and understandable, completely changed its design and expanded its functionality. Many of our customers are moving along the path of "open control" to remind employees of the current information security rules. The CIB user interface is another tool to simplify this task, "said Alexey Parfentiev, head of analytics at SearchInform. - through the user interface, you can control permissions to any connected devices, media, shared folders and remote connections, even to the clipboard. We are constantly expanding this list and will soon cover all possible locks in CIB.
File:Aquote2.png

By default, the system operates in an invisible mode for the user, before using the interface, you must activate it in the CIB settings and select the modules that will become visible to employees. The display options are flexible - you can activate notifications and specify their text for each module separately, as well as choose how they are displayed.

Example of access request generation

Compatibility with PostgreDB DBMS

The company SearchInform"" conducted a compatibility check of the certified in-system FSTEC of Russia DLP"SearchInform CIB" with the import-independent and certified in FSTEC Russia DBMS PostgreDB (platform), Digital Q.DataBase developed by the company "," Diasoft which announced this on March 25, 2024.

Comprehensive test tests confirmed the compatibility of vendor solutions, correct operation, ensuring the necessary loads and storage of the full amount of data during the integration of SearchInform CIB and the PostgreDB DBMS (Digital Q.DataBase platform). PostgreDB DBMS (Digital Q.DataBase platform) is a secure fork of PostgreSQL fully controlled by Diasoft.

File:Aquote1.png
Together with SearchInform, to protect confidential information and personal data, we offer to use fully domestic and import-independent certified information protection tools: DLP system and DBMS PostgreDB (Digital Q.DataBase platform), on favorable terms. This will solve two problems at once: to ensure the protection of information and compliance with import substitution requirements, which will ultimately increase the level of security at the lowest cost and in full compliance with the requirements of the law,
said Alexey Poletaev, director of information security at Diasoft.
File:Aquote2.png

File:Aquote1.png
DBMS is an extremely important part of the information protection system, especially when it comes to preventing leaks. Data Base DLP systems contain extremely sensitive data, ranging from employee accounts to the results of content-dependent security rules. The storage of such information is a matter of particular importance, therefore, the highest requirements are imposed on DBMS,
told Alexey Parfentiev, head of analytics at SearchInform.
File:Aquote2.png

The proposal of SearchInform and Diasoft to use the SearchInform CIB DLP system and PostgreDB DBMS (Digital Q.DataBase platform) is relevant both for customers who need to comply with the requirements of GOST 57580.1, and for companies from any industries whose activities include the processing of personal data, work with confidential information, including those related to banking secrecy.

Add TrueConf to the Monitored Programs List

SearchInform CIB took control of the TrueConf platform. SearchInform (SearchInform) announced this on March 21, 2024.

In the area of ​ ​ "visibility" of the CIB - video calls, forwarded messages, files. Individual operations in the program can now be restricted. For example, blocks for sending text and files work.

Locks work by the content of documents and messages, as well as by the attributes of the files transferred: type, size, name, location, presence of privacy labels, etc. They are configured in the CIB administrative console - to enable a complete ban, just tick the "check boxes" opposite the TrueConf icon in the general list. The blocking conditions can then be clarified for individual users or groups, PCs, etc.

2023

Telegram and WhatsApp control

SearchInform CIB for Linux took control of Telegram and WhatsApp. This was announced on December 13, 2023 by SearchInform (ChurchInform).

DLP allows you to identify potential incidents in the desktop and web versions of these messengers.

If messengers are prohibited in the company, information security specialists will be aware of their use, bypassing the rules. And if allowed, they will be able to control that employees do not send confidential information to them.

In addition to those listed, CIB for Linux controls more than 20 instant messengers, including VK, Skype, Bitrix24, etc. Together with Telegram and WhatsApp, the CIB capabilities for Linux to control instant messengers and social networks have caught up with the Windows version.

File:Aquote1.png
More and more customers are switching to freely distributed or import-substituted Linux-based OS, workflows and communications are moving there. Therefore, as a DLP vendor, it is critical for us to protect the Linux environment as effectively as the usual Windows. Over the past year, we have equalized both versions of CIB by the number of control modules, and now we have tightened the functionality of individual modules to the same given standard. At the same time, the capabilities of CIB for Linux will continue to grow, - said Alexey Parfentiev, head of analytics at SearchInform.
File:Aquote2.png

Enhancement of webcam, monitor and user activity control in Linux version of "SearchInform CIB"

On November 29, 2023, SearchInform introduced the latest version of the DLP system for controlling PCs on Linux. The update added advanced webcam control, including with AI recognition of faces and objects, as well as control over what is happening on monitor screens and employee activity on the Internet.

So, using the CameraController module on Linux, you can create pictures of the user behind the PC and view what is happening in the visibility zone of the webcam in real time (LiveCam). MonitorController records video from workstation screens and takes control shots if scheduled shooting is configured. Finally, the ProgramController module analyzes user activity in web browsers and evaluates how productive they spend time on the Internet.

The information obtained is added to reports that can be used to judge the discipline and effectiveness of an employee. In addition, advanced AI tools allow you to identify atypical threats. For example, the analytical engine compares CameraController images with an exemplary user photo and, using facial recognition, detects that there is no stranger or no one behind the PC (possibly unauthorized remote connection), and signals the information security service. Recognition also works for phones and allows you to detect attempts to "leak" data by photographing the screen with a smartphone.

File:Aquote1.png
"The update equalized the capabilities of the Linux version of SearchInform CIB with the version for Windows - we have finally adapted all the modules. This is current news, for example, for public sectors subjects CUES who import substitution have switched to Linux as part the Russian OS of the framework. Together with other innovations in CIB, for example, Group of company Systematica control, our DLP began to fully meet the requirements safety in these areas. Note also the ability to install the agent centrally from the DLP system console. Moreover, the agent has become universal, it itself compiles for various minor versions within the same OS line, "said Alexey Parfentiev the head of the SerchInform analytics department.
File:Aquote2.png

Atlassian Integration

The SearchInform CIB DLP system has integrated with Atlassian products at the request of customers. SearchInform (SearchInform) announced this on November 23, 2023.

The DLP system "SearchInform CIB" allows you to fully control the work of users in project management systems Jira Confluence and from the developer Atlassian. This feature appeared with an update that was implemented at the request of SearchInform customers.

Atlassian products are popular for organizing team projects in all technological areas of the business. In the field of view of "SearchInform CIB" comes all user activity in these applications: setting tasks, commenting, attaching attachments. DLP makes a shadow copy of the input text of comments and tasks, subtracts and saves the contents of attachments. In addition, feature blocking is available. You can selectively prevent, for example, deleting files from a project, downloading or opening files when an employee is outside the company, etc. Downloads can also be blocked, and by content.

Example of Jira Action Blocking with SearchInform CIB

{{quote "This is a simple but demanded revision that allows you to secure the very organization of the workflow in companies. Jira, Confluence and their counterparts are widely used in companies with a high level of digitalization, especially in the IT, financial sector. Taking control of the task management system, CIB provides protection against accidental compromise of service information, sabotage and fraud in the workplace, - commented Alexey Parfentiev, head of the analytics department at SearchInform. }}

Implementation of support for the communication service "Automated workplace of a civil servant"

The company SearchInform"" announced on August 24, 2023 that it had implemented support for the communication service Public Servant Automated Workplace"." -SurchInform DLP CIB system can monitor, and data cloudy storages mails. messenger PA AWS

PA AWS protected Russian is a service developed VK and combining correspondence, video calls mail, calendar, cloud storage and "internal portal." DLP allows you to control outgoing and incoming web messages, downloadable files and correspondence in the messenger. The system will show when, from whom and to whom the message was sent, how many there were, whether the correspondence included attachments and whether the files contain confidential information.

