Developers: | FalconGaze (Falcongeuse) |
Last Release Date: | 2022/05/23 |
Technology: | Information Security - Authentication, Information Security - Information Leakage Prevention, Time Accounting |
Content |
SecureTower is not just an application that monitors data leakage, but a system that can be integrated into an enterprise network:
- Control information leakage through a variety of channels, such as email, instant messengers, social networks and blogs, forums, Skype, FTP, printers and other external information output devices, etc.
- Monitor the activity of users within the network
- Check how efficiently corporate resources are used - Save information about all company communications
Many dishes can be prepared using the same item of kitchen utensils. In a frying pan, you can fry an excellent steak, put out vegetables, and if you catch up, you can even cook soup or bake a cake. The only difference is in the approach, tastes, and, of course, needs. But for a better result and saving time, it is still worth using this or that tool precisely for the purposes for which it is intended.
DLP systems are, in fact, today a set of utensils, which, with the proper skill of a "chef in an infobeza kitchen," will help to prepare a kind of culinary masterpiece in its industry that can satisfy the most demanding customer.
During their work in the field of information security, Falcongaze employees were able to determine a kind of set of tools that are of greatest importance to customers in protecting corporate data. Based on the experience of the company's employees, as well as on the questionnaires filled out by potential customers and customers already using the SecureTower data protection system, Falcongaze's analytical department ranked the most important tasks that companies solve using the DLP system.
As in cooking, you can come to achieve the desired result in different ways, as each chef tries to bring something different to the recipe of the dish. But both the professional cook and the amateur newcomer in the kitchen do not want to clog their heads with theories about what mechanism the mixer should have to allow it to beat up a cool foam of proteins. Any user wants to own tools that are easy to use and allow you to solve your tasks as easily as possible. And the more such tools are present in the kitchen, the more convenient and efficient the work of the cook will be. The same axiom is natural for the field of information protection: every customer who decides to protect their data wants to see simple and understandable tools that allow you to achieve the desired results.
It is logical that, based on the purpose of the system, all customers (100%) who decide to install a DLP solution in their company first of all want to reliably protect their information, especially given the fact that most leaks occur through negligence and can entail very deplorable consequences. The task of data protection is the "main dish," which requires the most scrupulous approach so that the result is really worthwhile. To reliably protect information, it is not enough to intercept data, save it to the database and conduct a simple analysis of content. Today, protection must be based on a wide range of technologies: linguistic analysis, statistical data processing, digital fingerprint method and many other tools that can provide reliable control of the company's information field.
Following the obvious desire to protect information, there are tasks to form an easy-to-use archive of business communications. 79% of respondents noted this option among the priorities. In the system for protecting information, as in the kitchen, all utensils should be located as convenient as possible for the cook: he should not break his head through the whole room, take a chair and climb onto the uppermost shelf of the uppermost mezzanine, where there is a noise that he needs to remove foam from soup already boiling out at the other end of the kitchen. To easily work with the entire data archive in the DLP system, there must be at least a convenient interface with the capabilities of advanced and flexible search, as well as viewing documents of interest to investigate any incidents in retrospect.
In 62% of cases, customers want to identify insiders within the company using data protection systems. To solve this problem, caution, caution and, of course, tools that allow you to control the maximum number of communication channels and can catch the most sophisticated data transfer attempts are important. That is, for the system it should not be difficult to intercept, analyze and recognize a confidential document in which part of the letters was replaced with Latin, and saved with another extension, and then archived, also assigning another extension to the archive. It is also important to be able to track the contacts of competitors with a potential insider and his interactions with other employees of the company.
44% of customers want to use DLP system as a tool that will improve the efficiency of the company's security department. A system designed to simplify, not vice versa, complicate the life of a security officer should be equipped with convenient tools for setting up flexible security rules, have a real-time alert system for potential leaks, and, of course, it should provide the ability to create statistical and interactive reports that save time for a security officer.
37% of customers hope to get, along with data protection functionality, a tool that will avoid, or at least minimize, the company's reputation risks. There are some working moments in each organization that can cause controversial reactions from employees, and thawing more from the general public. But the indoor kitchen should remain so. Again, a DLP system can be useful for this, which allows you to control the data distributed by staff about the company and management on social networks, forums and blogs, which, most often, become bridgeheads for reputation wars.
In 31% of cases, the management of companies also wants to find out the level of loyalty of employees and how responsibly subordinates are responsible for the performance of their direct duties. A high-quality DLP system can easily cope with this task: security officers and other employees involved in the organization provide screenshots of workplaces that allow you to view what an employee does during working hours, as well as tools for monitoring the activity of applications that allow you to analyze the start and end times of the working day of subordinates and the programs they use at work.
In addition to the desire to identify irresponsible employees, customers set tasks for reliable protection of structured data warehouses. This option was noted by 14% of respondents. Unfortunately, few modern information protection systems are able to offer a reliable, and most importantly simple and fast solution to this problem. Sometimes, in pursuit of achieving the goal, the developers forget that the primary thing is not just the presence of functionality made hastily for the next tick in the table of comparisons with competitors, but the presence of an effective and effective tool that can quickly and efficiently work for the result. In addition, along with quality protection, customers often note that they want tools that combine ease of use and solution quality. To preserve the databases, the DLP system must provide tools that allow you to directly, without intermediate operations, control the contents of the databases. At the same time, it is important to control not only all information, but also individual combinations of internal fields. For example, a combination of first name, last name and position, or credit card number and holder's phone number. Thus, it is possible to reduce the number of false positives of security rules, since a separate name or surname contained in the database can be mentioned in any conversation that is not in any way related to the illegal transfer of confidential information.
The range of tools for efficient DLP systems is wide and easy to learn. But if a person who has never cooked anything more complicated than a cheese sandwich is launched into a professional kitchen with a lot of specialized appliances and asked to cook a boiled team of meat pickles, the result will be expected, but this is no less deplorable. That is why each instrument must be in the hands of a professional, or at least accompanied by a detailed instructions for use.
The following technologies provide protection against leaks and unauthorized access to data in FalconGaze solutions:
- linguistic analysis
- detection by regular expressions
- detection by digital prints
- detection of passports, facsimiles, seals and credit cards
- detection of graphic files.
The main problems that can be detected with a comprehensive DLP system:
- luring customers
- identification of corruption schemes
- work for competitors (second job)
- identity theft
- disloyal employees
- use of off-label working time
2022: Falcongaze SecureTower v6.6 with expanded list of supported operating systems
Falcongaze LLC, an information security company, has announced an update for DLP - SecureTower v6.6. This became known on May 23, 2022.
The main tasks of the system are to protect against data leaks from the company and control the work of personnel, so the emphasis in the update was on adding controlled data channels, expanding the list of supported operating systems, as well as accelerating the work with intercepted data. Family control has been added in this version operating systems Linux Ubuntu (distributions 20.04, 11, Debian 33, Fedora and 1.7 Rosa R12 Astra and higher are supported). This will make it possible to control the work and sending of a whole information segment IT of specialists: system administrators, programmers developers and engineers. This will allow the company to better understand what its specialists are doing during the day and protect itself from leaks of technical developments and other important data.
The protocol for network interaction between controlled computers and the SecureTower server has been updated. This protocol provides end-to-end encryption and traffic compression. This will speed up the transfer of data from controlled computers to the server and provide them with a high level of protection. The Agent Network Connection Maintenance Module was separated from the Endpoint agent control Server and replaced with a separate Agent Proxy service. Now agents send data to the proxy server, and it sends data to the CA. To balance the load on the network, an organization can install several proxy servers so that the agent sends data to different proxies in turn.
