Solar Dozor DLP System

White Paper: DLP - Data Loss/Leak Prevention

Solar Dozor is designed to monitor employee communications, identify early signs of corporate fraud, and conduct investigations. As a classic DLP system, Solar Dozor solves the tasks of monitoring, filtering and analyzing each message for confidential information. In addition, Solar Dozor also accumulates all employee correspondence, which allows further retrospective analysis and investigations on the entire volume of employees' communications.

2024

Confirmation of compliance with the requirements of technical regulations of the Republic of Belarus

The operational and analytical center under the President of the Republic of Belarus issued a positive conclusion confirming the compliance of the Solar Dozor DLP system with the requirements of technical regulatory legal acts of the Republic of Belarus. The developer of the solution announced this in February 2024. This will allow Solar Group to expand its presence in Belarus and ensure comprehensive protection of information of state information systems of the Republic.

On the territory of the Republic of Belarus, national legislation is in force, within the framework of which national confirmation of compliance is provided. All technologies and solutions entering the market of the Republic, in addition to issuing documentation for compliance with the technical regulations of the customs union, must necessarily undergo the procedure for assessing compliance in the national system.

For certification, the seventh version of Solar Dozor was transferred to the testing laboratory. The product has successfully passed all certification tests for compliance with the requirements of the Technical Regulations of the Republic. During the tests, not a single comment was made on the functionality of the system, and the product fully complies with all information security requirements for leak protection equipment.

Solar Dozor has been introduced in the territory over the years, countries CIS for example, such as,. Kazakhstan Uzbekistan Obtaining a certificate confirms that Solar Dozor contributes to the effective protection of confidential, information including in - not public sector, only in accordance with Russian standards, but also in accordance with INFORMATION SECURITY the standards of our geopolitical partners. The quality assessment in this case was as independent as possible, since certification was carried out according to the requirements of another. countries The National Standard for RUSSIAN FEDERATION Organizing the Process against information protection Leakage using DLP Systems, which is being developed for February 2024, will form uniform rules for confirming the effectiveness of processes and technologies for protecting against leaks within the Russian market, "said Ilya Lushin, head of Solar Dozor product at Solar Group.

Solar Dozor 7.11

GC Solar"" released an updated version of Solar Dozor 7.11. Now the DLP system implements the ability to control information transmitted through and AEROSPACE FORCES , messengers which allows you to prevent data breaches during their broadcast on the screen. The product also supplemented a number of tools, including an interception QR codes and an integration module. The developer announced this on January 15, 2024.

One of the most common channels of information leakage is the receipt of confidential data from the monitor screen. For example, during a call on the VKS or in instant messengers, employees of organizations can open confidential documents on the screen and display their contents. This version of Solar Dozor 7.11 allows you to control these data channels and identify the facts of illegal disclosure of confidential information. According to the policy, the agent creates snapshots of the displayed content, recognizes them using OCR (technology for automatically analyzing images and converting them into text) and, based on the recognition result, locks the demonstration.

At the end of 2023, we observed a multiple increase in quishing - a type of phishing, when QR codes are used to disguise malicious links . For example, an employee receives a letter from a colleague or manager asking him to follow a QR code and, after clicking on the link, loses access to the system, and the attacker gains access to the corporate account to steal data. In addition, attackers, using special utilities, can convert confidential information into a QR code for subsequent hidden transmission to third parties. In Solar Door 7.11, we added the ability to recognize QR codes, which allows us to gain control over data transmitted in traffic in QR codes, "said Ilya Lushin, head of Solar Door product at Solar Group.

Another change in the Solar Door 7.11 version is the integration module - MultiConnector. It allows you to perform integration with the systems used by the customer SIEM-, SOAR-, XDR-, - IRP for remote management of events, incidents and messages, as well as changes in their status, type of threat; Upload events or incidents and unlock the blocked message.

Starting with version 7.11, Solar Dozor processes twice as many images per second thanks to the transition to a more efficient graphics recognition engine. At the same time, the load of RAM was halved, and the load on the processor decreased by 20%.

The key trend in recent years has become import substitution - the departure of foreign vendors and the restructuring of supply chains have made significant adjustments to the processes of building information security organizations. This predictably led to the fact that the demand for domestic operating systems (), OS primarily built on the basis of software, increased in the market. Version kernels Linux 7.11 provides Linux agent support for the latest operating systems of the family, Viola including certified versions of Alt 8 SP, which guarantees its compatibility with the installed MPS on certified versions of Alt 8 SP.

Despite the above trends, the use of Apple technology in Russia is still in demand. In turn, we continue to protect our customers by developing the functionality of the macOS agent - he "learned" to record sound from the microphone of user workstations. This will allow security officers to expand the evidence base when conducting point investigations.

In the Solar Dozor DLP system, the "breaking" mechanism is one of the most advanced on the market, and in this version 7.11 it continued its development. In the reconstruction templates, it became possible to "add text to the beginning of the message," as well as use reconstruction profiles when sending messages from the archive. This allows you to reduce the number of incidents related to leaks of confidential information by notifying employees, counterparties and random recipients of the confidential status of information, as well as flexible reconstruction when sending messages previously blocked by the DLP system.

From the point of view of the development of the interface, we translate to the Angular framework. The "Policy" section has been improved: the ability to search, sort and display data has been expanded, new prompts have appeared, simplified work with the navigation menu, and increased the number of default settings.

2023

As part of PAC to protect service information

Russian manufacturers and developers presented a joint secure software and hardware complex of the information security administrator (PAC IB). It is designed to protect service information and personal data in customer information systems. Fplus announced this on November 10, 2023. A step in PAC cybersecurity is the Solar Dozor DLP system to prevent leaks of confidential information. Read more here.

Solar Dozor 7.10

Solar Group released an updated version of Solar Dozor 7.10 on October 2, 2023. Now the data leakage prevention system provides the ability to record video from the screen of workstations, control connection to Wi-Fi networks, as well as local storage of events and incidents in geodistributed structures.

The ability to record video from employee workstation screens allows security officers to gain additional context both when investigating incidents - analyzing an employee's behavior in dynamics and expanding the evidence base - and when working with personnel "under special control." A feature of the revision is that not only video recording is sent for analysis, but also processes launched on the workstation, headers of open windows and URLs. At the same time, recording of up to four connected monitors is supported at the same time, and not just one active window.

Implementing flexible management of employee connections to wireless networks allows you to completely allow or prohibit the use of Wi-Fi networks, as well as set "black" and "white" lists of wireless connections. All these options are available at both Network Level (SSID) and Individual Access Points (BSSID). This functionality allows information security officers to identify and block unauthorized access points and prevent the risks of critical information leakage.

An external API helps to remotely manage the Solar Dozor security policy while in the XDR-, SI-, IRP or SOAR system console. This development allows you to create, edit, view, delete word lists and apply an updated DLP system policy without even entering the Solar Door console.

Responding to challenges, time we offer to the market import-independent products as well as continue to expand their functionality. So, in version 7.10, support is implemented -, LDAPservers ALD Pro compatibility PostgreSQL DBMS with version 12 is provided, and the Linux system agent can be deployed on devices running 7.5 operating systems AlterOS and 8SP. Alt Linux One of the vectors for the development of our Solar Dozor DLP system is the constant expansion of the functionality of the agent part of the solution. In particular, in version 7.10, the Door Endpoint Agent module for Linux is now able to record sound from the microphone of the workstation, which brings it closer to functional parity with the Windows agent, said the head of the Solar Dozor product of Solar Group Ilya Lushin.

The capabilities of the MultiDozor centralized storage module have expanded. Users can now store data of events and incidents not only in the database of the parent organization, but also in local databases of branches, subsidiaries of dependent companies and other structural divisions. This will ensure the safety of bank secrecy, comply with the requirements of regulators and internal regulatory documents.

The Solar Door user interface continued its systematic transition to a fast and technological framework. In the updated version, the changes affected the "Policy" and "Directories" sections. For example, now rules and policy conditions can be conveniently moved anywhere on the page using the "drag and drop" function, search functionality has been expanded, hints have been added, a convenient counter of words, devices and markups has appeared, which saves the security administrator time when configuring the document template.

Integration with Jatoba DBMS

Gazinformservice and RTK-Solar have completed a series of compatibility tests for proprietary products. As a result of technical integration, multi-user access to the archive located in Solar Dozor was implemented with different levels of confidentiality. This was reported by representatives of Gazinformservice on August 14, 2023.

A productive and secure archive INFORMATION SECURITY of events is an important part of the DLP Solar Dozor system. The product implements operational and long-term mechanisms storing information that allow you to investigate incidents for any period of time. According to the partners, integration DBMS Jatoba with will improve the reliability, performance and scalability of the Solar Dozor DLP system. This will help officers safety work more effectively with the system and conduct investigations more quickly.