{{quote 'author=commented on the head of the analytics department of "SearchInform" Alexey Parfentiev.|Unification of the main digital services into a single solution is a technological step that significantly increases the digitalization of state institutions. However, we must not forget about data security issues. Government agencies process significant amounts of sensitive information that is at risk of leaks. 34% of all incidents in government agencies are leaks of data. The vulnerability of such information is associated with a human factor, and in order to eliminate the likely risks, information security systems come to the rescue. SearchInform has quickly adapted its solutions for GS AWS, so that data transfer within the platform can be controlled,}}

SearchInform CIB notifies information security specialists about violations, allows blocking unwanted content. You can prevent the system from sending files of the selected formats, extensions, and content. For example, if a rule is configured to prevent documents with passport numbers from being sent, the user will not be able to attach such a document in a chat attachment.

The DLP system is adapted to work in, domestic To IT infrastructure so it is suitable for government organizations. CIB can control PERSONAL COMPUTER on the basis of,,, " the Russian OS Astra Linux Rosa, etc., Red OS " GosLinux Linux Alt Linux as well as file formats created in Russian programs (", "etc My Office 1C.).

Ability to notify via messenger about potentially dangerous letters

On August 10, 2023, SearchInform introduced the SearchInform CIB DLP update - now the system notifies via the messenger about potentially dangerous letters that require additional attention from the information security department.

SearchInform CIB, according to pre-configured rules, stops sending letters with suspicious content, quarantines them and then notifies the information security specialist about this. Previously, the specialist could configure the sending of notifications to the email address, now the system has access to sending messages to Telegram.

File:Aquote1.png
Mail remains the typical channel through which corporate data is most often leaked. SearchInform CIB works proactively and warns that an employee is trying to send confidential information outside the perimeter. The system checks the content of the letters and, if necessary, stops their sending. Quarantine gives the information security specialist time to study the letter and decide whether it can be sent. Thanks to notification through the messenger, the reaction time to a potential incident is significantly reduced. In addition, not all companies can have an information security department for a 24/7 PC, so a flexible notification tool is especially relevant for them, "said SearchInform Aleksei Drozd, head of the information security department.
File:Aquote2.png

In the CIB interface, you can configure both sending personal notifications to the messenger and to a group chat with responsible specialists of the information security department. The added functionality allows you to automate the actions of an information security specialist and avoid cases when a delay in sending a letter can harm the company's business processes.

Also, in the DLP system "SearchInform CIB" for an employee, it is possible to independently decide whether he is ready to take risks when sending a letter with confidential content. When trying to send such a letter, the DLP system will give a warning - in the form of an automatic mail notification - that the transfer of the data contained in the letter may violate information security policies. This allows you to unload the information security department, which manually disassembles suspicious mail.

Availability on the Эффективность.рф platform

Information security solutions "SearchInform" are available on the "Эффективность.рф" platform. This was announced by SearchInform on July 6, 2023.

SearchInform has presented 3 products and 3 services for placement on the platform: DLP the SearchInform CIB system, the DCAP class solution, SearchInform FileAuditor the SIEM system, the SearchInform SIEM service, and IB-outsourcing DLP cloud the personnel training service INFORMATION SECURITY. The products will make it possible to assess the internal security of the company's infrastructure: to analyze, data implement content delineations of access rights, control the integrity of the important and its information movement, prevent, etc. leaks IB-outsourcing service helps organizations to protect against leaks of client, bases financial documents, development plans and other information security threats without hiring a specialist in the staff. DLP in the cloud - no data protection hardware costs, thanks to cloud leasing. IT infrastructures

File:Aquote1.png
Improving labor productivity and employee productivity are priorities for many organizations. Our products primarily solve information security problems, but also contribute to increasing the efficiency of enterprises, reduce the risks of financial and other losses. Thanks to the Эффективность.рф platform, SearchInform solutions have become even closer to the customer, "said Olga Minaeva, GR Director of SearchInform.
File:Aquote2.png

The main goal of the Эффективность.рф platform is to increase labor productivity through digitalization. In total, 496 Russian IT services and services and 1326 customer enterprises are presented at the site as of July 2023, 896 implementations of Russian digital solutions have already been completed. The platform allows enterprises participating in the "Labor Productivity" project to assess digital maturity, develop a digitalization strategy with experts, form a list of necessary software and a plan for implementing IT solutions, as well as receive advice on government support measures.

Integration with VeiL ECP platform

The domestic vendor INFORMATION SECURITY"" and SearchInform the enterprise Research Institute Scale have completed integration their solutions. DLP SearchInform CIB and DCAP System passed the SearchInform FileAuditor cloudy platform compatibility test. ECP VeiL SearchInform announced this on April 20, 2023. More. here

PostgreSQL and Postgres Pro support

SearchInform presented an update to the DLP system - the solution implements support for the freely distributed PostgreSQL and its domestic analogue Postgres Pro. This became known on January 17, 2023.

Now all traffic from user PCs, incidents, quarantine letters, security policies and reports, as well as CIB SearchInform configuration data are stored in these databases.

File:Aquote1.png
We are actively working on the implementation of support for domestic solutions in our products and constantly hear a similar request from customers. The current step will significantly reduce the cost of owning a DLP system, because now you can use a free version of the DBMS for it. CIB also works with a secure version of the DBMS - Postgres Pro Certified, so for companies it is also a way to improve security, "said Alexey Parfentiev, head of analytics at SearchInform.
File:Aquote2.png

DLP system "SearchInform CIB" is adapted for operation in the domestic IT infrastructure. It recognizes file formats created in Russian programs (My Office, 1C, etc.), controls domestic data channels, for example, Russian instant messengers and social networks - Telegram, ICQ, VK services, including Mail.ru, Dialogue, etc. The system can control PCs based on Russian operating systems Astra Linux, Red OS, GosLinux, Rosa Linux, Alt Linux, Runtu, etc.

2022

The ability to flexibly set up a work calendar to account for work hours correctly

In the updated DLP system "SearchInform CIB" functionality has appeared that helps to find "imaginary workers" and accurately determine how productive the employee worked during the day. To do this, the attribute "virtual activity" has been added to the CIB, which determines the user's activity simulated using autocliker programs or pressing keys on the keyboard. This was announced on November 30, 2022 by the SearchInform company.

File:Aquote1.png
"There are problems with the violation of the working routine in almost every company. But such facts are easy to detect. In CIB, you can see the activity of each employee and find unproductive ones. At the same time, the employer can find employees who are trying to deceive the time accounting system and install various car liqueurs on their personal computers in order to simulate "violent activity," said Alexei Parfentiev, head of the SearchInform analytics department.
File:Aquote2.png

In CIB, it became possible to flexibly configure the work calendar for the correct accounting of working hours. Now for each employee or department you can set up an individual work schedule or tighten it from "1C. Gallery," if it is in the company. This is convenient if the organization has employees with different schedules or those who work in shifts. The calendar can be supplemented taking into account vacations, holidays and weekends.