Updated built-in databases of website and application categorizers. With them, you can receive detailed reports, as well as limit visits to entertainment and news resources from work computers and prevent workers from running programs and applications that should not be used in work activities.
Also, based on the categorizer, the general combined search conditions were expanded by category search and a similar condition was added to security policies.
Added a report, "User Activity Report," which combines information from reports on browser activity and user application activity and takes into account the specified categories of applications and web resources.
Also, with the help of a trained neural network, the Falcongaze SecureTower DLP system classifies images. Now, for analysis, only those images are transmitted that potentially have text information, which significantly reduces the load on the server. The "Tesseract" module has appeared - which allows you to qualitatively and quickly recognize intercepted images for the presence of confidential data, bank card numbers, documents, seals, and so on.
Support for commenting on security incidents has now become available, in addition to the ability to assign color markers and statuses for incidents of varying degrees of importance. This makes it easier to identify the types and importance of incidents when analyzing security policy violations.
The processing of intercepted data has been accelerated, now reports are built several times faster.
To fully control all information transmission channels, work is constantly underway to update instant messengers and social networks. They were updated: control over the web version of Telegram, correspondence and file transfer in Zoom, web mail Zimbra, Rocket.Chat, added control over voice communication in the WhatsApp messenger. The processing of messages sent from MS Outlook Task Scheduler is optimized.
The ability to specify a time zone other than the time zone of the system (computer) was also added. This option can be useful for companies with branches in different time zones for more comfortable work with data[1].
2021: Falcongaze SecureTower 6.5 with File Audit Module
Falcongaze, a developer of a software product to protect against data leaks and control personnel, on July 27, 2021 announced the release of the first of two planned updates to the SecureTower system in 2021.
When preparing version 6.5, we focused on the most current information security trends, studied the needs of customers and analyzed the experience of implementing and operating SecureTower - said Alexander Akimov, CEO of Falcongaze, about the update. |
For example, in this version of SecureTower, a file operation audit module has been added. This allows you to track the actions that employees take with files and folders (create, read, write, open, delete, rename, change access rights).
By blocking the sending of files to printers and USB media using content analysis, protection against data leaks at the endpoint level has been strengthened.,
We have also improved the monitoring of staff performance through the website and application categorization module. With it, you can separate individual websites or applications into one category and track their use by employees. If necessary, you can also block access to certain categories. And the ability to create custom categories will allow you to most accurately customize the work of the categorizer for the needs and style of work of an organization or department.
It is very important for DLP systems to monitor as many data links as possible. To do this, Falcongaze SecureTower has expanded and improved the interception functionality for Telegram, WhatsApp, Skype, Microsoft Teams; and added control of Zoom Meetings, LinkedIn, Instagram, Outlook Web Access, Cisco Jabber and Bitrix 24.
For the speed and effectiveness of incident response, it is important not only to cover the maximum number of data channels, but also to receive information in an easy-to-read and analyze format. Therefore, SecureTower has added more report types and modes for displaying user activity. The report designer, in turn, will allow you to create types of user reports in which there will be only the information necessary for a specific situation.
The amount of data operated by SecureTower is constantly growing. To ensure that the system can still quickly process the intercepted data, the speed of operation and memory consumption are optimized.
2019: Falcongaze SecureTower 6.3, UBA component launch
On May 28, 2019, Falcongaze unveiled the release of an updated version of the SecureTower DLP system designed to prevent information leaks, control personnel and detect fraud.
Falcongaze specialists carried out extensive preparatory work to identify the current needs of customers and partners, and also analyzed the current trends in the information security market. As a result, a module was developed with the UBA functionality - "Risk Analysis," which, based on statistical methods, analyzes the activities of each employee and informs in real time about the level of potential risk, as well as forms a TOP list of employees representing the greatest threat.
According to the developer, this software component automatically generates visual reports that allow you to visualize changes in user behavior. If negative trends are detected, security officers can proactively work with the employee and minimize crisis situations.
author ' = Alexander Akimov, CEO of Falcongaze ' "It is fundamentally important for us to create and improve functionality for the comfortable daily work of a security specialist. With the introduction of the Risk Analysis module, a tool for assessing employee behavior became available. It allows you to detect behavioral anomalies, which makes it possible to instantly respond to potentially dangerous events for the company. Risk analysis allows you to assess the danger of an incident and respond primarily to the most serious threats. The module is effectively integrated into the daily work of the security officer. It is complemented by existing modules: Security policies - used to create security rules, and Investigations allow you to competently complete the cycle of working with significant incidents and start a case. " |
In addition to implementing the UBA module, important updates have been made to the system, for example, the ability to search by AEC groups, control the popular in IT the sphere, and the messenger Slack agent to work in safe mode. Windows An additional level of protection of the agent from actions has been added, system administrators access it only performs changes or removal of the agent using a special access key, noted in Falcongaze.
According to the developer, experts have worked to optimize image recognition processes. With the help of machine learning technologies and information classification, the system will be able to send only significant documents for recognition, ignoring ordinary pictures that do not contain text, which will reduce the load and speed up the detection of really important information.
The presented version of SecureTower has improved the interface of the administrator console and the user console. It is intuitive and allows you to work as efficiently as possible in daily monitoring mode and conduct a full investigation cycle without leaving the program, the developer says.
2018
Integration with Microolap EtherSensor
On August 10, 2018, the company Microolap Technologies introduced the EtherSensor 5.0.3 platform update. Among other updates, in this version of the platform it became possible integration with the company's DLP SecureTower system. Falcongaze More. here
SecureTower 6.2 Release
On July 10, 2018, Falcongaze introduced the next version of the SecureTower DLP system, designed to prevent information leaks, control personnel and detect fraud. SecureTower 6.2 was released with significant changes and additions.
Incident Investigation Centre
Incident Investigation Center is a module designed to simplify the work of security officers. Thanks to him, it became possible without leaving SecureTower to investigate security incidents and form cases in which you can record in detail the progress of investigations, identify the defendants in the case, and after the investigation is completed, receive automatically compiled reports for managers, the developer noted.
Voice recognition
SecureTower can intercept audio messages (like any other files) in mail, web and instant messengers, as well as control of SIP telephony and headsets connected to the computer. Voice recognition allows you to apply the same search algorithms to information transmitted by voice as to text.
As noted in Falcongaze, this functionality makes contextual search available on data transmitted in audio format, and also allows you to configure rules that respond to the transmission of sensitive information by phone or when talking in a messenger. Voice recognition is available for Russian, English and Turkish. The system can use various speech recognition engines (three are preinstalled to choose from), and it is also possible to optionally connect third-party technologies.
Additional Automation Capabilities
According to information provided in Falcongaze, SecureTower 6.2 has added the ability to configure the automatic launch of programs and scripts when a security rule is triggered. First of all, this will allow you to respond to the information security event in exactly the way that is needed in a specific situation, even if this is not initially provided for by the system. This expands the ability of users to adapt SecureTower algorithms to their needs. Using scripts, after an incident, you can send a ticket to the incident management system, send an SMS or message to the messenger, block the workstation, collect the necessary logs from it or do some actions in another information security subsystem.
Improved interface
The presented version has improved and visually supplemented the interface of both consoles of the system: the administrator console and the user console. The Secure Tower interface is intuitive and allows you to quickly and efficiently work both within the framework of daily monitoring and during investigations, according to the company.