Information security "- like a puzzle, each part of which forms a common structure of a protected contour. DLP Solar Door in a place with a secure Jatoba DBMS form a secure protection solution, " infrastructures commented testings Konstantin Semenchuk, Product Manager for Jatoba DBMS.

"An integrated approach to the integration of DLP systems and DBMS allows you to close not only the current topic of import substitution, but also is an economically profitable solution for our customers - it allows you to optimize the budget, while maintaining a high level of information security of the organization. Technical integration of our solutions will increase the performance of multi-level cybersecurity systems and help security officers conduct investigations more efficiently, "said Ruslan Dobrynin, Business Development Manager at Solar Dozor.

Both products are certified by the FSTEC of Russia and are included in the register of domestic software Ministry of Digital Development Russia, which makes the Solar Dozor - Jatoba bundle an optimal solution for companies replacing foreign IT solutions with domestic ones.

Solar Dozor 7.9

On April 25, 2023, Rostelecom-Solar introduced an updated version of the Solar Dozor 7.9 information leakage prevention system. The update introduced the ability to create a hierarchy of workstation groups, deploy a Linux agent on workstations via the Solar Dozor web interface, control data transfer through VK Teams, eXpress and Airdrop, transfer events and incidents from Solar Dozor to various SIEM systems in real time and a number of other options.

According to the company, Solar Dozor 7.9 has optimized endpoint agent management functions. Thus, the management of groups of workstations was optimized. In previous releases, you could not create subgroups of workstations - all groups were at the same hierarchy level. Now such an opportunity has appeared, and it will be especially in demand by large multifilial companies with an extensive structure of groups of workstations.

As of version 7.9, the Solar Dozor Linux agent can be deployed using the DLP system web interface. Previously, installation was carried out only using a shell script. Now in the web interface you can start the process of deploying the agent and all the necessary packages on workstations, manage agent distributions and sets of these distributions, user accounts with rights to install the Linux agent. The implementation of this feature optimizes the process of mass installation of the agent on user computers, especially for large companies with a large fleet of Linux-based workplaces and for those who have to switch to this OS.

The Door Endpoint Agent module for Windows has developed a protocol-independent mechanism for intercepting messages transmitted on WhatsApp Desktop, which provides more reliable interception compared to the previous implementation. Intercepted, data transmitted to the window of the application () messenger that the employee uses on his workstation. In addition, the updated version of Solar Dozor significantly expanded the set of monitored data channels. In particular, on workstations under control macOS , interception and blocking are provided Transfer files via AirDrop. Intercepts files (documents and images) transferred using AirDrop from the user's desktop, from the Finder file manager or directly from applications, and blocks file transfer through AirDrop when the policy is configured accordingly.

Communication in domestic messengers VK Teams and eXpress has also been taken under control. Messages and files sent by employees through these messengers are intercepted by the Solar Dozor system and are verified in accordance with the terms of the organization's security policy. Now the security officer can find and view the employee's correspondence in VK Teams and eXpress, messages in the eXpress group chat and a list of chat participants, set up a security policy taking into account the interception of messages and files in eXpress and VK Teams. The change significantly reduces the risk of sensitive data leaking from companies.

The issue of controlling the transmission of information in instant messengers for April 2023 is very relevant - this is a very important communication channel, which is not inferior to corporate mail in terms of communication intensity, and even exceeds it in terms of the transmission of sensitive information. Employees of companies use corporate and corporate information for the exchange of information - now mainly domestic, and public messengers, which means that the risks of confidential data leaks exist in both cases, and such communications must be controlled. emphasized Ilya Lushin, head of Solar Dozor product at Rostelecom-Solar

The employee file in Solar Door 7.9 can be supplemented with data from an additional source: support is implemented LDAP-servers with a free license and open source software - FreeIPA (389 Directory Server). In addition to employee information, you can also get a list of workstations from this source (for example, for installation on them agents).

The integration capabilities of the DLP system are also enhanced in version 7.9. The interface implements the configuration of transferring events and incidents from Solar Dozor to various SIEM solutions in real time by uploading the necessary data to syslog - a log that is supported by most SIEM systems. This allows users to centrally process security events from multiple systems at once.

Solar Door 7.9 users will notice some system interface updates. Thus, the Interceptors section was divided into Endpoint Agents and File Crawler sections. You have added navigation, search, and item display options to each section. The Search section redesigned the query form interface for Quick and Advanced Searches, as well as templates. Enhanced the ability to use quick conversation search and search results.

And finally, the developers of the updated version paid attention to optimizing system health control. In Solar Dozor version 7.9, triggers appeared that allow you to quickly control: the absence of incoming traffic from Dozor Traffic Analyzer, the expiration of the account password for synchronization with AD, the inaccessibility of the master node and subordinate cluster nodes that have the Dossier service. The system administrator can now use more tools to analyze the current state and health of Solar Dozor.

Compatibility with the secure enterprise messenger EXpress

As part of the security strategy for corporate communications, specialists from the Russian platform eXpress and Rostelecom-Solar, the developer of the Solar Dozor DLP system, have issued an official certificate of compatibility between the two products. Before that, integration was repeatedly tested in tests and several large projects. This was announced on February 21, 2023 by the Roste lecom-Solar company.

Control information in corporate messengers is one of the key capabilities of Solar Dozor. With the help of a demanded function, officers INFORMATION SECURITY of Russian companies prevent leaks confidential information through messengers and conduct investigations of security incidents.

To increase the level of data protection from internal incidents in the context of import substitution, Solar Dozor has added a function to monitor the eXpress communications and mobility platform. Now the companies have confirmed the possibility of a two-way compatibility certificate.

In its products, the company systematically follows the path of import substitution, ensuring compatibility with an increasing set of Russian operating systems and data transfer technologies. The arsenal of Solar Dozor capabilities includes monitoring a set of the most common instant messengers in the corporate environment, such as WhatsApp, Telegram, Skype, Cisco Webex Teams, MS Lync, Viber. Now eXpress has been added to them, noted Ilya Lushin, head of the Solar Dozor product Rostelecom-Solar.

Both products are included in the unified register of domestic software and are certified by the FSTEC of Russia. This suggests that Solar Dozor and eXpress meet high security requirements. Proper operation as a result of solution integration is confirmed by the official certificate of compatibility.

The integration of eXpress with Rostelecom-Solar products is an opportunity for companies to comprehensively approach the issue of ensuring the necessary level of data protection in the organization. Not just implement disparate products, but combine them into a single infrastructure, commented Andrey Vratsky, CEO of eXpress.

Compatible Solar Dozor 7.8 with Astra Linux Special Edition 1.7

January 12, 2023 GC "Astra" announced that together with the developer of the system protection from () leaks information "" DLP Rostelecom-Solar completed tests the Solar ON Dozor 7.8 performance series in environment 1.7, OS Astra Linux Special Edition including with the established cumulative operational update " safety Bulletin No. 2022-0819SE17." The results of the research confirmed that the software products are compatible, and the solution was within the framework of certified the Ready IT for Astra technological cooperation program (Linux certificate No. 9647/2022).

The Solar Dozor DLP system blocks the transfer of confidential documents outside the organization, helps identify signs of corporate fraud and helps ensure the prevention of security incidents. Its suite of capabilities includes monitoring the main leakage channels using analysis of network traffic and agents on workstations, a search engine with an active mode of operation for monitoring local and cloud storage facilities, tools for analyzing user behavior, allowing you to prevent incidents and counter insiders, a function of geographically distributed mode of operation, retrospective analysis of the mail archive to identify leaks in traffic accumulated before the start of the DLP system. Among the key features of the solution, the vendor emphasizes simplicity and ease of use, high performance, the presence of a fully functional agent for all well-known platforms, including Astra Linux, support for VDI technology and focus on humans: the system concentrates not on the movement of information, but on employees, their connections and behavior.

Solar Dozor is included in the "Unified Register of Russian Programs for Electronic Computers and Databases Ministry of Digital Development" and is certified by the FSTEC of Russia for compliance with information security requirements according to level 4 of trust and technical specifications TU 5014-003-17764670-2019.

Import substitution in 2023 is in full swing in Russian organizations. Therefore, the company considers it its task to help companies migrating to domestic operational systems to do this as safely as possible, ensuring compatibility with the OS data of a wide pool of security solutions developed by the company. The company helps customers quickly and easily deploy the leak protection system required by each organization, now in the Astra Linux Special Edition 1.7, noted Alexey Kubarev, head of the business development department of the Dozor product center of Rostelecom-Solar LLC.