So that the system mistakenly does not consider the time at which the employee is busy at the meeting or planning meeting to be "idle," the CIB has integrated with Outlook calendars. If an event is scheduled in the user's calendar, DLP will count this time as productive for all meeting participants.

You can see how users spend the working day in the daily activity report. The scale displays all periods when the employee worked for the PC: start and end times of the working day, periods of activity or inactivity, violations of the work schedule (lateness, early departures).

Identifying Potentially Dangerous Mail in Employee Boxes

On October 20, 2022, SearchInform introduced the SearchInform CIB DLP update  - now the system detects potentially dangerous mail in employee boxes. With this data, a security specialist will be able to prevent the risk that users will download malicious attachments, click on phishing links or engage in correspondence with scammers. Also, data from CIB can be used to optimize the settings of spam filters on the corporate mail server. Together, this reduces the likelihood of compromising work PCs and accidental leaks of confidential information.

Phishing emails are recognized by comparing the values ​ ​ of the MessageID and From fields, that is, the system detects cases when the domain and the true address of the sender are different. If these values ​ ​ do not match, the DLP system regards the letter as phishing and notifies the information security specialist. You can configure the detection of such letters in the "search by attributes" section.

File:Aquote1.png
Social engineering methods are still the main tool of cybercriminals, and the main channel is mail. According to the study, more than 30% of employees open phishing emails. Links or attachments with remote administration programs, ransomware viruses and other malware can be distributed with phishing emails. To eliminate such a threat, DLP works proactively and warns the information security specialist in advance that the employee received a phishing email,
emphasized the head of the analytics department of SearchInform , Alexey Parfentiev.
File:Aquote2.png

Recognition is phishing an additional tool for controlling atypical, including external risks, which expands the functionality of DLP. Earlier, SearchInform CIB appeared functions for assessing the resilience passwords of employees, identifying the compromise of service accounts (when others use the account of one employee), as well as another way to detect account theft - a function. face recognition The system uses the web to cameras take pictures every time the user logs in for a PC and reports if computer the non-owner has unlocked.

A tool that allows you to create watermarks on a PC screen

SearchInform announced on September 2, 2022 that the updated DLP system "SearchInform CIB" has implemented a tool for creating watermarks on the PC screen. When the user shoots the screen - using a screenshot or photo on the phone, a protective marking remains on the image, which is easy to identify the culprit in the event of a leak. The watermark contains an indication of the PC and the employee who works behind it.

Watermark visibility can be adjusted. For example, there is a practically invisible mode: labeling will not interfere with the usual work of employees, but will remain in the screenshots if someone decides to drain them. At the same time, information security specialists who detect a leaked image will be able to "show" signs in a graphic editor or directly in the CIB interface using special filters. In this way, the drain source can be uniquely determined.

Watermarks are added, including if a screenshot or video is taken as part of an RDP session, as well as in situations where graphics drivers are not installed on the computer with the CIB agent.

File:Aquote1.png
With the help of protective watermarks, the company continues to develop the direction of monitoring leaks to the phone. First, they taught the CIB to recognize the guidance of smartphones with a camera on their monitor by employees. The system notifies you of this, so you can prepare for a potential incident. Watermarks protect against situations when a screenshot or photo of the work screen has already leaked to the Web, but who is behind it is not clear. This is an urgent problem, just remember the recent case of a well-known marketplace: screenshots of the company's CRM with sensitive internal information were put up for sale on the dark web. The updated CIB functionality will greatly facilitate the investigation in such situations and will allow the perpetrators to be held accountable,
said the head of analytics at SearchInform , Alexey Parfentiev.
File:Aquote2.png

For September 2022, this approach to identifying insiders has no analogues in other DLPs. It is complemented by other releases by the 2022 developer: detection of screen photography, as well as face recognition user technology, which, among other things, determines if the owner is not working for the PC. Together, they give information security specialists the opportunity to clarify the results of the investigation and identify situations when a leak occurred from the computer of an employee under data whose accounts an outsider worked. malefactor

Ability to control the risk of compromising work accounts

On August 17, 2022, SearchInform introduced the CIB SearchInform update - now the DLP system accumulates information on all actions related to user authorization in a single report - "Authorization on Services." With this data, the security specialist will be able to control users' work accounts in unincorporated services. The report shows on which services the employee enters credentials, under which account and behind which PC this happens, how reliable the login data is. The degree of complexity of passwords is clearly displayed in the report - if the protection is weak, the system will notify you of this.

The report will be able to find out whether the employee uses a login and password identical to the corporate one to log into social networks, personal mail or to the gaming site. If this is the case, there is a risk that a leak from an external service will compromise the internal perimeter of the company. If the password on the third-party service is the same as the user in Active Directory, the system will warn you about this.

In addition, the report records the facts of the use of one account by several employees in the company. When different users access the same service with a common login/password, the system saves this information. This is an occasion to check how legally employees use common data for authorization. It should be borne in mind: if a company uses one account for everyone to log in to a certain service, the user who logged in first will be considered its owner.

File:Aquote1.png
Reports can be built both for each user separately and throughout the team. They will show which accounts on which resources users used at a certain period of time, find accounts that several people use at the same time, and also assess the complexity of their passwords, from a practical point of view this is an important tool for an information security specialist. Statistics say that 55% of Russians use the same login passwords on different services, including adopting corporate ones for their personal accounts. This is a risk for the company to consider. In addition, the report will help draw up an objective map of the use of "external" corporate services (for example, resources for mailing or managing social networks), "
File:Aquote2.png

DLP system Agent for macOS PCs

On April 25, 2022, the developer SearchInform Russian of the funds information security announced the release DLP of the SerchInform CIB agent system for monitoring workstations under control. macOS This solves the problem on information protection devices Apple that were previously outside the control perimeter due to design features. OS

The macOS version of the CIB controls user activity on the PC. In particular, thanks to the Keylogger, MonitorController and ProgramController modules, information security specialists will be able to: record and take screenshots of screens on a schedule or in connection with given events; control the text entered from the keyboard and the pressing of service keys; Monitor user activity in applications and record background processes.

For macOS devices, all CIB advantages are available in terms of search, incident investigation and user behavior analytics. It works both automatic detection of violations using security policies and detailed manual search to study what violators did before, after and at the time of the incident. Pictures of MonitorController will support investigations with photo evidence. And in the reports, the information security service will be able to track the productivity and effectiveness of employees working on Apple devices.

File:Aquote1.png
"We implement the functionality, starting from the practical tasks of customers. Therefore, we have been working for a long time to give companies the opportunity to protect any PC, not only in the Windows infrastructure. Last year, for example, all CIB tools became available for Linux, including for domestic operating systems. macOS support is the next step, and we are already ready to offer full control of user activity, "

comments Alexey Parfentiev, Head of Analytics at SearchInform
File:Aquote2.png

For users of "SearchInform CIB" for macOS, advanced functionality is already available as part of DLP: user cards, incident management, more than 30 report templates. Integration with CIB tools that are platform independent: mail quarantine and web traffic control service implemented at the level of interaction with the mail or proxy server helps to strengthen protection. Such a bundle minimizes most of the risks of data leakage. In the coming releases, the CIB capabilities for macOS will still grow, for example, the following versions will support indexing file storages on employees' PCs. In the future, the control capabilities of macOS in CIB will be equal to the functionality for Windows and Linux.