Optimization
According to the developer, the speed of server components has significantly increased and the resource consumption of the system has decreased. The hardware requirements from version to version remain humane, providing equally high performance. It is convenient to work with SecureTower both in small companies and in organizations with a large-scale corporate network, including a physically distributed one. In addition, significant improvements have been made to the integration of SecureTower with other information security systems. First of all, this improvement concerns SecureTower users who use SIEM solutions - data from the system can be transferred for analysis in the appropriate format. At the same time, SecureTower can be used as part of the ecosystem in conjunction with IRP, UEBA, BI solutions and other tools for analyzing corporate data.
2017
Blocking miners in corporate networks
Falcongaze developers have confirmed the possibility of using SecureTower to identify miners in corporate networks of organizations. First of all, such an opportunity is needed for more frequent cases of use by technical specialists and system administrators of the employer's equipment for mining cryptocurrencies.
Such activities used to be widespread on personal computers and "farms" of several video cards, however, due to the growth of the capacities required for the extraction of cryptocurrency at home, it became almost meaningless. Another thing is the capacity available in organizations. Many large companies have a large fleet of working machines and server equipment, to which system administrators and technicians have access. Some of them can use it for personal purposes and, in particular, increasingly use it to mine cryptocurrencies. Due to such activities, more and more organizations are experiencing significant losses associated with increased loads on equipment, its wear and tear, and increased electricity bills. Thanks to the technical savvy of such workers, it can be very difficult to bring them to clean water.
In addition, malicious software poses a danger to organizations, which infects companies' computers for the same purpose - to use the power of equipment to mine various cryptocurrencies.
Release 6.0
Falcongaze on October 10, 2017 announced the release of SecureTower version 6.0, a software product designed to prevent data breaches and control personnel. In this version of the DLP system, the architecture was redesigned, which led to the expansion of the system scaling capabilities. In addition, SecureTower 6.0 has added a list of intercepted channels, features for recognizing prints and support for intercepting CAD program files.
Scaling and Load Balancing
To facilitate the work of users and administrators, the developers optimized the ability to scale and distribute the load. To do this, the architecture has been redesigned in SecureTower 6.0 - the ability to organize a cluster for horizontally scaling large loads across multiple servers has been added and support for automatic database rotation has appeared.
In addition, the updated solution will allow organizations with a distributed network structure to more easily organize the processing and storage of intercepted information - it has become possible to automatically replicate data from branches to a central server in the head office.
There are also many other innovations that optimize the operation of the system under heavy loads and increase the speed of data processing. All these changes in the product are intended primarily for companies in whose network huge amounts of information are intercepted and analyzed, as well as for organizations with complex structural features of the network infrastructure.
Clouds from Google, Apple and Mail.ru
According to the developers, SecureTower is able to intercept data sent to all browser versions of cloud storage, and also supports data interception in desktop versions of Dropbox, OneDrive and Yandex.Disk. SecureTower 6.0 also has the ability to control files transferred using applications to cloud storage iCloud, Google Drive and Cloud Mail.Ru.
WhatsApp and Google Hangouts messengers
In addition to Skype, Viber, Telegram and other instant messengers already being intercepted, SecureTower 6.0 has the ability to analyze employee communications in WhatsApp and Google Hangouts.
Interception of CAD design data files
SecureTower 6.0 can intercept and analyze CAD files in DWG and DXF format for confidential data transfer. It is in this format that many organizations often store the most valuable information that engineers and designers work with, Falcongaze said.
Print Recognition
SecureTower uses a wide variety of methods designed to detect the transfer of sensitive documents, such as linguistic analysis of documents, attributive analysis, digital fingerprint control, and many others. With the next release, SecureTower learned to recognize prints in images. To use this functionality, the administrator just needs to load the "reference" seals into the system and configure the rules by which the transfer of images with such seals will be regulated.
2016
SecureTower took control of WhatsApp channels
On November 15, 2016, Falcongaze announced the communication control technology in the WhatsApp messenger, as part of the SecureTower software.
The company said the end-to-end enciphering WhatsApp in provides message protection but does not protect against unauthorized forwarding of confidential corporate information by company employees. SecureTower will implement a technology for intercepting messages in messenger chats and conferences received and sent from employees' work computers. The development Falcongaze is designed to close the problem information security WhatsApp[2] to[2]
In addition, SecureTower will be replenished with functionality for controlling communication in the Google Hangouts messenger. As stated by Falcongaze - SecureTower will become a tool that provides protection against leaks on one of the vulnerable, from the point of view of corporate security, channels.
The software will also take control of the data uploaded to the Google Drive service.
SecureTower will recognize prints on forwarded images - companies with active document flow will be able to control the output of such documents beyond the permissible limits. Control implementation mechanism: images with seals used in the company are loaded into the system, and the system analyzes all images circulating in the company's network and going beyond its borders for the presence of seals. If this coincides, security specialists will receive notifications and will be able to stop the dissemination of confidential information.
The developers claim that SecureTower will have the ability to scale to store and process significant amounts of information without losing system speed and responsiveness, this will allow you to accumulate communication archives for a longer period and, if necessary, conduct retrospective analysis. The company believes that this mechanism will help control an unlimited number of information leakage channels.
SecureTower controls Telegram messages
In the summer of 2016, Falcongaze announced the introduction of functionality to control the Telegram messenger in its SecureTower product. According to Falcongaze experts, this is a channel of business communication, the lack of control over which can result in leaks of corporate information. In the struggle to ensure the security of these organizations, the company seeks to provide customers with solutions to control modern communication channels, including relatively new and previously uncontrolled ones, and Telegram has added to the list of such channels.
SecureTower has implemented a technology for intercepting communication in the Telegram messenger from employees' work computers. The development of Falcongaze provides monitoring of communication in chat rooms between users, as well as in groups - conferences with more than two participants. In addition to incoming and outgoing text messages, SecureTower intercepts voice messages in Telegram, as well as all sent files, including images and videos.
The Telegram control functionality in the new SecureTower release allows you to monitor and assess the business communication of the company's employees, as well as identify disloyal employees who communicate with competitors and are potential sources of corporate information leakage through this channel. At the same time, the personal correspondence of users carried out with devices belonging to employees will not be intercepted.
"Let someone explain to them that to" intercept "a Trojan from Falcongaze must be voluntarily installed on the victim's device," said Pavel Durov, founder of the Telegram messenger.
2015
SecureTower 5.7 - Interface, Security Tools, Unique Reports
On July 1, 2015, Falcongaze announced the release of version 5.7 of the SecureTower software complex. SecureTower 5.7 has added tools to ensure the safety of information assets.
In version 5.7 of the SecureTower system, it became possible to control cloud storage services (Dropbox, OneDrive, Yandex.Disk, etc.). Now you can restrict access to them for employees of certain departments, or control the files downloaded and sent to them, which may contain confidential commercial information. At the same time, not only cloud web services are controlled, but also client applications.
A significant innovation in SecureTower 5.7 for comprehensive security is the process startup blocking function. The ability to prevent the launch of certain processes allows you to prevent the opening of potentially dangerous applications on employee workstations, as well as applications that are not directly related to the performance of official duties and are not intended for use during working hours - such as games, torrents, anonymizers.
In addition to the existing functionality for remote listening to microphones, SecureTower 5.7 has a new tool that expands the ability to monitor business processes in detail online. With the new Remote Desktop View feature, you can connect to any workstation on your corporate network and monitor workflows in real time. In this case, video from the user's screen can be saved to the local disk of the computer for subsequent playback.