With the advent of various cyber threats , many organizations are faced with information leaks. Like colleagues, industries the company constantly monitors the situation with emerging vulnerabilities and opportunities for cyber attacks and quickly adapts its software to changing circumstances. However, in order to qualitatively protect IT infrastructures customers, vendors need not only to implement some of their own improvements, but to combine expertise and make sure that after the update, product stacks continue to work correctly and stably. The company is grateful to colleagues from Rostelecom-Solar for prompt and well-coordinated interaction in terms of testings and ensuring compatibility. This software effective cooperation gives confidence that joint solutions cope with the task of protection IT systems and data, commented Dmitry Tarakanov, Head of the Department for Development of Technological Cooperation of Astra Group of Companies

2022

Compatibility of Solar Door 7.8 with Red OS

Russian developers RTK-Solar and RED SOFT on December 13, 2022 announced the compatibility of the latest version of the Solar Door 7.8 information leakage prevention system with the RED OS operating system. The compatibility with this domestic operating system of both the agent and the server side of the DLP solution manufactured by RTK-Solar has been confirmed. Testing was carried out within the framework of the systematic expansion of RTK-Solar of the capabilities of its information security solutions in the direction of import substitution.

In 2022, import substitution in Russia essentially became mandatory; many customers are urgently moving to domestic solutions, including various operating systems. By implementing the compatibility of our cybersecurity products with Russian OS, we help our customers to quickly implement such necessary means of protection against current threats for Russian organizations, - said Alexey Kubarev, head of the business development department of the Dozor RTK-Solar Product Center.

Expanding the compatibility of the latest software versions with Russian Linux platforms is an urgent task, the operational solution of which is very often discussed in the IT environment. The full performance of the Solar Dozor 7.8 system update in the RED OS ecosystem proves that the developers are going in the right direction and are positive about creating an import-independent technostec, "said Rustam Rustamov, Deputy General Director of RED SOFT.

Solar Dozor 7.8

The company RTK-Solar"" announced on December 2 the release of the next version leaks information of the Solar Dozor 7.8 prevention system. The update implements changes to policy to the Door Endpoint Agent module, a source has been added to the UBA module -, data messengers compatibility with has been expanded, domestic software and the performance of graphics recognition technology has been improved.

The key innovation of version 7.8 was changes in the logic of the policy used in the employee action control module on the Dozor Endpoint Agent workstations. Policy rules can now be applied not only to workstations, as they were before, but also to specific users or groups of company users. This will significantly improve the quality of the security policies DLP system and the flexibility of its application, as well as simplify configuration and maintenance.

In this version, a significant change was made to the product in the rules of the endpoint agent policy at the numerous requests of Solar Door users. Updated policy rules will allow customers to more effectively manage user rights on controlled workstations, and therefore reduce the risk of deliberate or accidental information leaks. noted Ilya Lushin, head of Solar Dozor product at RTK-Solar.

In general, the functionality of the endpoint agent in the updated version has been seriously expanded. In particular, MacOS the agent has gained the ability to intercept keystrokes keyboards from workstations (keylogger), take screenshots from the screen. copyings files Control on removable media and network drives, as well as data control in the clipboard, is implemented. And the Linux agent has an EWS interception mails for domestic post the Evolution client, which is ubiquitous on Linux workstations.

In addition, the Dozor UBA user behavior analysis module now works with another data source - instant messengers, in addition to previously analyzed information from e-mail. Various instant messaging services are one of the most popular channels - they are actively used by employees to solve operational issues and exchange work information. Now the Dozor UBA module will receive information from the correspondence of employees in instant messengers from agents on workstations, which will significantly increase the objectivity of behavioral analysis and the quality of behavior patterns (combinations of behavioral features and anomalies). Thus, Solar Dozor users will see a more complete picture of employee behavior.

Answering challenges, time Solar Dozor is systematically expanding its capabilities in the direction. import substitution Thus, version 7.8 implements the operation of the system on domestic operating systems RED OS 7.3, SE Astra Linux 1.7 "," Smolensk provides compatibility with the monitoring system Zabbix versions 5.0 and 5.4, as well as with and on browsers Yandex Atom Windows the platform.

A large amount of changes also affected the Solar Door user interface. So, the transition to the quick Angular framework was made, which made it possible to implement the updated logic of working with the message card. Now all information about the intercepted activity of the employee is available in one message card without unnecessary clicks and transitions. In addition, the user experience of working with lists of events and incidents was improved in the interface: the speed of loading lists increased, the preservation of event positioning in lists was implemented. So, earlier, when the event was transferred to the status of an incident or removed from the list of any incident, the list was rolled back to the original version, which made it difficult for users to work. In the updated version of Solar Dozor, changes to lists are saved, and you can adjust the width and display of columns when working with lists.

Also, the 7.8 developers have worked to improve the performance of graphics recognition technology. The graphics recognition model previously used in the DLP system provided insufficient accuracy in determining some graphics objects and was quite resource-intensive. Therefore, the developers, having conducted appropriate research, replaced it with a more up-to-date model of an artificial neural network. As a result, the average memory consumption (RAM avg) is reduced by about 45%, and the accuracy of recognizing graphic objects has increased to 98% (!) For users of the DLP system, this means reducing the risk of confidential information leakage due to more accurate recognition of graphic objects containing key information.

One of the main vectors for the development of the Solar Dozor DLP system is the maximum automation of user routine processes. This release provides the option to automatically deploy the Door Endpoint Agent to workstations that have been added to Active Directory (AD) groups. When a station is added to an AD group, it is automatically added to the corresponding controlled station group in Solar Door. Then the agent will be automatically installed on the workstation, and if it is turned off, you can start the installation on a schedule. This feature will make it much easier for Solar Dozor users to install agents on a large number of workstations.

How user behavior analysis prevents incidents in pharmaceutical companies

Recently, individual DLP systems, such as Solar Dozor, have been able to analyze user behavior. In this case, it is a separate module that generates employee profiles, determines their typical behavior, and identifies variances. Vitaly Petrosyan, an analyst of the implementation of the Solar Dozor Product Center of RTK-Solar, talks about how the Dozor UBA module helps to prevent a wide variety of corporate incidents. Read more here.

Solar Dozor 7.7

On May 25, 2022, RTK-Solar announced the release leaks information of the Solar Dozor 7.7 prevention system update. This version optimizes the performance of the system in geographically distributed mode, the filtering speed, traffic and implements content control files in the iCalendar - employees' working calendar.

According to the company, starting from version 7.2, the Solar Dozor DLP system can operate in a geographically distributed mode. As of May 2022, the system is the only solution on the market that supports all known options for implementing the IT infrastructure of large companies: centralized placement of data processing servers in the head office, locally in each branch and a combined placement option. The updated version of Solar Door 7.7 on local web servers implements the ability to download files and use quick search functions within the branch office, without additional access to shared resources of the head office. Thus, the load on communication channels during data transmission and the performance of the system in a geographically distributed mode are reduced.

Another step in this version is taken towards improving the filtering policy. The solution has an additional check of the results of the analysis of confidential information using the method of regular expressions according to the to algorithm Moon, formats state of sample document numbers, numbers phones , etc. This allows you to significantly optimize the speed of the policy, as a result, the traffic filtering speed increases and the load on INFORMATION SECURITY the policy setting officer and the percentage of false positives is reduced.

One of the disadvantages of modern DLP systems until recently was the lack of the function of unpacking.ics files - events from the work calendar of employees presented in the iCalendar format. Accordingly, any files attached to these events were not controlled, which posed the risks of leaking confidential company data. Therefore, Solar Door 7.7 implemented a mechanism for unpacking.ics files, visualizing the attachment and applying filtering policy conditions to them.

This is not the most obvious channel of possible leakage of confidential information from the company and the more dangerous it is. In our practice, we often observe cases of sending such messages with attachments from iCalendar outside the perimeter of the organization, in particular, in financial companies. We also received many requests from customers to solve this problem, so we implemented this functionality in the updated version. noted by Ilya Lushin, Head of Solar Dozor Product at RTK-Solar

In addition, the update optimizes the display of calendar event attributes in the structure and in the message body: the main data required by DLP systems system users is displayed - event description, time, place, information about participants and organizer.

A number of features in Solar Door 7.7 have appeared in the endpoint agent of the DLP system. So, in the versions of the Dozor Enpoint Agent for OS Windows Linux and the interception of the web version is implemented. messenger Telegram Now the exchange of messages and files in Telegram is controlled when it is used both as an application installed on and computer when working in. browser Also, the Solar Dozor Linux agent now supports the latest versions of domestic open-source and operating systems, which makes the agent in demand within the framework. import substitution The list of supported domestic operating systems has been replenished with 1.7 Astra Linux (,,), Eagle RedOS Smolensk Voronezh 7.3, open source operating systems - 8, 11, source code Linux CentOS Mint Debian 20.3.