Detection of attempts to photograph the PC screen and recognition of users by face

In "SearchInform CIB" it became possible to solve two critical tasks for business: to detect attempts to photograph the screen and recognize the user's face at the computer. The developer announced this on February 15, 2022.

The system based on control images from the web determines cameras what the user brought to the monitor smartphone camera. DLP The MonitorController module collects information about open sites and processes active at the time of shooting, so if necessary, you can see all information about the employee's actions that occurred during the collection. data Thanks to another update - facial recognition functions, a system identifies that at the time of a potential violation was behind a computer screen.

To do this, SearchInform CIB compares the user's photo with the database of employee photos stored in Active Directory. If someone else has logged into the account, then the security specialist will receive a notification of the incident. In the program, you can see which of the users used someone else's PC, find out the date and time of the incident, and then use a detailed analysis to find out what the user was doing. In the future, based on this functionality, it will be possible to implement the ability to block access to the account if the person of the user entering the login and password does not correspond to the identity of the account owner.

Fig.1. An example of how the detector works: a screenshot of the PC of a user who is trying to take a picture of the monitor.
File:Aquote1.png
Thanks to the analysis of interception using machine learning methods, SearchInform CIB now controls the leakage channel, which has so far remained a blind spot in most domestic and foreign DLP systems. Now the system will help to cope with this problem in automatic mode. Combining this functionality with the ability to recognize faces is a long-awaited option, because data from the DLP system about the real culprit of the incident can become evidence in court cases of unlawful access or disclosure of confidential information, "said Alexey Parfentiev, head of the SearchInform analytics department.
File:Aquote2.png

Integration with R-Vision IRP

Control of information security incidents identified by the DLP system "SearchInform CIB" is now available in the R-Vision Incident Response Platform (IRP). Thanks to integration, an information security specialist can work in one console - SOC systems. This allows you to reduce the response time to the incident. This was announced by SearchInform on February 1, 2022.

To connect integration to the users of SearchInform CIB, it is enough to select the appropriate setting in the AlertCenter menu - consoles for working with incidents, create and configure an interaction rule. After that, the incidents will be transmitted in an IRP-friendly R-Vision form. For example, when an employee sends to mail confidential information competitors, the notification of the incident will come not only to SearchInform CIB, but will also be duplicated in the R-Vision platform. The SOC system will display an incident with attributes that were configured earlier: incident type, creation date, hazard level, status, and other details of the recorded event.

Setting Up the IRP R-Vision Interaction Rule
File:Aquote1.png
Previously, we gave incidents through syslog or SMTP, it was inconvenient. Firstly, this method of integration provided one-way communication, that is, the CIB transmitted an incident, but whether the SOC system would display it correctly was not clear. Now the systems "understand" each other without any problems. Secondly, not all data of interest to the user could be transmitted via syslog or SMTP. In addition, each customer had to perform the same type of actions to analyze incidents: manually configure forwarding, create processing and visualization rules. The current integration greatly simplifies the work due to standardization, the format of which was developed by SearchInform together with R-Vision. It is enough for the customer to make several clicks in the CIB interface, after which incidents will immediately begin to arrive at R-Vision, "said Alexey Parfentiev, head of analytics at SearchInform.
File:Aquote2.png

What the SearchInform incident looks like

SearchInform plans to integrate another CIB console into the R-Vision platform - Analytic Console, which collects all information by user and serves to search and analyze the collected data in depth, as well as to monitor computers employees in real time. Thanks to this, through the SOC system, it will be possible not only to control incidents, but also to investigate them.

2021: Hosted by Microsoft Azure

SearchInform, a Russian developer of information security tools, has become a partner of Microsoft, and the SearchInform CIB corporate data protection DLP system has been posted in the Microsoft Azure cloud. This makes it available to members of Microsoft's worldwide cloud ecosystem on AppSource and Azure Marketplace marketplaces. This was reported on September 14, 2021 by Microsoft.

File:Aquote1.png
'SearchInform CIB'shows excellent performance in a virtual environment. When deployed from the cloud, the system is already ready for use - customers receive a virtual machine with CIB server components installed, they can only enter the activation key and start working, "said Sergey Ozhegov, General Director of SearchInform. - We have received many requests from our foreign partners who are building their IT infrastructure based on Microsoft Azure cloud solutions. Our cooperation with Microsoft will make the SearchInform CIB system even more accessible to companies around the world.
File:Aquote2.png

Deployed from the Azure cloud, SearchInform CIB allows businesses to control all transmission channels, information efficiently analyzes traffic and provides advanced tools for incident investigation. This makes it possible to effectively prevent information leaks and detect attempts at corporate fraud. The ready-made CIB virtual machine in the Microsoft Azure cloud facilitates access to the system for companies that are already operating on the platform - this is convenient and provides an inextricable exchange data between all components of the protected infrastructure. In addition, Microsoft Azure protects CIB servers from - and DDoSattacks other external threats. And the risk of compromising data when transferring between cloud servers and controlled PCs is practically excluded - information is transmitted through secure channels, and only the customer has access to the "core" of the system.

{{quote 'Keeping our business customers safe is the first priority for Microsoft. Therefore, we consider it extremely important to support developers of information security solutions and ensure the availability of technological tools, "said Alexander Belenkyi, Director of the Department for Work with Microsoft Partners in Russia. - "SearchInform" - one of the representatives for the development of information security tools in Russia. And we are pleased that our customers around the world will now be able to deploy the SearchInform CIB platform from the Azure cloud to reliably protect their corporate data. }}

The companies intend to develop cooperation. In the near future, other solutions from the SearchInform line will also appear in Microsoft marketplaces. It is planned that the first in the cloud will be a tracker to monitor the effectiveness of employees "SearchInform TimeInformer " and DCAP a system for protection file storages." As SearchInform FileAuditor part of the partner program, Microsoft will also provide business support to SearchInform to help the company expand its presence in international markets.

2020: Ability to host on a cloud server

On June 10, 2020, the company SearchInform"" announced that now DLP the "SearchInform CIB" system can be deployed on so as cloudy server not to load infrastructure the company.

According to SearchInform, as of June 2020, 91% of Russian companies face information leaks and other information security incidents due to the human factor, but only a third are equipped with special protective equipment - DLP systems. One of the factors that hinders the introduction of protective tools is the high requirements for the IT infrastructure. It is not enough for companies to purchase security systems: first, you need to purchase complex equipment or redistribute the load between existing elements of the infrastructure. This takes away additional resources.

Diagram of the "SearchInform CIB" system operation in the cloud

So that businesses do not have to choose between security, convenience and cost savings, SearchInform has proposed the SearchInform CIB DLP system in the format of a cloud service. DLP in the cloud does not require special equipment in the company: it collects, processes and stores data in virtual space. This means that the solution is suitable for companies with any level of IT infrastructure development: large, medium and small businesses that do not have their own fleet of hardware, cannot expand it or want to reduce the load inside the corporate perimeter, noted in SearchInform.

According to the developer, as part of the service, the vendor provides the customer with a dedicated DLP cloud server with Internet access. If desired, the company can choose the cloud provider itself. Installation, DLP configuration and system operation are online. Data is stored and processed in the cloud. At the same time, the customer receives a monthly subscription to software licenses and the use of the cloud server - this avoids large one-time costs for the purchase of the system.