Significant changes in the new version of SecureTower affected the administrator console, it is endowed with the most flexible settings and therefore has become more convenient to use and instantly responds to user actions. The start page of the admin console displays information about the status and basic statistics for server components of the system, which makes it possible to quickly obtain detailed information about the operation of each of them. In addition to the fact that any of the servers can also be manually stopped or restarted there, the administrator console automatically restores the connection to them if it was lost for some reason. Thus, starting with SecureTower 5.7, in an instant you can actually get a comprehensive and visual picture of the current processes in the system and local network, whether it is information about intercepted letters, processed data, security incidents, the number of controlled workstations and the current load on the server.
A new type of reports has been added to the "Reporting Center" of the SecureTower system, which is a summary table with the results of employees' activities for a certain period of time, where users are located on the vertical axis, and configurable indicators on the horizontal axis (the number of letters, messages in instant messengers, visited sites, printed documents, average start and end time, etc.).
The mechanism for saving the report from the user activity monitoring module has been improved, which contains detailed information about the activities of employees at the computer during the working day. The HTML report, which can be saved to a lawsuit, works on the principle of a website and fully supports the functionality of the client console, can be designed before saving. SecureTower users can collect the necessary elements in any combinations into the saved report, select data for certain days of the working week, as well as a convenient format for presenting individual components. For example, you can save information about an employee's activities in the form of a detailed interactive document with the ability to view letters, requests, screenshots of the desktop, etc. - or choose a simplified version in the form of an audit, when general information about the number of correspondence in instant messengers, files, links, etc. will be available in the generated html-report, but without the option of going to their content.
"In the era of technology, when the number of electronic communications is constantly growing, the number of threats that carry popular business communication channels is also increasing. Therefore, we added new risk management tools to SecureTower, added to the list of monitored data channels, and updated the reporting system. At the same time, we remained true to ourselves and made the product interface even more convenient, modern and, most importantly, functional. In the future, we will continue to make efforts to improve SecureTower, "said Andrey Barmuta, head of development at Falcongaze.
SecureTower 5.8 release released
On December 2, 2015, Falcongaze announced the release of version 5.8 of the integrated SecureTower platform. It has functionality for scanning workstations for the presence and appearance of confidential documents, a server component that allows you to monitor the state of all servers and actions of system users.
SecureTower is complemented by tools that make the system an even more effective anti-crisis solution that allows the company to provide reliable protection against information leaks, misuse of working time and industrial espionage in a situation of economic instability.
Screenshot of the program window (2015)
Additions
Workstation Indexing
SecureTower 5.8 implements the ability to index workstations, which allows you to scan the disks of computers on the company's network in search of confidential data on them.
Through this, you can identify confidential corporate documents that for some reason ended up on employees' computers - received from colleagues by mail or in instant messengers, recorded from USB drives, downloaded from cloud storage or copied from network folders. To control the movement of critical data in the system, you can create a bank of reference documents whose turnover needs to be monitored. Employee workstations are monitored automatically: safety rules configured in the system are triggered when a document appears on a computer that matches a sample stored in a data bank.
Indexing employees' workstations helps to prevent the leakage of valuable information: if unauthorized access to confidential documents is detected in a timely manner, you can quickly take measures and prevent an incident related to the further dissemination of data.
Health Monitoring Server
The new version of SecureTower continued a series of transformations designed to make working with the system as accurate as possible and make life easier for security officers. In particular, a new component has appeared in SecureTower 5.8 - the Health Monitoring Server, which communicates with all server components of the system, monitors the state of each of them and, in case of any problems in their operation, sends notifications to the SecureTower user.
The health monitoring server allows you to track server component events - we are talking about information messages, warnings, error messages. In the administrator console, the system user has the ability to view any events reported by the Health Monitoring Server by selecting the type of event, one or more server components for which information is required, as well as the time interval. Many error messages are accompanied by recommendations for the user to take to correct the error. In addition, you can create rules for sending notifications so that messages about certain events arrive at specified email addresses. This allows you to distribute and thereby simplify the work of system administrators and security officers: each of the specialists will receive data on the work of only those server components for which he is responsible.
Processing configured Health Monitoring Server rules makes it possible to solve emerging problems in a timely manner. For example, you can create a rule to ensure that the system sends a message each time notifying you that the database is not configured for centralized interception. The message says that the system intercepts data, but does not have the ability to save and display it, which means that system users do not receive all the necessary information, but thanks to the Health Monitoring Server they can quickly fix the problem.
Among the pleasant additions to the useful functionality of the Health Monitoring Server is spam protection, thanks to which the same notifications are collected in one letter in a certain period of time, and do not come one by one, littering the mailbox. In addition, you can save a report on the operation of any server for any period of any events to any popular format (PDF, HTML, XLS, image and others), as well as print.
Audio and video monitoring: simultaneous control of multiple users
Audio and video monitoring capabilities implemented in previous versions of SecureTower are functionally expanded. Now you can record audio streams from workstation microphones to an unlimited number of users. Starting with version 5.8, SecureTower allows up to 10 users to conduct online remote desktop video monitoring in optimal mode at a time. If a certain group of employees came under the suspicion of security officers, you can take them under detailed supervision by simultaneously monitoring and recording video of the desktop of all these employees in real time. Observing all suspected disloyalty users on one screen, security specialists have the opportunity to instantly respond in the event of illegal actions by any of them.
Screenshot of the program window (2015)
Intercept Skype for Web Client correspondence
Microsoft web client, Skype messenger can now be controlled using SecureTower. SecureTower 5.8 adds the ability to intercept correspondence in the Skype for Web service, designed to communicate on the Skype network via a browser. If one of the company's employees uses the service located at skype.com, for example, on a business trip, from a laptop on which the Skype application is not installed, SecureTower will normally intercept all messages sent and received through a new Microsoft product.
Improvements in SecureTower 5.8
The SecureTower version received a number of improvements: it became possible to monitor user activity in Microsoft Edge and Tor Browser browsers, new types of reports were added, the option of grouping sites by domain name appeared, and the possibilities of blocking processes were expanded - from now on, you can configure the prohibition of launching programs not only by process name, but also by attributes.
Alexander Akimov, CEO of Falcongaze, noted:
- Today, Russian businesses are particularly in need of specialized software that can protect an organization from critical information leaks and other threats that leave the company vulnerable to economic instability. SecureTower 5.8 embodies all the functions of an anti-crisis tool that allows you to manage risks, prevent information security incidents, control the use of resources and working time within the company - in general, all the capabilities that allow you to keep your business afloat during raging crisis events.
2014
Falcongaze SecureTower 5.0
The innovations affected many product modules, but the most significant changes are associated with the introduction of functionality into the system, which allows not only to intercept and analyze traffic for established security rules, but also to block the transfer of confidential data. In addition, a module was integrated into SecureTower, with which the system recognizes text information in images.
Now, if messages or attachments containing sensitive information are sent via SMTP and SMTPS mail protocols, documents are blocked and quarantined. Similarly, when users attempt to send an unauthorized email message through web interfaces (using HTTP/HTTPS protocols), their actions will also be denied. With the same success, SecureTower is able to block messages sent through social networks, forums, forms of sending SMS messages, as well as any web requests. Unauthorized messages are blocked in accordance with the company's specified security policies: content, attribute, etc.