Dozor Enpoint Agent for macOS has also gained the functionality of controlling the connection of USB devices - flash drives and external hard drives. The updated version implements agent support for the Apple M1 platform, which provides the ability for the agent to work on mac devices with a different architecture. In addition, the DLP system administrator will now be able to deploy mac agents to workstations in hidden mode through the AirWatch EMM enterprise mobility solution.

In addition to additional features, Solar Door 7.7 has made a number of changes to the usability of the product. In particular, in previous versions of the system, the depth of information collection from the archive of local mailboxes of Microsoft Outlook employees was no more than 14 days from the moment the interception was activated on the endpoint agent. However, practice has shown that customers need a flexible approach to the depth of data collection - someone needs a period of 1 week, and someone wants to analyze information in at least a month. Therefore, now in Solar Door 7.7, the DLP system administrator can independently configure any required data collection period from employee mailboxes.

Certification of the FSTEC of Russia Solar Dozor 7

The development of Rostelecom-Solar is a software package for preventing information leaks Solar Dozor 7 is certified by the FSTEC of Russia for compliance with information security requirements according to the 4th level of trust and technical specifications. This was reported on February 8, 2022 by Rostelecom-Solar.

The certificate of conformity received by the product certifies that Solar Dozor 7 is software means of protection against illegal transmission from information information system that does not contain information constituting a state secret.

"This certificate confirms the security of the Solar Dozor Information Leakage Prevention System - customers can be sure that they are using a proven solution to protect their valuable information assets. This is especially significant for state authorities, organizations - objects of critical information infrastructure, as well as for companies of any other areas of the economy that own confidential information critical for business. At the same time, it is important to understand that there are no special requirements for certification of DLP systems on the Russian market yet. Therefore, Solar Dozor has been fully certified by the regulator for general trust requirements, unlike most competing solutions, which are certified only for narrow requirements for certain functions of DLP systems, for example, for removable machine media controls. " noted Alexey Kubarev, head of the business development department of the Dozor Product Center of Rostelecom-Solar

Certification of all 10 modules of the Solar Dozor 7 DLP system lasted 1.5 years. The software package has passed the full cycle of expert examinations provided by the regulator and tests, based on the results of which the testing laboratory of JSC "PPSh Laboratory" and the certification body of NPO Echelon JSC issued an opinion on the successful passage of certification.

4 Level of Trust Information Security is applied in significant objects of the critical information infrastructure of the 1st category, in state information systems of the 1st security class, automated control systems for production and technological security class 1 processes, in personal data information systems if it is necessary to ensure the 1st level of personal data security, as well as in public information systems of class II. Solar Dozor is a Russian system for preventing leaks of confidential information. Its capabilities provide control over employee communications, blocking or modifying spam, identifying and monitoring risk groups, and retrospective analysis of the communications archive for investigations. Solar Dozor can also analyze user behavior (User Behavior Analytics), which allows you to identify behavior anomalies, social circle and private contacts of employees, as well as profile them based on stable behavior patterns.

Solar Dozor 7.6

On January 25, 2022, the company Rostelecom-Solar"" introduced an updated version leaks information of the Solar Dozor 7.6 prevention system. The key change was macOS the ability to block the printing of confidential documents implemented in the Endpoint agent. In addition, Solar Door 7.6 introduced the functionality of monitoring the arrival of traffic from external systems using the ICAP protocol during their integration with DLP the solution.

According to the company, starting from version 7.6, Solar Dozor allows you to control computers macOS the printing of documents on the basis, applying security policy rules to them. Intercepts data sent to local, network and virtual, as printers well as blocks the printing operation. For example, you can block the printing of a document containing passport or data any other type of confidential information. As of January 2022, the Door Endpoint Agent for macOS is the only Russian endpoint agent on the market for workstations based on from, OS Apple which blocks the printing of confidential information.

Laptops based on macOS make up a significant part of the computer fleet of many Russian companies, especially those working in the field of design, media, retail, etc. At the same time, only a few DLP systems provide control over workstations running Apple OS in the domestic market. Now our macOS customers can not only record the fact of leakage of confidential information through printing from the MacBook, but also actively prevent such incidents. emphasized Galina Ryabova, Director of the Dozor Product Center of Rostelecom-Solar

Solar Door 7.6 developers have supplemented the product with the function of tracking the arrival and processing of ICAP traffic from various external systems. This allows the user of a DLP system, without digging into log files or analyzing technical headers, to quickly see whether ICAP traffic comes from a particular system, whether it is processed, and whether it is done correctly.

An important part of the task of monitoring the arrival of data from external systems has become the identification function, which allows you to determine which system receives specific messages. This allows you to identify and resolve traffic problems from external systems.

In general, in the updated version of Solar Dozor, the developers made various updates related to the control of employee workstations. So, it has become more convenient to control access to various USB devices on workstations - flash drives, plug-in webcams, etc. Now you can prohibit or, conversely, allow the use of USB devices of a specific model and manufacturer. This optimizes the time spent working with large arrays of USB devices compared to the need to configure them according to the full list throughout the company.

Also, Solar Door 7.6 users can remotely deploy workstation monitoring agents on macOS via the cloudy Enterprise Mobility Management Service () in hidden mode EMM. This is a cross-platform solution for managing mobile devices PERSONAL COMPUTER and applications installed on them are used by many customers, which was the reason for this feature. In addition, as part of the release of Solar Door 7.6, the developers added support for macOS 12 Monterey.

Solar Door 7.6 introduced the function of recording sound from the microphone of a workstation with the ability to listen to it in a mode close to real time. A security officer can start listening to the recording 1-2 minutes after it starts. You can also configure the retention period for records to be used. This functionality helps the security professional perform a review when an employee is suspected of a breach, so it is required by customers to gather evidence for investigations.

2021

Solar Dozor 7.5

On September 28, 2021, Rostelecom-Solar released an updated version of the Solar Dozor 7.5 DLP system.

Personnel workstations are one of the key monitoring objects for DLP systems, so in this release we have taken a step in the development of our endpoint agent. Now in the arsenal Solar Dozor are agents for monitoring workstations running all three operating systems. In addition, following the development of communication technologies, we are systematically expanding the number of controlled channels, paying attention to messengers that are gaining popularity, both private and corporate. We continue to develop the Dozor UBA user behavior analysis module - in the updated version, the module was supplemented with detailed reports. In 2020, many of our clients have accumulated sufficient experience in the practical use of this tool and share ideas for its development with us. emphasized Galina Ryabova, Director of the Dozor Product Center of Rostelecom-Solar

According to the company, on average, 5% to 50% of employees work in Russian companies on workstations running macOS, depending on the specifics of the organization's activities. This is the management, whose laptops contain key financial and economic information and a business development strategy. And IT specialists - developers, architects, UI/UX designers who own confidential technical information, databases, strategy for the development of IT products and services of the company. And specialists of other areas - designers, marketers working with contracts, tender documentation, customer databases, information on the market development of products and services, etc. The leakage of such information turns into very sad consequences for business.

In order to protect sensitive data of companies on workstations under management, the macOS Solar Dozor 7.5 DLP system update includes the Dozor Endpoint Agent for macOS module, in addition to previously implemented Window and - Linux agents. As of September 2021, it is the only Russian macOS agent on the market that controls web resources, data messengers in and local mail for computers production. In Apple particular, the system intercepts data transmitted through channels (HTTPS search queries, messages in,), to web mail social networks correspondence and sent documents in and (desktop Skype WhatsApp and web), as well as intercepts messages and sent files through mail clients via protocols,,. The agent can be SMTP POP3 IMAP installed on workstations either using a graphical installer, if company regulations require manual installation, or automatically using special deployment tools.

Solar Dozor version 7.5 has the ability to control another information exchange channel - a corporate messenger. Cisco Webex Teams Now, using the functionality of the Dozor File Crawler module, you can configure the system so that all messages sent files by employees in personal or general chats Cisco Webex Teams will be received by Solar Dozor and verified by the organization's policy safety. At the same time, a history Webex of messages sent by employees even before Solar Door 7.5 was installed in the company is available.

The system will be able to analyze all employee correspondence, the history of changes to Webex messages (original, edited and deleted versions), as well as provide statistics on messages (the number of messages and documents transmitted over the entire time or in the last 24 hours).

User Behavior Analysis (UBA) is a technology that allows you to identify early signs of corporate fraud, the emergence of corruption schemes, prerequisites for information leaks, etc. The updated version of Solar Door 7.5 has the opportunity to obtain information about employee behavior in the form of a PDF report . Information security specialists will be able to quickly identify deviations and dangerous trends in personnel behavior, as well as promptly provide management with the necessary reporting.