File:Aquote1.png
"Most Western information security vendors have begun the transition to cloud solutions, including cloud servers for DLP systems. Russia has its own specifics, so we do not copy the Western model, but offer a comprehensive, adapted solution. Companies have come to understand that clouds can be secure, too. Cloud providers are subject to strict regulations, offer additional options for data protection, guarantee privacy and, due to their size, are more resistant to DDoS attacks than individual customers. That is, DLP in the cloud is well protected: all data from corporate PCs is transferred to the virtual data center over secure channels, and only the customer has access to the "core" of the system, "
File:Aquote2.png

According to the developer, cloud DLP has full functionality: it controls all information channels, analyzes traffic and provides tools for incident investigation. This allows you to prevent information leaks, identify attempts at corporate fraud and assess the performance of employees.

As noted in "SearchInform," at any stage of implementation, work with cloud DLP can be entrusted to professional information security analytics on the vendor's side. When outsourcing information security, the specialist will install and configure the system, ensure its operability and take over regular monitoring of information security incidents. The Customer will receive comprehensive protection without expenses for equipment, software and maintenance of information security department.

2019

Red OS Compatibility

On December 18, 2019, RedSoft announced that, together with SearchInform, it had completed testing of the SearchInform CIB DLP system on the RED OS operating system. The test results are recorded in a two-sided certificate of compatibility.

The capabilities to protect the information of the DLP system "SearchInform CIB" are available to those corporate and government customers who build their IT infrastructure on the basis of RED OS, the Russian import-independent operating system of the general-purpose Linux family for servers and workstations.

SearchInform have long been systematically increase its ability to integrate with domestic operating systems, including under the request of specific customers.

File:Aquote1.png
Customers continue import substitution and push domestic vendors to increase the functionality of their developments. This is a strategically important business for us, and working with RED SOFT logically continues the course of cooperation with developers of domestic operating systems. SearchInform CIB for December 2019 is already compatible with AstraLinux, Rosa Linux, GosLinux, as well as freely distributed CentOS and Ubuntu. Our final goal is not only to ensure the compatibility of DLP SearchInform CIB with the maximum number of domestic operating systems, but also to improve the capabilities for Linux platforms to the identical functionality that is available for Windows,
says Alexey Parfentiev, Head of Analytics at SearchInform
File:Aquote2.png

File:Aquote1.png
The development of the partner program is certainly a priority for RED SOFT. Due to the relevance of import substitution of software, we place great emphasis on the creation of complex solutions based on RED OS, therefore we welcome the positive results of testing the DLP system "SearchInform CIB,"
comments Rustamov Rustam, Deputy General Director of RED SOFT
File:Aquote2.png

Enhance the ability to control privileged users

On June 18, 2019, SearchInform CIB announced that it had expanded the control of privileged users.

"SearchInform Information Security Kontur

According to the company, in the second quarter of 2019, the SearchInform DLP system increased Kontur of Information Safety (KIS) ability to intercept information and expanded the list of control channels. But the main thing is that the system has more functions for controlling remote access tools.

CIB has increased control over privileged users who have the right to remote administration. For this, security specialists received two tools at once.

The Remote Desktop Connection Protocol (RDP), the primary Windows remote administration tool, can be comprehensively monitored in the CIB. Using flexible settings, it has become more convenient to control user actions with an active RDP connection:

  • Set different rules for the user's PC and the remote machine - for example, prevent copying from one side or pasting from the other.
  • make a shadow copy of all files exchanged in RDP;
  • Prevent any movement of files over an RDP connection.

Also, security specialists will be able to limit the actions of employees who VmwareVirtualBox use/to access virtual environments (machines, resources,). to applications CIB will block flash drives and other removable devices if the user tries to connect them to a virtual one. to storage

The main goal of both tools is to prevent users with privileges from entering unwanted files on a remote machine or stealing information from there.

File:Aquote1.png
First, we took control of TeamViewer and its counterparts as the most popular remote administration tools. For August 2019, we are developing the concept and releasing solutions for controlling other tools with which users gain access to remote storage and machines.

told Alexey Parfentiev, Head of Analytics at SearchInform
File:Aquote2.png

Another addition - CIB agents on users' PCs have learned to control messages in business messengers Bitrix, Microsoft Teams and. Video and Slack audio calls, documents, images and links exchanged by users will fall into the field of view of security specialists.

Corporate messengers are integrated with popular cloud storage and online planners. Information from there will also become available. For example, viewing task trackers will help adjust user productivity data.

2018

30% more performance

On October 6, 2018, SearchInform announced that it continues to work to improve the performance of the DLP system "Information Security Kontur." In a recent update, CIB SearchInform implemented the ability to transfer the Workstation Indexing module to the EndpointController agent. This allows you to more effectively control the movement of confidential information on employees' computers and significantly increases system performance. Until the recent update, documents from the computer were transferred for indexing to the server. In the updated architecture, verification takes place directly on the computer itself.

Operating principle of CIB SearchInform
File:Aquote1.png
author '= Alexey Parfentiev, lead analyst at SearchInform
We are radically changing the architecture. This will solve a whole layer of problems - to search for data in very large networks, for example. Previously, we had to allocate large resources for this: place additional servers, allocate disks. In addition to significant resource savings, the presented architecture allows you to increase DLP performance. According to preliminary data alone, in 2018 it grew by 30, in the best cases by 40%.
File:Aquote2.png

Other important updates of 2018 CIB SearchInform include blocking the sending of outgoing corporate mails via MAPI, as well as HTTP at the agent level, the appearance of a web console (allows you to quickly analyze the current security situation even remotely through), browser scanning, cloudy storages intercepting web versions, and WhatsApp Telegram the.com service. Slack

Ability to scan cloud storage

On October 22, 2018, the company SearchInform announced that the DLP CIB SearchInform system had the ability to scan:, and cloudy storages Yandex.Disk Dropbox others. Now safety customers check for compliance with policies not only documents that are downloaded or downloaded by employees from the corporate, but also infrastructures everything data stored on these disks.

The update significantly expands the ability to control data at rest, which allows companies to comply with key GDPR requirements, which are gradually gaining relevance in our market.

File:Aquote1.png
author '= Alexey Parfentiev, lead analyst at SearchInform
CIB SearchInform already fully protects information flows and controls data in motion, and therefore we are actively developing the product's capabilities in the field of processing data at rest stored within the company or on third servers belonging to it.
File:Aquote2.png

Thus, the update well complements the previously existing cloud control functionality of the DLP system. Other important updates of 2018 CIB SearchInform are blocking the sending of outgoing corporate mail via MAPI, as well as HTTP at the agent level, the appearance of a web console (it allows you to quickly analyze the current security situation even remotely through a browser). In addition, the interception of web versions of WhatsApp, Telegram and the service has been implemented Slack.com.

Release of CIB SerchInform ProfileCenter module

SearchInform, a Russian developer of business protection tools against data leaks and insider actions, announced on April 19, 2018 the release of the CIB SearchInform ProfileCenter module. This is a component of the DLP system that performs the functions of compiling a psychological portrait of a user and predicting his behavior. Read more here.

2017

Profiling module announced

On October 3, 2017, SearchInform introduced the first automated profiling module in Russia as part of the Kontur Information Security SearchInform DLP system.

According to the developers, the ProfileCenter profiling module will allow information security services to predict employee behavior, assess and reduce risks associated with the human factor, conduct investigations in the absence of traces of a crime.