When developing information blocking functionality, the company's technical specialists paid special attention to the fact that not every attempt to transfer confidential data is a violation. Therefore, to prevent the slowdown of business processes in the company at the time of blocking the data that arouses suspicion, an employee of the information security department receives a message about a possible information leak, which allows you to immediately start investigating the incident. If the company's information security is not in danger, the officer may allow further sending of the message to the original addressee. In this case, the sender's address remains unchanged. In the opposite case, the responsible employee can conduct a full-scale investigation of the incident by analyzing the actions of the offender for previous periods using the search on the business communications archive, and take appropriate measures.
In addition to the functionality to block the transfer of confidential data, a high-tech module has been introduced into the SecureTower system, which allows you to recognize text in images. This functionality will be in demand in companies whose document management is widely used to send scanned confidential documents. The new SecureTower system tool works equally well with any graphics information format, be it.JPG,.BMP,.TIFF or any other documents. The module recognizes data in both Russian and foreign languages, which allows content analysis taking into account all the features of morphology.
Large-scale update
On March 5, 2014, Falcongaze announced the completion of a large-scale update of the SecureTower product.
Description
One of the competitive advantages of the SecureTower system is the speed of installation, the absence of significant load on the equipment and local network of customers, and the sufficiently high performance of the system.
After optimization, the performance of SecureTower was increased several times. This is achieved by using the new principle of indexing and data retrieval in the solution. Now indexing is carried out in parallel on several protocols, which allows you to reduce the total time to process all intercepted information.
This innovation is especially significant for indexing data intercepted by protocols that provide for frequent data exchange (for example, HTTP and HTTPS, over which, in addition to valuable data, a significant amount of redundant service information is transmitted).
This approach helped implement parallel (asynchronous) search in the system. Now, when executing a search query, the SecureTower system displays the results gradually - to view the results, especially those related to queries that form a large number of matches, the user does not need to wait for the completion of the entire search process, which can take quite a long time. This is extremely important for the prompt investigation of the incident in retrospect and rapid response in the event of a violation of the company's security policy.
A significant innovation made for greater user convenience is the update of the combined search function in the SecureTower search engine. The tool is a flexible constructor with the ability to enter the most accurate parameters for searching all intercepted information and simplifying work with the archive of intercepted data. Also, SecureTower has added the ability to save templates for search, which is especially convenient when using complex searches repeatedly.
All these innovations in the complex represent a unique adaptive system that allows you to select the optimal settings for maximum performance during the installation of SecureTower, depending on the capabilities of the hardware on which the system is installed.
SecureTower 5.3
On July 16, 2014, Falcongaze announced the release of a new version of the SecureTower software complex.
The new version of SecureTower has a number of features that make its work even more efficient:
- The changes affected the image recognition server configuration module. SecureTower has added the function of monitoring text information in images using ABBYY FineReader. To recognize text on files sent in graphic formats, in addition to the engine built into SecureTower, it became possible to use the tool from ABBYY.
- Among the functional updates of the system is an audit of devices, which helps to record the facts of connecting devices (Wi-Fi and GPRS modems, external hard drives, etc.), even if they have not yet been used. The range of external devices controlled using SecureTower has been expanded by representatives of the USB 3.0 class.
- The new version of the product has support for the S/MIME secure email standard: the ability to control and search encrypted emails and files attached to letters.
- Using SecureTower, you can now control the data transmitted in the Viber messenger. At the same time, the system intercepts and analyzes text and voice messages sent and received to Viber, as well as files.
- The functionality for controlling the Lync Microsoft messenger actively used in the business environment has been expanded. If earlier only text messages sent to MS Lync were intercepted using SecureTower, now it has become possible to control user calls in this program.
- In the user activity module, when viewing employee communication relationships, in addition to the existing graphical mode, you can display them in a visual table format. Statistics on daily employee activity can now be saved in html report format and subsequently viewed using any browser.
- In addition, the user activity module has improved the tool for viewing screenshots of employees. Now you can adjust the location of thumbnails, display pictures on the entire screen, change their scale. In addition, screenshots of users' desktop can not only be exported to the specified folder or PDF format, but also saved as a web document. Saving screenshots as video from now on takes place in a compressed format.
- The new version of SecureTower allows you to adjust the size of the local agent storage depending on the available free space, as well as adjust the retention time of intercepted information. The operation of the agent with local storage is used to store information from mobile workstations located outside the corporate network without communication with the server (on business trips, work outside the office).
SecureTower 5.5: Browser Activity Control, Online Monitoring Tools, Group Reports
In November 2014, Falcongaze announced the release of a new version of the SecureTower software package designed to prevent leaks of confidential information, manage risk and comprehensively protect businesses from internal threats. A number of modern tools have been added to SecureTower 5.5 to ensure comprehensive control of information flows, as well as monitoring of the company's employees in the workplace.
For example, SecureTower 5.5 has the ability to collect information about employee activity in web browsers. Now you can get detailed statistics on the time spent by users during the working day on various Internet resources: in a visual form, information is available about when, on which site and how much time a particular employee spent.
Significant changes in SecureTower 5.5 affected the Reporting Center. In top and security center reports, you can set a filter by user and group. In other words, you can now set user groups and build summary interactive reports over controlled data channels and the number of information security incidents over the entire observation period or over the selected time interval. This allows you to compare the performance of employees within different departments of the company.
Moreover, now absolutely all reports in the system (top reports, reports on the security center and reports on individual users) have become fully interactive: by clicking on any indicator in the report, you can go to the source documents and get detailed information. For example, when you click on the number of messages sent and received by the user in Skype, specified in the "Messengers" section of the user report, you will go directly to these messages.
The user activity monitoring module in SecureTower 5.5 has become even more ergonomic. When using the Employee Relationship Analyzer Graph tool, you can view employee contacts in a convenient way - group into tables or vice versa - ungroup, drag and drop elements and place them arbitrarily in a window, as well as save the relationship report in a separate file in graphic format.
Another good news for SecureTower users: the new version has the ability to remotely listen to microphones built-in or connected to user workstations in real time and with the option of saving the received records. Using this tool allows you to identify cases of disclosure of confidential information in oral speech.
In addition, SecureTower has been optimized in large corporate networks with a large number of users - the speed of information processing has increased several times. Now searching for data on a particular user in organizations where there are thousands of employees takes even less time.
2013
Falcongaze SecureTower 4.0
Falcongaze has completed the development and integration of a completely new reporting system into the SecureTower data protection solution. It combines existing interactive elements that allow you to quickly switch to a detailed study of the incident and new functionality that allows you to automatically build graphic reports across the entire range of quantitative indicators collected by the system.
The new SecureTower Reporting Center allows you to establish a comprehensive analysis of processes taking place in the company and identify patterns that often indicate violations of security rules established in the organization. For operational work, interactive tools have been implemented, and the new component will allow large-scale assessment activities.
For example, the existing reporting system in SecureTower allows responsible employees to receive both detailed and summary information on the network activity of all users of the company's network. A photo of the working day presents a detailed section of the work of any employee over a certain period of time, the graph analyzer allows you to determine circles and groups of communication, see all the relationships, and analyze the user's work with applications provides additional visual data. At the same time, all types of reporting are interactive and allow you to go directly to the viewing of the interested message, dialogue in the messenger or a specific document when studying the incident.
The new component allows you to form detailed and large-scale statistical reports that clearly demonstrate a particular investigated indicator, as well as give the security officer a general picture of the state of affairs in the company. Automatically generated reports based on the specified criteria can be exported to common formats or immediately sent to print. This allows you not only to assess your work, but also to clearly demonstrate to management the effectiveness and benefits of using the SecureTower DLP system in the company.
For the greater convenience of users, the system already has pre-installed basic types of reports, which, if necessary, can be edited to meet the needs of the security officer.