Now the user of the system can generate a report containing information about the behavior of employees related to one of the 20 patterns ("work at night," "search for work," "dead souls," etc.). The report will display special contacts of employees, the vulnerability index, the number of security events and anomalies in behavior. You can also generate a report for a specific employee for a period of 45 days. It will include both general information about the employee and the history of behavioral features: the dynamics of the vulnerability index, internal and external activity, sending and receiving information objects, all anomalies of behavior, a list of special contacts - working and private ego networks, unknown contacts.

The developers of Solar Dozor 7.5 paid a lot of attention to the Dozor Endpoint Agent module for Windows. In particular, in this version, you can configure print control on the printer and clipboard operations for a given list of applications. This focused monitoring reduces the workload on workstations and minimizes conflicts with software that is unnecessary to monitor.

In addition, in Solar Door 7.5, you can use the Door Endpoint Agent module to block the transfer of password-protected or damaged archives. This prevents sensitive data from leaking in encrypted archives over all the multiple channels controlled by agents on user workstations. The most common archive formats are supported: ZIP (.zip), RAR4, RAR5 (.rar), 7-zip (.7z), ARJ.

The key information for making a decision to install an endpoint agent on a particular endpoint is the name of the employee with reference to the workstation. Previously, this information could only be obtained from the Solar Dozor interface after installing a fully functional endpoint agent. As of version 7.5, the name of the employee logged on to the workstation is displayed immediately after the "easy" deployment tool (Updater) is installed on it. This information allows you to quickly find out which work devices are officially assigned to a specific employee and install an agent on them.

Solar Dozor 7.4

On June 24, 2021, Rostelecom-Solar announced the release of an updated version of the Solar Dozor 7.4 software product. The release is devoted to the implementation of modules for analyzing user behavior (Dozor UBA) and monitoring the storage of confidential information (Dozor File Crawler) in a geographically distributed configuration - for companies with an extensive branch network.

The natural process of monopolization and enlargement of business has accelerated since 2020 under the influence of a pandemic: for many companies, joining a larger and more crisis-resistant player has become a good business strategy. For holdings, in terms of improving business efficiency, M&A of transactions are accompanied by security risks associated with injecting a structure into the company with other business processes, with a different corporate culture, with difficulties in integrating employees. For groups of companies and organizations with attached structures, the need for a centralized controlled solution of security problems in a heterogeneous hierarchical territorial-distributed structure comes to the fore. For such organizations, 3 groups of tasks are always relevant: security control in general (end-to-end analytical tools for monitoring and conducting investigations), centralization of expert functions (for example, expert analysis or system administration), control of security departments by the center. That is why in this release we paid attention to the implementation of the work of the key analytical modules of the system in multifilial mode. noted Galina Ryabova, director of the Dozor product center of Rostelecom-Solar

According to the company, the practice of using the Dozor UBA user behavior analysis module, released by Rostelecom-Solar at the end of 2019, by large Russian companies, has shown that the analysis results can be most effectively applied when installing the module separately in each territorial unit. In previous versions of Solar Dozor, the UBA module was installed on shared resources and provided only averaged generalized information on user behavior across the company as a whole.

In the updated version, on the one hand, all the installations of the Dozor UBA module in each branch office are combined into a related system, which allows you to get a complete slice of data on user behavior throughout the organization. On the other hand, through a single Solar Dozor web interface, you can select any territorial division and go to the summary statistics and details not only for a specific branch, but also for any of its users. The consolidated statistics for the branch takes into account the most significant risk factors: dangerous and suspicious trends in the territorial division, the presence of persons with serious deviations in behavior and their increase over the week. Information is also available on typical patterns of behavior for the staff of this branch, anomalies of behavior, special contacts of employees, their daily activity, etc.

For each branch, it became possible to set the time zone, which allows you to ensure the accuracy of the analysis of the daily activity of its employees (morning, day, evening, night), calculation of behavior patterns "Work at night" and "Work on weekends." When working with patterns of user behavior, you can switch between territorial divisions, analyzing differences in patterns from branch to branch.

В Solar Dozor 7.4. the practice of using the Dozor File Crawler storage monitoring module by multifilial companies has also been reflected. In previous releases, there was no association of distributed network nodes that used the module for verification with the branches in which these nodes are located. In this mode, it was difficult to manage the tasks of the module and use the network map. To launch the task, you had to specify a specific node, and the data on the inspection of all nodes of the network formed one huge map, which was difficult to navigate.

Now each task of scanning the network at the time of its creation is automatically tied to the corresponding territorial division, and all further settings of the task, selection of network map elements are made in relation to a specific branch. The resources of each territorial division are displayed in a separate branch, depending on the Dozor File Crawler installation with which the scan was performed. Also, when specialists working with the system are granted access to branch data, access to scanning tasks and network map branches is delimited. All these changes will help information security specialists of large organizations save time on managing the module for monitoring the storage of confidential information and more efficiently use the results of the network audit.

In addition, this version has a number of additional mechanisms for protecting confidential data from leaks. In particular, Solar Door 7.4 allows you to broadcast video from the employee's workstation screen in real time. This tool is in demand by customers to collect evidence during investigations.

The system also reads the directory structure of removable storage media (flash drives, memory cards and external hard drives), which are connected via a USB port to the workstations of the company's employees. This gives security officers the ability to view the contents of removable devices - folder structure and file name - to identify attempts to copy sensitive documents.

In large companies, the routine work of collecting data on security events and incidents is delegated to junior specialists of the information security service. In earlier versions of the Solar Dozor DLP system, the manager could only share with a subordinate copy of the search query. Starting from version 7.4, the security officer can provide junior information security specialists with access to execute search queries created by him: the executor will be able to execute requests, view their parameters and the result of execution without the possibility to make changes to the request. Flexible configuration of access to system data for junior employees will reduce the risk of leakage of valuable information.

To optimize the usability of the DLP system, the updated version has developed a mechanism for online disconnection of the agent module. In case of conflicts with third-party software, you can temporarily deactivate the agent at the touch of a button without removing it from the workstation. At the same time, all settings are saved and when the agent is activated back, it is not necessary to configure it again.

Inclusion in GISP

The Ministry of Industry and Trade of the Russian Federation on the basis of the State Information System of Industry (GISP) has compiled a list of solutions that are recommended for use by the authorities and commercial enterprises of Russia to organize remote work processes. In the "Information Security" category, it includes such "Roste lecom-Solar" products as the Solar Dozor information leakage prevention system, the Solar inRights automated access rights management system, the Solar webProxy web security gateway. The developer announced this on February 9, 2021.

The compliance of Rostelecom-Solar products with the requirements for ensuring a safe remote work process was confirmed by the GISP Project Committee. It includes leading experts from the Digital Economy ANO, the Internet Initiatives Development Fund, the Domestic Software Software Developers Association and the Internet of Things Market Participants Association.

The initiative was implemented within the framework of the state program "Development of industry and increasing its competitiveness," the purpose of which is to create a competitive, stable, structurally balanced industry in Russia, - said Mikhail Adonyev, director of strategic projects at Rostelecom-Solar. - Along with other areas of stimulating industrial development, the Ministry of Industry and Trade of Russia provides active information support to enterprises on the GISP portal. The created Remote Solutions Registry will make it easier for companies to select products to maintain business continuity in a remote environment.

The Rostelecom-Solar solutions presented in the registry provide information security for remote process management using remote monitoring tools, which reduces the risks of physical presence at facilities. For example, the Solar Dozor DLP system is designed to protect information assets and allows you to block information leaks, monitor employee communication channels and identify signs of corporate fraud. Another solution of Rostelecom-Solar - Solar inRights - helps to build procedures for the implementation of security policies and regulations in the field of access rights management at the enterprise. To control the access of employees and applications to web pages, protect web traffic from malware and intrusive advertising, the Ministry of Industry and Trade recommends the Solar webProxy web security gateway.

2020

Solar Dozor 7.3

On December 3, 2020, the company Rostelecom-Solar"" announced that it had updated its flagship DLP Solar Dozor system to version 7.3. The update introduces training neural networks Faster RCNN-based deep technology. It allows you to control the transfer of critical data in graphic formats - images, scanned copies, photos, etc. In addition, an important step was the implementation in Solar Door 7.3 of control over employee correspondence in the desktop version. messenger Telegram

According to the company, the most significant change in Solar Door 7.3 was the emergence of the Graphical Template security policy tool, which controls the transfer of critical data in graphic formats. With this tool, the DLP system recognizes in images such objects as passport data of citizens of the Russian Federation, seals of organizations, faces and backs of payment cards.