File:Aquote1.png
We are developing the product in such a way as to facilitate the daily work of information security specialists. The profiling module will allow them to prevent incidents, keep risks under control and quickly respond to suspicious actions with corporate information. We are well aware that even the most advanced technical means sometimes pass before the "human factor," and a predictive assessment of human behavior can reduce such risks, - said Lev Matveev, chairman of the board of directors of SearchInform.
File:Aquote2.png

Beta version of ProfileCenter module in CIB SearchInform: interface

SearchInform plans to present the commercial version of the ProfileCenter module for the test to everyone in early 2018.

Integration with MCDS

On August 3, SearchInform announced the release of the Kontur Information Security SearchInform update, thanks to which the DLP system now supports integration with the MCDS.

The solution ensures the completeness of reports on compliance with the work schedule and access mode accepted by the company. The new functionality makes it possible to map MCDS accounts to Active Directory accounts and, as a result, find employees who, for example, appear at work on time, but spend several hours talking and coffee. Integration as a whole simplifies control over work discipline and helps establish all the circumstances when investigating incidents.

Data from the DLP system and the MCDS are combined in the reports of the ProgramController module: "Late employees," "Early departures," "Time journal," "Visit employees," "Time sheet." Data matching reveals two typical scenarios of work regulations violations. The first is the absence of data on the time of arrival/departure in the MCDS database during normal activity at the work computer. The second is the absence of actions for the PC when fixing the arrival/departure time in the MCDS.

File:Aquote1.png
We are gradually complementing our solution with functions that are not inherent in "classic" DLP systems. The goal is to automate and centralize the work of information security services as much as possible, "explained Alexey Parfentiev, a leading analyst at SearchInform. - Adding data sources to the "Kontur Information Security SearchInform" allows an information security specialist to observe not only actions at the computer, but also to see what is happening around. We recently added the function of video recording of events in the field of view of a computer webcam, now - integration with MCDS databases. All this helps security officers to draw up a complete picture of the incident both in digital traces and literally in "evidence" in the office space.
File:Aquote2.png

CIB SearchInform is integrated with the domestic ROSA Linux OS

On July 20, SearchInform announced that the DLP system "Kontur Information Security SearchInform" had been finalized to control OCROSA Linux.

As explained in SearchInform, current and potential customers of the company are actively interested in supporting domestic OSs. This is due to the course of import substitution and the transition of state structures to domestic operating systems. As a result, SearchInform and STC IT ROSA signed a cooperation agreement on February 1, 2017.

"Technological cooperation and partnership with Russian software developers is one of the main priorities of the STC IT ROSA company. At the moment, we feel more than ever the need of the market for complex Russian solutions, especially in areas affecting information security. Close cooperation with SearchInform will allow offering Russian customers complete solutions for organizing a secure IT infrastructure, "commented Sergei Alexandrov, General Director of STC IT Rosa
.

CIB agents adapted for Rosa Linux control the following information channels: corporate mail, personal mail, HTTP (S) traffic, FTP, social networks and forums, cloud services (Dropbox, etc.).

"We observe that gradually commercial and especially state structures are switching to domestic software. Therefore, we cooperate closely with STC IT ROSA in this direction. It is important for us that the customer can protect confidential information using CIB SearchInform and at the same time use the domestic mass-produced OS, "commented Dmitry Gatsura, head of development at SearchInform
.

Technology for Telegram control released

On July 11, 2017, the company SearchInform announced the addition of the functionality of DLP the "Contour" system with a information security traffic analysis tool in. messenger Telegram The technology is designed to prevent leaks of confidential information.

The module checks for compliance with security policies correspondence, voice messages and files transmitted using Telegram Desktop.

File:Aquote1.png
Telegram at the peak of popularity - this is due to the recent scandal and the possibility of blocking the messenger in Russia. In the end, they did not prohibit Durov's brainchild, but the interest of users in it was clearly fueled. The messenger is used for personal and business correspondence, government agencies have official Telegram channels, for example, the FAS, the Ministry of Education and Science, the presidential Human Rights Council, and the Ministry of Foreign Affairs of the Russian Federation even has its own set of stickers. The functionality of CIB SearchInform retains the ability to learn news, receive and provide information, communicate in the usual way. And, at the same time, the system provides information protection, analyzes traffic in real time, including anti-terrorist security policies, and warns of threats.

Sergey Ozhegov, General Director of SearchInform
File:Aquote2.png

The version of the DLP system "CIB SearchInform" has added a tool for photo and video recording of events that occur in the field of view of the built-in or connected to the computer webcam.

2016

An attempt to get into the register of Russian software turned into an action-packed detective

On December 20, 2016, SearchInform managed to get into the register of Russian software with its product almost 10 months after the application. Lev Matveev, chairman of the board of directors of the SearchInform group of companies, called the entire process an "action-packed detective." He accused members of the expert council of deliberately not wanting to include their product in the register and in lobbying the interests of competing companies.

File:Aquote1.png
The administrative resource was delayed and pressured by a representative of our favorite competitor, who is also a member of the expert council. The main goal of such activities is not to let competitors into the register of domestic software, - said Lev Matveev in a message on his Facebook page.
File:Aquote2.png

He says that after submitting the application, the consideration was repeatedly postponed, the company was "purred," for example, requesting additional documents late in the evening on the eve of the morning meeting. Lev Matveev accused Evgenia Vasilenko, a member of the expert council, of lobbying for the interests of their direct competitor.

File:Aquote1.png
We wrote a letter to the Ministry of Telecom and Mass Communications about the conflict of interest with Madame Choker (acting under the pseudonym Kasperskaya), and asked to exclude her from the list of voters for us, - says Lev Matveev.
File:Aquote2.png

Lev Matveev from SearchInform pointed out how difficult it is for Russian products to get into the register of domestic software

As a result, after several rounds of absentee and face-to-face voting, the council, by a majority vote, nevertheless included the product "SearchInform" in the register of Russian software (a detailed description of this "action-packed detective" - on Lev Matveev's Facebook page).

Evgenia Vasilenko, executive ARPP "Domestic Software" director, member of the expert council at the Ministry of Telecom and Mass Communications, called the accusations groundless. "We have 130 companies in the association, and there are, among other things, competitors," she InfoWatch says. According to her, "SearchInform" really had questions for the application, and many council members. This was the standard scheme when additional documents were requested. At the same time, the entire procedure can take a long time, because each expert has up to 100 applications at the same time.

File:Aquote1.png
As a result, I came to the conclusion that they need to be included in the register, made a positive conclusion. Basically, helped them get there. It's difficult to accuse me of being affiliated with any structure, "says Evgenia Vasilenko.
File:Aquote2.png

It is worth noting that this is not the first time that the IT community complains about bias in the selection of software that will be included in the register (see a separate article Who and why is not allowed into the register of domestic software). For example, in the spring of 2016, the non-profit partnership Russoft sent a letter to the Ministry of Telecom and Mass Communications, indicating that the expert council "does not always manage to avoid discrepancies, mistakes, conflicts of interest in making decisions."

Russoft President Valentin Makarov suggested that the ministry introduce a procedure for checking experts for conflicts of interest with companies that have submitted applications to the register, as well as finalize the methodology for determining the criteria for domestic software. Then the company "ATI" was considered the victim, several developments of which were not included in the register, allegedly due to foreign key components.[1]

Another company that has not been able to get from the register of Russian software since January 2016 is DeviceLock. In December, the company was refused and intends to go to court, co-founder and CTO of the company Ashot Hovhannisyan told TAdviser.