The new reporting center, together with the previously implemented interactive reporting system, provides dynamics and efficiency in studying statistics and compiling analytical reports, which is very important for the field of information security.
Monitoring Data Transferred in Microsoft Lync
In this version, it was possible to monitor data transmitted in the Microsoft Lync application, as well as using MAPI.
In the current realities, there are a huge number of data transmission channels in the office space of any company, these are all kinds of mail agents, customers for communication on social networks, and numerous instant messengers. In the absence of proper control, these channels can become a path for the leakage of personal or commercial data. At the same time, the policy of total prohibition of the use of communication channels is not a solution to the problem, but, on the contrary, creates additional difficulties, depriving employees of the opportunity to fulfill their work duties. That is why for Falcongaze, one of the fundamental principles of the development of the SecureTower system is a constant increase in the number of monitored channels.
At the moment, the system allows you to control a large number of popular instant messengers using OSCAR instant messaging protocols (such as/ ICQ)AIM , MMP (), Mail.Ru Agent MSN (), Windows Messenger XMPP/(Jabber such as Miranda,, QIP Google Talk Infium, PSI), YIM (Yahoo! Messenger), all text and voice messages Skype in and many others.
SecureTower also monitors emails from external mail services (gmail.com, mail.ru, rambler.ru, etc.), messages in forums, visited pages on social networks and other web services using the HTTP and HTTPS protocol. In addition, the traffic of mail clients using POP3, SMTP, IMAP protocols (for example, MS Outlook, Thunderbird, The Bat!), MS Exchange Server, IBM Lotus and Domino, Kerio Connect, Sendmail, hMailServer and many others are controlled.
The new version of the SecureTower system implemented the interception and control of data transmitted to Microsoft Lync (formerly known as Microsoft Office Communicator), as well as traffic transmitted over the MAPI protocol, which is used in such common mail programs as Microsoft Outlook, MS Exchange Server, The Bat! and many others. All these innovations were implemented on the basis of numerous requests from corporate sector companies, representatives of the middle and large business segment.
April 2013 Update
The new version of SecureTower has added the ability to control voice and text messages transmitted via SIP. Also, the system implemented functionality to protect network resources from data leaks.
According to statistics, every day employees of companies, regardless of their field of activity, on average use from three to seven data channels, each of which can become a path for deliberate or unintentional information leakage. That is why one of the most important areas of development of the SecureTower system is a constant increase in the number of monitored data transmission channels.
Among the communication channels in business, one of the most popular is telephony. At the same time, recently there has been a trend when organizations are less and less using classic phones, and are switching to SIP telephony, which uses the Internet for data transfer . Unlike fixed urban or mobile networks, SIP operators offer more flexible tariffs for local and international communications, making them more attractive.
Given this trend, the SecureTower system has added the ability to monitor information transmitted through the SIP protocol. Moreover, we are talking not only about controlling voice negotiations and text messages, but also voice messages transmitted as part of video conferencing, which are a fairly popular option in the tariff plans of SIP operators.
Now in organizations using IP telephony tools (for example, softphones X-Lite, Sippoint, Linphone, Express Talk, etc.), in case of any controversial situations, you can listen to intercepted voice messages of employees and draw conclusions about the involvement of a specialist in the incident or check their level of competence and compliance with the position. With the help of the "Reporting Center" SecureTower collects statistical data on the basis of which it is possible to conclude about the number and duration of calls made by a specialist over a certain period of time. This feature is useful for evaluating the performance of call center employees, technical support, or sales managers.
As part of the expansion of the number of monitored data transmission paths, Falcongaze specialists have created an effective tool that allows you to control the work of users with network disks and folders, as well as distinguish the rights to access network resources for individual employees, computers or for entire groups of users.
If necessary, the system allows you to prevent files with certain extensions from being copied to network resources. To optimize the process of analyzing heterogeneous information, the system allows you to exclude too large data or files with certain extensions from interception, for example, video files (.mp4,.avi,.mkv,.mpg, etc.), disk images (.bin,.dat,.dmg,.iso,.mdf,.mds,.nrg), etc. In addition, SecureTower creates shadow copies of all information sent to network resources and folders for subsequent verification of compliance with the company's current security policy.
2012
Falcongaze SecureTower 3.0
SecureTower 3.0 has created functionality that allows you to control the content of all documents sent for printing on local and network printers of the enterprise. As recent studies show, in about 15% of all cases, information leakage occurs precisely through documents printed directly on corporate office equipment. In addition, most employees have become a habit of using office printers for personal purposes, printing on them multi-page abstracts, books and other information that is not related to work.
That is why, to ensure the maximum safety of data, the company needs to pay special attention to the control of documents sent for printing.
Starting with the new version of SecureTower, Falcongaze is embarking on a phased implementation of functionality that will control the maximum number of external devices. Already, a module has been introduced into the system, which is responsible for monitoring any documents prepared for printing on all printers of the company.
All documents that have been automatically printed to printers are tested for SecureTower security rules. For greater reliability, the system can simultaneously use several methods of information analysis: the method of linguistic analysis of text taking into account morphology, the method of digital prints. SecureTower also checks the contents of all documents for regular expressions and monitors statistics and any attributes related to the document.
SecureTower accurately identifies the users who have sent the document for printing. The system also determines the printer from which the document is printed. Such detailed information enables the security department to quickly and efficiently work out the incident and get all the necessary information for its investigation as soon as possible.
All documents intercepted by SecureTower are stored in the database and displayed in PDF format in the system client console. All intercepted documents can be viewed as text with original formatting or as a graphic document. Moreover, in the second case, the system allows you to adjust the quality of the saved image, which allows you to save space on the hard disk.
The system also provides the ability to export intercepted documents in PDF format. SecureTower allows you to print intercepted documents directly from the system console. If necessary, you can use third-party programs to view the intercepted information.
Given modern realities, organizations today have to work with significant amounts of data that belong to diverse areas of knowledge. Such a variety leads to the fact that systems for protecting information are not always able to effectively analyze incoming information. This leads to false incidents that are not at all related to a real data breach.
It was possible to lower the threshold for false positives of security rules thanks to the new SecureTower functionality, which allows analyzing all intercepted traffic using an array of words contained in customizable thematic dictionaries.
If there is a phrase, word or group of words contained in the dictionary in the intercepted file, the system will send a notification of the incident to the employee responsible for information security in the company.
The system allows you to independently create dictionaries on topics whose content meets the needs of the company. In addition, the Falcongaze developers are already working on expanding this functionality through built-in thematic dictionaries, which are the most popular in all organizations, regardless of their type of activity.
The new SecureTower product will be especially useful for monitoring the sent legal documents, files containing plans for innovative developments in companies, documentation related to economic activities, or containing any personal data.
For example, using a dictionary that contains words and phrases on legal topics, you can find employees who sent contracts, certificates or any other legal documents.
In addition, the SecureTower system allows you to set the threshold for triggering security rules. For example, if the threshold value is set to "4 words," then the safety rule will be triggered only if at least four words from the dictionary on the basis of which the above document was analyzed are found in the document being analyzed.
The updated SecureTower functionality is an application tool that makes data control better. In addition, the functionality of dictionary control increases the efficiency of the system as a whole and reduces the number of false positives of security rules.
Combining different methods of information control (linguistic, statistical, attributive, digital fingerprints, etc.) and the ability to create multi-component security rules allows you to minimize the percentage of false positives, increasing the efficiency of the information security service.