To recognize graphic objects, the solution uses a specialized deep learning technology based on neural networks Faster RCNN (region-based convolutional neural networks). The speed of the technology practically does not depend on the size of the image. Objects are recognized taking into account various deformations - stretching, rotation, overlapping on other objects, as well as in the complete absence of a text component. Faster RCNN's ability to recognize sensitive data in graphics objects is significantly superior to the traditional technology of OCR, print detection and others in DLP systems.

Sensitive data leaks in various graphic formats - document scans, images, etc. - are very common. In graphic form, passport data of citizens, bank card data that have liquidity on the black market as of November 2020 are often leaked. At the same time, the classic tools used in many DLP systems to identify confidential information in "graphics," such as OCR technologies, print detectors, passports and the like, have so far solved this problem with varying success. Their effectiveness strongly depends on the quality of the analyzed image and is seriously reduced if a distorted object is sent - stretched, curved, in low resolution, etc. The first deep learning technology we used based on neural networks Faster RCNN is able to identify attempts to drain critical data even in highly deformed objects. noted Galina Ryabova, Director of the Solar Dozor Product Center of Rostelecom-Solar

Solar Door 7.3 has taken a big step forward and towards expanding the list of monitored data channels. Now, using the Door Endpoint Agent module installed on corporate network workstations, you can control employee correspondence in the desktop version of the Telegram messenger and sending it files to cloud storage using the desktop applications Yandex.Disk and. Google Drive In addition, in this version, mechanisms have appeared that allow you to recognize text written by a translation and (or) containing typos in messages and file names and convert it into correct text. Thus, specialists in the field safety will be able to control the transmission of text that has been intentionally or accidentally distorted by translit and/or typos.

A number of important changes were made in one of the key modules of the system - Dozor UBA. The user behavior analysis module in version 7.3 has expanded its functionality to minimize the risk of data leakage when employees are fired. To do this, the "Signs of Dismissal" widget appeared in the system interface in the "Behavior Analysis" section. By clicking on the widget, the security officer instantly receives a list of employees whose behavior contains signs of preparation for dismissal.

The criteria by which the system identifies workers preparing for dismissal were formed as a result of practical studies and observations of the behavior of employees leaving companies. Such criteria include a gradual drop in external and internal activity, optimization or reduction of the work schedule by an employee, the emergence of unique contacts in communications, the transfer of information assets uncharacteristic for an employee, and a number of others.

Also, the Dozor UBA added behavioral anomaly classes "New Unknown Contact" and "New Information Object," which are also used when identifying quitting employees. For example, these anomalies will be recorded in the behavior of an employee who suddenly began to collect company documents that are not related to his work and send them to an unknown e-mail system. This behavior is found among employees who decided to leave the company and decided to increase their attractiveness in the labor market at the expense of a former employer.

To improve the usability of the system, Solar Door 7.3 has been completely redesigned and supplemented with quick search filter criteria. Now it is available by pressing a button in a separate window, where the filtering criteria are grouped so that the security officer can apply criteria from one or several groups to a specific search sample.

The filter helps to quickly find the necessary data in an already formed search sample, which will save time on detecting leaks and investigating incidents.

In addition, the Door Endpoint Agent module in the updated DLP system collects diagnostic information from the workstations of the corporate network, which reduces the time to troubleshoot and troubleshoot agent problems and failures at endpoints.

Dozor Endpoint Agent Linux 2.6

Rostelecom-Solar, September 24, 2020 announced the release of the next version of the Dozor Endpoint Agent Linux 2.6 workstation control module. This agent for Linux has a similar Windows version set of capabilities, and is also a multifunctional endpoint solution based on Linux OS in the Russian market.

According to the order of the Ministry of Telecom and Mass Communications of Russia No. 96 of 01.04.2015 "On Approval of the Import Substitution Plan for Software," by 2025 the share of domestic operating systems (OS) in state organizations should be at least 50%. The existing and created operating systems in Russia are implemented on the basis of freely distributed GNU/Linux distributions, which most market information prevention systems (DLP) support only a limited set of capabilities. The release of the Door Endpoint Agent Linux 2.6 is designed to fill the functional gaps available to domestic customers of Linux versions of user workstation monitoring systems.

This version of the agent controls the printing of documents on the printer, copying them to the clipboard, saving data to USB devices, pressing the keys on the keyboard, as well as the activity of users and individual applications on the workstation. If necessary, the module can work in active counteraction mode: prohibit copying files to removable media and network drives, block the clipboard, send information through browsers, including cloud storage. In addition, the Door Endpoint Agent Linux 2.6 allows you to monitor an employee's actions by taking pictures of the desktop when the user presses certain keys or at specified intervals.

Door Endpoint Agent Linux 2.6 supports the following list of Linux platforms:

• Astra Linux SE 1.5 and 1.6 "Smolensk"
• Astra Linux CE 2.12 "Eagle"
• CentOS 7
• Ubuntu 18.04 LTS
• Red OS 7.2 "Murom"
• Goslinux IK6

Compatibility with Astra Linux and Red OS platforms is confirmed by appropriate certificates.

It should be noted that version 2.6 of the Linux agent can also be used to control the work of users on terminal servers running Zircon 36ST.

{{quote "We consider support for domestic operating systems based on Linux a significant component of the technological development of software products of the Solar Dozor family. The Russian information security market is conducting systematic work to ensure the readiness of state-owned companies for import substitution. Rostelecom-Solar, for its part, seeks to help public sector companies switch to Russian developments as easily as possible, ensuring the compatibility of its technologies with Linux systems. The release of a fully functional Linux agent is a significant step in this direction, - said Galina Ryabova, director of the Solar Door Product Center of Rostelecom-Solar. }}

Solar Dozor 7.2

On May 28, 2020, Rostelecom-Solar announced the release of an updated version of the Solar Dozor 7.2 DLP system. The functionality of the solution has been expanded with the MultiDozor module, which allows you to link all Solar Dozor branch installations into a single system with control from the center. MultiDozor is focused primarily on large geographically distributed businesses and public authorities with their extensive structure. With its help, these organizations will be able to quickly and efficiently solve internal security problems.

Rostelecom-Solar believes that one of the main internal security problems of large enterprises with a geographically distributed network of divisions is the lack of vision of the general situation and security control in the company as a whole. All branches are essentially a single organization with uniform security standards and policies, but the DLP system is installed separately in each of the departments and, accordingly, monitors for each branch separately.

According to the developer, the MultiDozor module allows you to analyze and process data on internal security events in real time both for the company as a whole and for each of the departments. As a result, home office information security personnel can conduct end-to-end, company-wide incident investigations regardless of the degree of decentralization of the IT infrastructure and bandwidth of the enterprise. The module provides the ability to conduct centralized monitoring of special control groups using a single dossier with employees of all territorial divisions. In general, the same set of analytical data slices is available in MultiDozor as in Solar Dozor branch installations. And the ability to create a unified policy for the whole company with the configuration of changes for each branch distinguishes the presented solution from other DLP systems.

Flexible configuration of rights in the module allows you to retain such basic functions as, for example, the initial level of analysis of security events, system maintenance, etc. To solve higher-level tasks - deep investigation of incidents, etc. - it is possible to involve experts located in the central office. This functionality is aimed at solving the problem of lack of personnel and insufficient level of competencies in IT and information security divisions of branches, emphasized in "Rostelecom-Solar."

"For us, the implementation of this module represented a certain technological challenge. The position of the Solar Dozor DLP system is traditionally strong in the segment of large enterprises, where high requirements for fault tolerance are put forward. Ensuring the uninterrupted operation of a geographically distributed system throughout the country, taking into account the possible instability of communication channels on the ground, while maintaining the entire set of its functionality, is a serious task, " noted Galina Ryabova, Head of Solar Dozor

The updated version of Solar Dozor 7.2 also developed the functionality of the Dozor UBA user behavior analysis module. The changes made are a natural result of the practical application of the module in companies of various sizes and are aimed at improving the convenience of information security specialists with the system. In particular, when you display the progress charts of an employee's internal and external activity, you can navigate to the related messages. This allows you to quickly identify anomalies and security incidents and start an investigation. It has become easier to obtain from the charts data on the dynamics of the employee's activity on individual sections of interest to the information security specialist. Thus, based on the feedback received from customers, the interface of the "Activity" and "Popularity" tabs was redesigned. The data has become more compact - to assess the employee's behavior, you need a minimum scrolling of the window content, which speeds up visual analysis, according to Rostelecom-Solar.

In the charts of internal, external activity and popularity of the employee, it became possible to move the period for which the data is displayed. This allows in dynamics to assess the change in human behavior, to identify growing negative trends. The diagrams were supplemented with visual elements to speed up the detection of significant anomalies in behavior. And the opportunity to apply filters to diagrams allows an information security specialist to focus on the content of interest to him in the employee's correspondence. In general, thanks to the modified tab interface in the Dozor UBA module, the user can view a large amount of data on one screen.