DeviceLock was required to provide a "license to develop a means of protecting confidential information (SZKI)," since, according to the expert council, the software belongs to SZKI. But, firstly, this software does not apply to SZKI, and secondly, the council referred to the letter of the FSTEC, which is not a regulatory legal act and does not regulate the relations of subjects in this area, explained in DeviceLock.

According to Ashot Hovhannisyan, the real reason for the refusal is competition. "Some council experts are our direct competitors," he told TAdviser.

CIB SearchInform is reinforced with ImageControl module

On December 8, 2016, SearchInform announced the integration of Oz PhotoExpert digital image verification technology.

The ImageControl module checks the images for authenticity in real time according to the specified conditions and warns about the fact of editing the image. According to the company, this is the first such solution in the Russian information security market.

Screenshot of the software window, (2014)

Image tampering is one of the most common methods of fraud. And recognizing the changes made without special tools, knowledge is not easy. To stream detect changes in digital images, SearchInform specialists have developed the ImageControl module on the Oz PhotoExpert software platform.

The ImageControl module detects the cloning and transfer of areas of the image, inserting fragments of other images, adding and removing details in the image, creating an image of passports using special software and other actions. As part of the check, analyze metadata and identify inconsistencies in EXIF fields. The results of the check are provided in the form of graphic sketches indicating the places of change.

The ImageControl module in CIB SearchInform detects the facts of image editing and determines the nature of changes in the mode of quick analysis and detailed examination: during a quick examination, image analysis is carried out by basic algorithms, during expert analysis all available verification algorithms are connected.

File:Aquote1.png
Despite the increased digital document flow in companies, the Russian information security market still did not have a reliable tool capable of detecting image fraud on the fly. Thanks to our collaboration with Oz PhotoExpert, we received a working anti-fraud solution that was successfully integrated into CIB SearchInform and thus strengthened protection against fraud.
File:Aquote2.png

File:Aquote1.png
OZ PhotoExpert functionality is in demand by banks, insurance companies and other organizations that actively use and implement EDO. We are pleased that cooperation with SearchInform will make our technologies available to even more Russian companies.
File:Aquote2.png

SearchInform and the CST presented a solution to protect information transmitted by voice

The joint solution of SearchInform and the Center for Speech Technologies (CST) automatically analyzes communication channels and prevents information leaks through voice communications.

The integration of the DLP "Kontur Information Security SearchInform" system with CST development allows you to automatically recognize speech, convert it into text, and analyze data for violation of security policies. The solution facilitates the work of information security specialists who previously had to independently listen to and analyze suspicious audio files.

CIB SearchInform provides control and recording of user conversations, however, according to the recorded data, only attribute searches could be carried out, which made it impossible to determine the content of the conversation without listening to it. At the same time, information security specialists spent considerable time and resources listening to all files.

The integration of CIB SearchInform with the CST solution allows you to automatically recognize speech in audio recordings and receive their text decryption. On decrypted audio recordings, the DLP system performs a text search, and also conducts automatic checks against configured security policies.

Integration with Astra Linux

SearchInform, a Russian developer of information security tools, announced in November the completion of the integration of the DLP system "Kontur Information Security SearchInform" with the Astra Linux operating system.

Current and potential customers of SearchInform have long shown interest in supporting Unix-like systems. This is due to the course of import substitution and the transition to open source operating systems.

KIB SearchInform is the first Russian DLP system to be certified for compatibility with Astra Linux Special Edition under the Software Ready for Astra Linux program. This program was developed to support software manufacturers and to enable consumers to receive such products that are guaranteed to function on a mass-produced domestic secure operating system, "commented Dmitry Donskoy, deputy director of the development center of NPO RusBITech JSC.

SearchInform and NPO RusBITech signed a cooperation agreement in April 2016. The result of the partnership is not only mutual consulting and testing of products, but also marketing activities.

"Since 2017, paramilitary and state structures will gradually switch to domestic software. It is natural that our partner NPO RusBITech JSC and we are actively working in this direction, and intend to further develop cooperation, which is already bringing positive results, "- commented on the news technical director of SearchInform Mershkov Ivan.
File:Aquote1.png
author = Yuri Anoshko, General Director of JSC "NPO RusBITech"
The need to protect against internal threats was obvious at all stages of the development of information systems. After passing the certification system "Software ready for Astra Linux," SearchInform solution will harmoniously fit into the eco-structure of the supported software of the domestic operating system and allow our consumers to close issues related to internal information security.
File:Aquote2.png

ABBYY Technology Integration

On August 30, 2016, the company SearchInform announced the development of the Kontur system functionality DLP information security through the company's text recognition technologies. ABBYY

Now the system is able to more accurately determine images of passports, bank cards, other confidential documents and data in the digital stream. A modernized tool based on optical text recognition (OCR) technology self-classifies files, highlighting personal data that circulates within the company among them. Built-in ABBYY classifiers help determine any other documents of the established samples: driver's licenses, service passes, education diplomas, etc.

Document Processing Chart, (2015)
  • The DLP SearchInform system was previously equipped with OCR technology from another vendor by default. Now in the SearchServer module, it is used as a full-text recognition engine. ABBYY FineReader Engine Text recognition technologies and company image classification algorithms ABBYY reduce the need for manual processing by automatically determining the types of personal data. This method allows for retrospective analysis.

File:Aquote1.png
ABBYY FineReader Engine has great accuracy in text recognition, which we were convinced by conducting a number of our own tests, compared the solution of ABBYY and another developer. ABBYY makes 10-12% fewer errors when recognizing plain text and 30% fewer when working with complex images.
File:Aquote2.png

The technology ABBYY performs some tasks 3-4 times faster than standard OCR, improving the quality of recognition. The difference is noticeable when processing multi-page documents or high-resolution images. Referring to practice, the vendors said - thus, the company increases protection against professional insiders who are familiar with the mechanisms of operation DLP of systems and thoroughly hide documents.

File:Aquote1.png
It is essential for companies to control data related to trade secrets or confidential customer information. The ability to automatically identify business-critical data even in an image stream has become an integral part of today's DLP systems. With the capabilities of ABBYY integrated into SearchInform, companies can even more effectively prevent leaks in image format.

Dmitry Shushkin, Deputy General Director of ABBYY
File:Aquote2.png

2015: Dallas Lock Compatibility

Confidence, a Russian integrator of engineering systems and information protection tools, and SearchInform, a Russian developer of information security tools, completed compatibility testing of Dallas Lock 8.0 editions "K" and "C" and "Information Security Kontur SearchInform 4.0" in the spring of 2015. Compatibility is validated for all SearchInform EndpointSniffer platform modules, SearchInform DataCenter Index Management Center, and SearchInform Client.

According to SearchInform research, more than 90% of Russian companies practice delineation of access rights to confidential data. However, it is extremely difficult to implement such a system and monitor compliance with the established rules without specialized solutions. The Dallas Lock program allows you to effectively solve these problems.

The joint use of Dallas Lock and the "Information Security Kontur" allows you to fully ensure the safety of confidential enterprise data.

The Dallas Lock product allows you to protect information from unauthorized access on mobile and stationary computers and servers, distinguish access rights by various methods, audit user actions and monitor the integrity of the file system and firmware environment. Like SearchInform solutions, Dallas Lock is capable of running any Windows operating system.