An innovation is the ability to create safety rules regarding detailed control of employee activity at their workstations. This allows you to control on computers applications whose launch may be associated with an unauthorized attempt to obtain confidential data (for example, client databases or document management systems). In the case of working with secret data, when working hours are strictly regulated, you can, for example, configure the sending of notifications about the employee being at the work computer at the wrong time.
Additionally, you can track the duration of the application, monitor the latency of employees, or keep a general record of the length of the working day. Thus, it is possible to find out how much time the staff devotes to their direct duties.
SecureTower 3.1
The new version of SecureTower 3.1 allows you to fully implement an updated system approach to the process of introducing a DLP solution into the company's network with minimal costs and infrastructure changes. According to the new logic, the installation of agent programs on user computers is now variable and fully uses integration with Active Directory, as well as the ability to install through domain group policies and even, for example, on computers not in the domain. At the same time, the system provides information on the method of installing the agent and all statistics on the data received from the agent programs for each user with segmentation by protocols.
With the release of the new version, the SecureTower system has switched to a fundamentally new platform for working with agent programs. As part of the implementation, the protocol for interaction of agents with server components was updated and improved, the load on the network was reduced, the stability and reliability of the system as a whole was increased, and support for correct work with Windows 8 and Windows 2012 Server was provided.
SecureTower 3.2
Falcongaze completed in the fall of 2012 a key stage in the development of functionality to control external devices in the SecureTower data protection system. Starting from the current version, the system monitors USB devices (flash drives, portable hard drives, etc.), and the workstation clipboard.
According to statistics, about 40% of intentional theft of information occurs precisely by transferring data to various external USB devices. They are compact, easy to use and serve as an ideal mobile storage of information that easily leaves the corporate network of the company.
In this version of the system, when a file is sent to a portable storage medium, SecureTower creates a shadow copy of the document, which is subsequently analyzed for specified security rules. Moreover, not only the attributes of the intercepted file, but also its contents are analyzed.
The new functionality of the system allows you to set lists of removable media that need to be controlled. For example, allow only corporate flash drives to be used on the company's work network, or set a list of workstations on which all USB devices will be allowed. In addition, SecureTower allows you to control only certain types of information (for example, only MS Word documents, or only.EXE files).
In addition to the functionality for controlling information transmitted to USB devices, SecureTower 3.2 implemented the ability to block them for certain groups of users. For example, it makes sense to close access to USB ports for sales employees working with client databases, or, conversely, allow the use of flash drives to those whose work is associated with frequent trips.
Another innovation in SecureTower 3.2 is the ability to control the clipboard on user workstations. Now, when text information is placed on the clipboard, the system immediately analyzes the data for the specified safety rules.
2011
FalconGaze SecureTower 2.2
In version 2.3, the program for preventing the dissemination of confidential information controls the data transmitted via the XMPP protocol, which is also known as Jabber. It is used in many messaging programs: Google Talk, QIP, Miranda, etc. From now on, control over data transmitted through this protocol will make information leakage protection even more reliable.
The new version of SecureTower 2.2 features an improved ergonomic interface. For example, it has become easier to use external programs when viewing files of an unknown format.
The Security Center has also been improved: a component of the program with which you can configure and adjust rules regarding information security policies, and which is also responsible for notifying you of a violation of these rules.
A significant modification has also undergone a component whose function is to identify cases of leakage of confidential information in a huge array of intercepted data. Search has become faster, and the results are more relevant, thanks to the improvement of the search engine.
Moreover, a function has been added that allows digital fingerprints to control information contained in databases, as well as in documents. Thanks to these changes, the reliability and efficiency of the program has been significantly increased.
FalconGaze SecureTower 2.3: Microsoft Exchange Control and Access Delimitation System
In the current version of the system for protecting against leakage of confidential information SecureTower 2.3, full control was provided over all messages of the Microsoft Exchange Server mail server and a new access delimitation system was introduced.
SecureTower 2.3 provides enterprise users with even more reliable protection against internal threats. It not only guarantees careful monitoring of the content of posts sent to blogs and social networks, as well as email messages (including encrypted ones), but also all messenger traffic (including ICQ, QIP, Miranda, Skype, Google Talk) and much more.
On top of that, the new version provides full control of internal and external correspondence passing through the enterprise mail server deployed on the basis of Microsoft Exchange Server 2007/2010. Any incoming and outgoing messages, including internal correspondence of company employees, are now checked for compliance with previously defined security policies.
For all violations of safety rules, detailed statistical reports can be generated with visualization in the form of graphs, which makes the process of analyzing the situation more visual, and subsequent decision-making more convenient.
Also, SecureTower 2.3 implemented a flexible system of delimitation of access rights, which allows you to configure access to the functionality of the system taking into account any structural and organizational hierarchy that exists in the company.
If necessary, you can restrict the ability of the SecureTower user, for example, to search for data on all intercepted information, or to view employee activity statistics with the ability to exclude from a given list. You can also actually deny access to the Security Center or restrict the user from creating, editing, or deleting security rules. Thus, you can appoint the head of the law department to monitor only your subordinates, or allow the security officer to see only those documents that are defined by the SecureTower system as confidential.
At the same time, in SecureTower 2.3 there are two types of user authorization: based on WindowsActive Directory accounts or using the program's internal authentication system. SecureTower is not just a standard software application, but a multi-component system integrated into the corporate network that will allow:
- fully monitor the leakage of information by the maximum number of channels
(e-mail, popular instant messengers, Skype, social networks, blogs and forums, FTP traffic, encrypted traffic, external devices and printers, etc.);
- Monitor users' network activity
- assess the efficiency of the use of corporate resources by employees;
- Create an orderly archive of company communications.
FalconGaze SecureTower 2.4
SecureTower 2.4 introduced a multifunctional module for working with accumulated data archives and made a number of changes to the functionality and interface of the program. The use of the SecureTower system in companies with a large number of jobs and huge volumes of traffic transmitted daily is due to the clearly structured processes of the system with large amounts of data. In addition to the database support required for any DLP system (MS SQL Server, Postgre SQL, Oracle, SQLite), SecureTower monitors information flows using the digital fingerprint method for confidential documents and chains of certain data from existing databases (for example, a combination of name, position and email address).
The new version of SecureTower 2.4 has added a multifunctional module that allows you to optimize work with previously intercepted data and speed up the process of the system as a whole. SecureTower 2.4, using an advanced task scheduler, allows, taking into account the specifics of any company, to optimally adjust the monitoring frequency for each of the information leakage channels, as well as defragment the available data. This will eliminate the presence of outdated or non-existent documents in the database, and, as a result, increase the reliability of control and speed of work, as well as ultimately reduce the total cost of ownership of the system.
Especially for large companies with a huge number of employees generating a serious amount of traffic, the ability to clean the database with a given frequency has been added. If you are sure that data on the movements of information two months ago will not be in demand, then you can safely delete them. This will significantly speed up the operation of the SecureTower system with intercepted and analyzed data. The changes also affected the program interface, which made working with the program even more convenient, as well as improving the SecureTower functionality, which increased the reliability and speed of the entire system.
FalconGaze SecureTower 2.6
In the new version of the system for protecting against the leakage of confidential information SecureTower, the functionality for controlling users has been significantly expanded by adding a module responsible for controlling the contents of the employee's desktop by taking screenshots at a given interval. A feature of SecureTower 2.6 is the expanded functionality for analyzing the activities of employees. Together with the functionality for data interception and analysis, this gives much more opportunities for a systematic approach to controlling the company's information space and countering internal threats, working, which is very important, to prevent them.