Red OS Compatibility

On January 13, 2019, RedSoft announced that the Solar Dozor confidential information leak prevention system has been successfully tested for compatibility with the Russian operating system of the LinuxRED OS family. Following the results of the work, Rostelecom-Solar and RED SOFT signed a bilateral compatibility certificate.

We consider technological cooperation with developers ON as one of the foundations for the successful development of business in the field. IT On the Russian market information security , systematic work is underway to ensure the readiness state of companies for. to import substitution Rostelecom-Solar, for its part, seeks to help these companies in terms of an easier and more trouble-free transition to Russian developments, ensuring maximum compatibility of its technologies with domestic systems of other classes. The compatibility of our flagship product Solar Dozor with the domestic RED OS is one of the significant steps in this direction, noted Galina Ryabova, Director of the Solar Dozor Product Center of Rostelecom-Solar

The use of the Solar Dozor system in the environment of the RED OS operating system will allow the client to ensure a high level of information security of his processes. Together with partners, we are pleased to provide another import-independent solution, commented Rustamov Rustam, Deputy General Director of RED SOFT

2019

Solar Dozor 7

On October 8, 2019, Rostelecom-Solar announced the entry into the market of the Solar Dozor 7 DLP system with an integrated advanced user behavior analysis module Solar Dozor UBA. The system solves a wide range of safety tasks that go beyond protection against leaks, and allows using automated analysis to identify early signs of violations by company employees.

According to the company, Solar Dozor 7 is a next-generation leak protection system based on the advanced People-Centric Security concept. This concept implies the transition of the service information security from monitoring hundreds and thousands of incident notifications data with to analyzing employee behavior and identifying deviations in behavior.

Solar Dozor 7 includes a module for deep analysis of user behavior (UBA - User Behavior Analysis). The module allows you to automatically identify anomalies in the behavior of company employees that may indicate early signs of corporate fraud, the emergence of corruption schemes, prerequisites for information leaks, etc. This allows security services to work with risks proactively using automated analysis tools.

For October 2019, we clearly see two trends in the development of DLP systems. On the one hand, the capabilities of leak protection systems have gone beyond the tasks that lie exclusively in the field of information security. They become an effective tool for reducing risks in the field of economic, own, personnel security of companies. On the other hand, information security itself expands its view of the world, moves from analyzing events and data to a security strategy with a focus on the person. told Galina Ryabova, Director of the Solar Dozor Product Development Center Rostelecom-Solar

Solar Dozor UBA analysis methods are based on unsupervised machine learning class algorithms that do not require pre-configuration and adaptation of the system to operating conditions. The system analyzes the behavior of employees in two areas at the same time. On the one hand, each employee is monitored by a set of indicators that are measured with high frequency and taking into account personal characteristics of behavior, business context, role in the team and a number of other factors. The history of user activity accumulated during 2 months is enough to determine his stable behavior and begin to detect anomalies of his behavior. Such figures were obtained during the testing of Solar Dozor UBA technology on a number of companies with a scale of 1000 employees.

On the other hand, the Solar Dozor UBA module identifies the most vulnerable groups of employees and employees with suspicious behavior from a business point of view, referring them to various patterns of behavior (combinations of behavioral features and anomalies). As of October 2019, there are about 20 patterns in the system, including: "dead souls," employees with anomalies of external communications, with the presence of shadow personal contacts (the so-called private ego networks), etc. For each of the patterns, constant control of dangerous trends is carried out, close to real time.

The information collected using the UBA module significantly enriched the Solar Dozor 7 DLP system Dossier module. Now it focuses on the most complete information about the person (employee, group of employees and other communication participants) and, together with quick end-to-end search and configured data slices, is the optimal environment for conducting investigations that has no analogues in other DLP systems. Personnel profiling in terms of working time utilization has also become available here.

Solar Dozor 6.8

On May 28, 2019, Rostelecom-Solar announced that it had released an updated version of the Solar Dozor DLP system. Its key improvements were a completely updated agent for controlling workstations, controlling communications in Viber, protecting confidential design documentation and supporting ICAP traffic from various proxy servers.

According to the company, when creating this version of Solar Dozor, the focus of the developers was on the task of finalizing the Dozor Endpoint Agent module, designed to monitor employee activity on workstations. In particular, the interception mechanism over HTTP/HTTPS, SMTP, POP3 and IMAP protocols was seriously improved, the stability and speed of the module was increased. The list of controlled communication channels has been replenished with the Viber messenger.

In addition, in order to master the technologies virtualizations widely used in modern technology in May 2019, To IT infrastructure the Dozor Endpoint Agent has support for a "golden image," Citrix VDI which allows you to install the agent on virtual machines along with a standard office package (, ON etc Microsoft Office 1C.).

In the development strategy of the Solar Dozor DLP system, our priorities are not only to increase the number of functions, but also the depth of their development. Galina Ryabova, Head of Solar Dozor at Rostelecom-Solar

An important step forward was the implementation of processing ICAP traffic from various proxy servers in real time. The same rules as messages on other channels can be applied to ICAP data. In particular, a special "Block ICAP" action has appeared in the policy, which allows you to prohibit both sending data to and downloading from web resources. In addition, the integration of Solar Dozor with the Dozor Web Proxy web traffic control module has been further developed. Now the security officer can keep a single file on the employee, group of employees or counterparty: all changes made in the Dozor Web Proxy will be reflected in Solar Dozor, and vice versa.

Solar Door 6.8 has the ability to automatically identify and extract text information (drawing, schematic, BOM, model, etc.) from CAD engineering package files. CAD, M3D, and other formats DWG, STL, STEP, ADEM are supported.

Integration with Microsoft Active Directory (AD) has gained significant development in this version. Now the security officer can access the system without using a login and password - the data entered when entering the OS is used. The Kerberos protocol is used for authentication.

To make it easier to visually distinguish person data imported from AD from each other, the updated version has indicators Organizational Unit and Security group, which help when searching for system objects, setting policy and other situations when you need to know the type of group in which the person is a member. In addition, it is now possible to download person data from several ADs, which is important, for example, for companies that are in the process of mergers or acquisitions by other organizations. This eliminates duplication of accounts - duplicates are automatically combined into one card.

In order to increase the speed of response to incidents, Solar Door 6.8 has improved search capabilities. So, an event or incident can now be found by its number (identifier). In addition, Solar Dozor has two modes for searching for objects - fast and advanced. However, in some cases, you may need to quickly search through the message text with the ability to select complex attributes, as in the extended one. In this version, such an opportunity has appeared, which will allow you to more accurately and quickly find the information you need.

User activity control has also been improved: the user activity log now displays the most detailed information, including device IP addresses, actions on policy objects, user roles, and system directories.

Solar Dozor Web Proxy 3.0 module

On February 12, 2019, Rostelecom-Solar announced the release of the next version of the Solar Dozor DLP system module for controlling web traffic - Dozor Web Proxy 3.0. All changes, from the updated graphical interface to the automatic synchronization of the employee's file in the Dozor Web Proxy module and the Solar Dozor DLP system, according to the developer, are designed to simplify and speed up the work of information security specialists. The release of Dozor Web Proxy 3.0, according to the company's statement. is the first step towards the separation of the module into an independent product area of ​ ​ Rostelecom-Solar.

Dozor Web Proxy 3.0 introduces an updated interface for managing security policy rules, the logic of which has been completely changed. In the version presented, security policy rules are grouped into layers (rule sets), each of which performs certain tasks: authentication exceptions, HTTPS opening, ICAP redirection, and filtering requests and responses. Layers are displayed in the interface in the order in which Door Web Proxy 3.0 handles policy rules. This approach allows the security officer to more conveniently and quickly configure the rules, the developer claims.

As noted in Rostelecom-Solar, working with security policies has become easier thanks to a change in the visual representation of rules from tree to table. In addition, the security policy elements that are used to form the rules are grouped according to how often they are used during configuration.

"When developing Dozor Web Proxy 3.0. First of all, we focused on increasing the speed and convenience of information security specialists with the system. For us, the ergonomics of the solution are no less important than its functionality. Simplifying the interaction of security officers with all Solar Dozor modules is part of a unified strategy for developing our DLP solution. " Galina Ryabova, Head of Solar Dozor

Dozor Web Proxy 3.0 automatically synchronizes an employee's dossier, a key analytical element, with the Solar Dozor DLP system, which ensures constant completeness of information on a specific person, regardless of the tool used, Rostelecom-Solar emphasized.

According to the developer, noticeable changes also affected the web proxy configuration mechanism implemented in previous versions. The ergonomic configuration management interface allows you to quickly search for traffic filtering and user and application access parameters in accordance with the main tasks of the system administrator.