2014: Dramatic Product Update

On August 19, 2014, SearchInform introduced the updated flagship product "SearchInform Information Security Kontur" version 4.5.15.17.

The list of enhancements to the new version of the SearchInform Information Security Kontur includes four data interception modules: URLSniffer, ProgramSniffer, ADSniffer and CloudSniffer:

  • SearchInform URLSniffer will show in a simple and visual way how employees use the Internet from their workplace. The module records the visited sites and the time spent on each of them, and then builds reports that allow you to easily and quickly analyze the statistics of the use of the World Wide Web by personnel;

  • SearchInform ProgramSniffer gives a complete picture of user activity in the applications they run. Using it, the employer can be sure that not a minute of the employee's working time is spent on anything that does not correspond to the interests of the company;

  • SearchInform CloudSniffer controls data that an employee exchanges with popular cloud services these days, such as: Google Docs; OneDrive; Office 365; Dropbox; Evernote; Yandex Disk; cloud.mail.ru. The module effectively complements the solutions already present in the SearchInform Information Security Kontur and allows you to protect against data leakage through cloud services;

  • SearchInform ADSniffer is designed to monitor the actions of company system administrators who perform suspicious operations in the Active Directory directory.

For example, creating/deleting an account, changing the account (reset password, activate/deactivate), clearing the security log on the domain controller, etc. SearchInform has implemented many improvements and changes in modules well known to users of the Information Security Kontur. The masking mechanism for agents of the SearchInform EndpointSniffer platform, which is responsible for monitoring the workstations of the organization's personnel, has been significantly improved. It became possible to rename all services related to the DLP system at its own discretion. For example, give them "neutral" system names of standard Windows services. There is also a new agent integrity service that effectively monitors events such as the start, stop, reboot, etc.

The SearchInform ReportCenter solution responsible for reporting has reports on personnel activity in applications, sites and other types of activity. New device reports and installed software reports have been created that can provide a lot of important information to an information security officer looking for employees who want to harm the company.

The SearchInform Client module, thanks to integration with the new SearchInform ProgramSniffer, allows you to track and analyze employee activity in real time:

  • Identify employees who are absent from workplaces for no reason,
  • identify processes in which the user is at a given point in time,
  • detect late employees.

SearchInform Information Security Konturs modules allow you to use the rich analytical capabilities of the DLP system even more efficiently: for all intercepted documents, full-text search by keywords is available, taking into account morphology and search by phrases, taking into account the mutual arrangement of words. It is possible to search by thematic dictionaries, thanks to which you can find documents related to a certain topic.

One of the key advantages of the SearchInform Information Security Kontur is the patented Search for Similar technology. A text fragment is used as a search query. The content of the messages searched is analyzed, and in the search results the found messages are built in the relevant order with an indication of the degree of similarity.

Lev Matveev, CEO of SearchInform, noted: "SearchInform has repeatedly proved that, being the market leader, it is she who sets the vector of development of DLP systems, behind which competitors are pulling up. The release of the updated "Information Security Kontur SearchInform" not only brings the standards of Russian DLP developers to a new height, but also creates a fundamentally new class of systems, a new market - systems for comprehensive protection of companies from losses associated with personnel activities. After all, companies sometimes suffer no less from the inefficient use of working time than from leaks of confidential information. "

2013: Certification in Ukraine

On July 11, 2013, the software product "Information Security Kontur" of Searchinform successfully passed certification of the Department of Special Telecommunication Systems and Information Protection of the Security Council of Ukraine. The certificate was registered on June 21, 2013 under No. 448.

Based on the results of the expert assessment, it was confirmed that Searchinform CIB complies with the regulatory documents regulating the requirements for the means of technical protection of information, which are established by the legislation of Ukraine.

The obtained certificate makes it possible to use the DLP solution "CIB Searchinform" in all government, financial, international and other organizations where certified software products are required.

As the head of the Ukrainian division of Searchinform Alena Bugaenko noted, "The certificate received means that our product meets the high standards of technical information protection that are imposed on DLP systems by the legislation of Ukraine. For a long time, it was demanded of us in state institutions, and now we can proudly present it. This certificate allows all users who use only certified software to purchase our product. In addition, the Information Security Kontur is one of the few DLP solutions that has this certification. "

2012

Detection of attempts to disclose state secrets

At the request of one of the Russian government agencies, SearchInform developed a method for identifying direct or veiled conversations between employees via ICQ or Skype on the topic of corruption (demands for bribes). A number of improvements have been made for the needs of design institutes, where leaks of important design documentation and the work of employees to the side are a big problem. Among such improvements is the ability to control the transfer of CAD files. So, in one project organization "Information Security Kontur SearchInform" revealed the fact of recording documents on a flash drive with subsequent delivery of documents outside the office, which, as it turned out later, constitute a state secret. Several employees who worked for competitors in parallel were identified and laid off.

HTTP Support

The SearchInform Client module adds support for HTTP to existing mail protocols and Skype. Thanks to this, information security specialists will be able to use a single search console for three protocols, and in the future - for all others supported by the SearchInform Information Security Kontur.

The SearchInform EndpointSniffer module, which protects against information leaks in the workplace, now supports filtering HTTP traffic by its content type. So, for example, the flexibility of its settings now allows you to eliminate the interception of multimedia content, and thus reduce the load on the server and network. In addition, it became possible to filter traffic by hosts and IP addresses, i.e. you can block monitoring of individual resources, or, on the contrary, monitor resources from a pre-defined list.

Also, the new version of SearchInform EndpointSniffer boasts advanced audit management capabilities for SearchInform DeviceSniffer: multi-level grouping, various sorting and filtering modes and many other improvements aimed at making working with the Information Security Kontur even more convenient and fast.

The NetworkSniffer module provides support for common virtual network (VLAN) protocols, which greatly simplifies the deployment and use of SearchInform NetworkSniffer in companies with a complex network infrastructure.

2010: ReportCenter Component

The SearchInform Information Security Konturs component is the ReportCenter. It is designed to calculate statistics on employee activities. The various reports that are generated in the ReportCenter reflect the relationships of employees with each other and with persons outside the organization (exchange of messages in ICQ, e-mails, etc.). Subsequently, if there are cases of violation of the information security policy, these reports can be used to conduct internal investigations. It is important to pay attention to the "bursts" of employee activity. If, for example, a key employee is offended by the management for something, he can "spoil" about it for a long time in ICQ - the ReportCenter report will show that the number of messages sent by the employee on this day has increased sharply. It is worth paying attention to the employee's mood, because hidden resentment can have more serious consequences - for example, the transfer of valuable company documents to competitors in retaliation for their superiors.

"We have chosen the information security system from SearchInform for implementation to our clients for a number of objective reasons," said Igor Kalganov, Deputy General Director of Infosekuriti Service LLC. - "Information security Kontur SearchInform" corresponds to our ideology regarding the protection of information: not to prevent employees from transmitting information through all possible channels, but to control who sends what and where. In this case, the employee of the organization must be informed about such control. Other reasons for choosing SearchInform are the complexity of the solution, binding to the domain, that is, the ability to accurately determine the user who transmitted the information, and Skype control. The combination of these and other qualities necessary for the information security system makes SearchInform the most suitable solution for most organizations. And in particular - for the financial and banking sector, where there is a constant exchange of information with counterparties and there is a very fine line - what information can be transferred to one or another person outside the organization, and what cannot be. "

Notes