Screenshots of workplaces make it possible to get detailed information about what your employees do in their places during working hours without installing additional third-party applications, and allow you to replenish statistics with important information. For a more detailed study of processes occurring directly at workplaces, SecureTower takes screenshots at a given interval, unnoticed by the user, and saves them to the database in chronological order. By viewing these pictures in gallery format, you can get information about what the worker was actually doing.
The Relationship Analyzer graph allows you to track both personnel communications within the company's information field and their contacts with external subscribers. Thus, it becomes possible not only to identify the most sociable and active members of the network, but also functionality to control the interaction of personnel with competitors for the subsequent assessment of employee loyalty. All this allows you to use the system to work to timely identify possible information leaks, and not just to investigate incidents that have already occurred.
The flexible SecureTower reporting system generates detailed reports on the network activity of any employee, supported for greater clarity by graphs and diagrams. Having studied them, you can understand who uses corporate resources and how: who spends 70% of their working time on Facebook or Odnoklassniki, and who communicates for hours in ICQ or Skype on topics not related to work duties. SecureTower can be configured to send notifications when employees are too active in instant messengers and thus determine what they are actually doing at its peak moments.
FalconGaze SecureTower 2.7
FalconGaze released in May 2011 a new version of the SecureTower 2.7 multifunctional data leakage protection system. The updated version adds a function to control the transfer of information through the encrypted XMPP (Jabber) protocol.
The constant expansion of the list of controlled leakage channels is one of the main directions for the development of the SecureTower system, and FalconGaze has always paid special attention to Internet messengers, since this is one of the fastest and most convenient ways to transfer information. The control of these channels is all the more important because programs such as Skype, QIP, ICQ, Miranda, Google Talk and others are installed today on workstations of almost all users of the corporate network.
Unclean employees using secure data channels (for example, Skype, XMPP (Jabber) or encrypted mail) are usually confident that their correspondence will remain a secret to the employer.
Due to a significant improvement in the traffic interception component, the new version of the SecureTower system has expanded the number of monitored leakage channels. To the ability to control widely used instant messengers, e-mail (including encrypted), as well as voice and text data transmitted via Skype, support for the encrypted XMPP (Jabber) protocol used in popular instant messengers such as Miranda, QIP Infium (QIP 2010), PSI and others was added.
In addition, FalconGaze continued to work on the ergonomics and convenience of the SecureTower system interface. The new version has many different improvements, such as refinement of the query text highlighting function in search results. Thanks to this, determining the presence of a security threat in forwarded documents and other correspondence has become even faster and more convenient, which, in turn, allows you to respond more quickly to possible facts of violations of corporate information security policy.
FalconGaze SecureTower 2.8
In the new version 2.8, according to company representatives, it is possible to constantly monitor mobile workstations (laptops, netbooks) even if they are disconnected from the local network of the enterprise. Now, if such a mobile device is not connected to the company's network using SecureTower 2.8, all data transmitted by the user is placed in a backup storage, and when the connection to the corporate network is restored, it is sent to the server for subsequent indexing and verification. Thus, according to the developers of the system, all user correspondence through instant messengers and e-mail, files transferred to them and even screen shots are controlled by the company's security service even if the device is temporarily absent from the office. In addition, the functionality implemented in SecureTower 2.8 allows you to track the network activity of users, assess the rationality of their use of corporate resources, and also create an ordered archive of company communications.
SecureTower provides content, attribute and statistical analysis of information. Content analysis includes control by keywords and phrases, taking into account the morphological characteristics of the Russian language, search by regular expressions, digital fingerprint technology for documents and databases. For more effective control, a function was introduced to verify information containing transliterated words or characters, which, along with the fuzzy search function, minimizes the likelihood of uncontrolled transfer of confidential information in the enterprise network or beyond.
Moreover, the SecureTower system checks all data for compliance with security policies both according to the rules of strict transliteration and weakened. That is, when checking, several different methods of transliteration are taken into account to increase the efficiency of the system. And even if in words written in Cyrillic, replace only a part of the letters with Latin letters similar in spelling, this still will not allow to deceive the system.
For the convenience of studying the data on incidents obtained as a result of the SecureTower system, their comparison and deeper analysis, a function was added to export all messenger correspondence to RTF documents or print them in formatted form, on forms containing statistical data and additional information. It was also possible to export screenshots of a particular user for the whole day using one click.
By expanding and improving the way content is analyzed when filtered using SecureTower, users of the system increase the level of control over leaks, protecting confidential information as reliably as possible.
In the new version of the SecureTower system, created to protect against the leakage of confidential information, the list of controlled leakage paths was expanded by implementing the control of the Agent's Mail.Ru traffic.
Expanding the number of controlled information leakage paths is, along with improving information interception and analysis methods, one of the priorities for the development of the SecureTower DLP system.
Control of data transmitted via the MMP protocol (it is this protocol that the Agent and many other instant messengers use to communicate with Mail.Ru) allows you to analyze all messages and contents of files transmitted from one subscriber to another, even if the data is transmitted over an encrypted channel.
In addition to tracking Agent Mail.Ru traffic, the SecureTower system allows you to control messages from communication programs using unencrypted and encrypted instant messaging protocols OSCAR (such as ICQ/AIM, etc.), XMPP/Jabber (Miranda, Google Talk, QIP Infium, PSI), MSENGER (Windows Messenger), as well as text and voice messages on many other Skype and Skype.
Increasing the number of controlled protocols minimizes the possibility of transferring confidential information outside the company, while avoiding the introduction of a policy to prohibit communication channels, which seriously interferes with the workflow.
On the other hand, excessive communication over instant messengers often leads to inefficient use of corporate resources and neglect of employees' direct duties. The ability to analyze all messenger messages, in particular the Agent, very popular in Russia Mail.Ru, allows you to establish full control over the working hours of personnel and their rational use.
FalconGaze SecureTower 2.9
The new version of the solution implemented control over all messages of most popular mail servers. One of the most vulnerable, but at the same time containing important data leakage paths is the traffic of corporate mail servers. Indeed, they usually organize all internal and external business correspondence, document flow (partially or completely), and the information transmitted through these channels often contains important commercial data, financial documentation and personal data of customers and employees of the company. That is why analyzing and controlling mail server traffic is a priority for ensuring the company's information security.
SecureTower 2.9 expanded the list of controlled mail servers and implemented integration with most popular solutions that transmit data via both POP3 and SMTP. It is important at the same time that the Falcongaze solution takes into account the interests of companies of different sizes. SecureTower enterprise users will provide even more reliable protection by checking for compliance with previously defined security policies for any IBM Lotus Notes/Domino and Microsoft Exchange Server messages, including internal correspondence of company employees and sent files.
For companies representing the middle and small segment, control has been implemented over the more popular Kerio Connect mail servers in this environment, as well as free solutions based on Sendmail, hMailServer and many others.
SecureTower is a multifunctional system integrated into the corporate network that allows you to:
- fully control the leakage of information by the maximum number of channels (e-mail, popular instant messengers, Skype, social networks, blogs and forums, FTP traffic, encrypted traffic, external devices and printers, etc.);
- Monitor users' network activity
- assess the rational use of corporate resources by employees;
- create an orderly archive of the company's communications.
Notes
- ↑ Launch an updated version of the SecureTower v6.6 DLP system
- ↑ 2,0 2,1 [http://corp.cnews.ru/news/line/2016-11-15_v_novoj_versii_securetower_poyavitsya_vozmozhnost In the new version of SecureTower, it will be possible