Dozor Web Proxy 3.0 provides functionality that allows you to more flexibly manage authentication settings for applications to access the Internet. In the presented version, you can configure exceptions for applications that do not support the authentication function, for example, for software update services, banking and the like applications. Also, some hosts need Internet access without authentication - for example, servers equipped with anti-virus protection. Authentication exceptions can be set both in transparent and opaque proxy modes, Rostelecom-Solar noted.

According to February 2019, Dozor Web Proxy is included in the Unified Register of Domestic Software (No. 2874) and can be used to replace foreign analogues. Preparations are underway for the certification of the solution at the FSTEC of Russia.

2018

Solar Dozor 6.7

On November 23, 2018, Rostelecom-Solar released another version of its Solar Dozor DLP system. According to the company, version 6.7 implements functionality that will strengthen the prevention of violations of the rules for storing confidential information in the corporate environment and protection against users entering critical corporate data into various applications.

The key in Solar Door 6.7 was the ability to actively counter violations of the rules for storing confidential information in the corporate environment using the File Crawler module. Now the officer information security can configure File Crawler to scannings files automatically place the results found that violate the information security policy into a secure storage (quarantine directory).

This feature for November 2018 is unique to the domestic market. It allows you to prevent the leakage of confidential information without waiting for the security officer to notice the violation and take the necessary measures to eliminate it. Galina Ryabova, Head of Product Development at Solar Dozor

In addition, the next version implements the ability to intercept data entry into various applications from input devices. The fact is that many applications encrypt the data passing through them. So that the information security officer can control what exactly users of corporate information systems enter into various applications, this version implements functionality that allows you to intercept this data before it enters applications. In particular, Solar Door 6.7 intercepts data erased by the Backspace key, PrintScreen keystrokes, various keyboard shortcuts processed by applications, logins and passwords entered by users, etc. At the same time, the security officer can only configure interception of information that is especially critical for the organization.

For November 2018, the system also allows you to see events that occurred on the workstation (terminal/remote desktop) a few minutes before and after entering data into the application. To do this, directly in the log for each record, the search for the closest screenshots is implemented.

To help the information security officer to organize a more convenient analysis of network traffic, Solar Door 6.7 added the ability to filter messages of the same type containing matching headers, user actions and types of such actions, as well as the date and time of actions. The function is designed to reduce the interception of uninformative traffic.

In addition, binding files to messages during interceptions on post resources in the default ICAP/ICAPS operating modes is implemented. servers File interceptions do not occur immediately after download, but, depending on the resource, are tied to intercepts for sending a message and/or saving a draft. Attachments are uploaded by timeout if the user has not sent a message during this time.

Integration with CompanyMedia EDMS

On August 16, 2018, it became known that Rostelecom-Solar the company INTERTRUST also completed integration its products: Solar EDMS CompanyMedia DLP Dozor systems and IGA platforms. Solar inRights Using them together will allow customers to differentiate the access rights of employees in the system electronic document management and protect themselves from. leaks More. here

Integration with FortiGate firewalls

The solution for protection data breaches Solar Dozor from Solar Security firewalls and the next generation FortiGate next-generation firewall virtual appliances has been Fortinet tested for compatibility. This was reported on May 7, 2018 by Solar Security.

The DLP solution monitors the activities and communications of employees on workstations, on the corporate network and on the Internet. Technically, this functionality is provided by modules that are deployed in the customer's infrastructure during the implementation project and control various types of traffic.

FortiGate next-generation firewall virtual appliances monitors traffic to block access to infected sites and use dangerous applications, as well as prevent virus infections and provide proactive intrusion protection. When integrated with Solar Dozor via ICAP, all web traffic passing through FortiGate next-generation firewall virtual appliances enters the DLP system for analysis.

After that, Solar Dozor forms employee communication schemes, profiles their behavior and detects anomalies in order to detect and prevent information leaks with high accuracy, Solar Security explained.

Integration with Fortinet solutions will make the Solar Dozor implementation process easier and faster, as it will allow you not to deploy additional tools for collecting and decrypting web traffic, but to use a solution that in most cases is already installed at the customer. Thus, we will integrate into the existing infrastructure without the need to purchase a web-proxy module from us or other manufacturers of such systems, "said Vasily Lukinykh, Solar Dozor business development manager at Solar Security.

Solar Dozor 6.6

Solar Security, a developer of products and services for targeted monitoring and operational management of information security, introduced Solar Door 6.6 on April 11, 2018, the next version of the employee communications control system, identifying early signs of corporate fraud and conducting investigations. Solar Dozor 6.6 monitors the actions of privileged users and protects sensitive data in the cloud.

The developers have built a cloud crawler into version 6.6. It is a specialized tool that allows a security officer to scan the cloud storage that employees use.

In the corporate segment, Microsoft Office 365 has become widespread, so first of all we implemented the OneDrive audit - in relation to both corporate and public cloud storage. In the future, we plan to scale this technology to other cloud services. A security officer should be able to control information regardless of where it is stored, "said Vasily Lukinykh, Solar Dozor Business Development Manager at Solar Security.

In addition, according to the developers, in the presented version, the Solar Dozor capabilities have been significantly expanded due to the functions of the DLP system's own security. Solar Dozor 6.6 offers business tools to "control supervisors" - access rights management and audit of DLP system users.

A flexible user rights management system makes it easy to manage user accounts and roles. The solution supports granular access control, which delineates the rights to individual sections of the interface, objects and functions of the system.

The Solar Door 6.6 user activity log contains detailed records of who, when and what did on the system. With its help, you can control the actions of both specific information security specialists and all users of the DLP system. If anyone tries to perform inappropriate actions in the system, the concerned persons will immediately be notified of the incident.

Like every Solar Dozor update, version 6.6 includes interface enhancements. In this case, we are talking about a help system. Now, from any DLP system window, the user has access to contextual help containing all information about the partition in which he is located. Help is designed in the same Solar Dozor style and supports instant search for the necessary information.

2017

Integration with NeuroDAT SIEM

Solar Security and the Information Security Center completed the integration of the Solar Dozor DLP solution and the NeuroDAT SIEM information security monitoring system in early November 2017. Within the framework of technological cooperation, a solution interaction scheme has been implemented, which allows enriching NeuroDAT SIEM with incident information from Solar Dozor.

Solar Dozor detects and prevents internal threats to the company's information security. The solution collects information about the movement of confidential information and communications of company employees through corporate and personal mail, various instant messengers, web resources and many other channels.

In addition, unlike other DLP systems, Solar Dozor records not only the fact of information leakage, but also non-standard, suspicious behavior of company employees. Such information is the result of complex analytics and helps to identify an impending or secretly ongoing attack that is invisible to classic leak prevention technologies.

The companies have developed a connector that allows you to transfer this information from Solar Dozor to NeuroDAT SIEM. As a result, now in NeuroDAT SIEM, the automated formation of various types of information security incidents based on analysis and correlation (correlation) of events occurs using another important event provider.

When integrated with Solar Dozor, NeuroDAT SIEM aggregates and analyzes events from sources that track not only external, but also internal threats to information security. Thanks to this, the security officer gets a complete picture of what is happening in the company from one console, can apply unified analytical tools to all information about events. This allows you to instantly identify ongoing attacks and respond quickly to them, "said Vasily Lukinykh, Solar Dozor Business Development Manager at Solar Security.

Considering that NeuroDAT SIEM collects security events not only from DLP systems, then using the event correlation mechanisms implemented in NeuroDAT SIEM, security officers will receive an additional tool to reduce the number of false positives when detecting incidents related to data leakage, "added Ivan Aksenenko, Information Security Center.

Integration with MaxPatrol SIEM

Solar Security and Technologies company announced in October the completion of the DLP Solar Dozor integration project MaxPatrol SIEM and a ― system designed to identify information security incidents in real time. Now Solar Dozor transfers data to MaxPatrol SIEM, thanks to which the security officer receives a complete picture of information security events and incidents in the company, including data on the transfer of confidential information through various channels, from one source.

Solar Dozor 6.5

On October 12, 2017, Solar Security introduced the next version of Solar Dozor, created in order to optimize the processes of system configuration and self-diagnostics. The release includes a number of functions that make it easier to configure the system, as well as deploy and manage agents.

The ergonomic interface has simplified the management of Solar Door 6.5 settings. This is achieved by intuitive grouping and quick end-to-end search of system parameters.

In particular, the system for deploying and managing agents was improved. Solar Security 6.5 allows an information security officer to centrally install agents on workstations, configure policies, and monitor their status. Version 6.5 has its own card for each workstation, which reflects technical data about it, information about all logged-in users, information about the status of the agent and the relevance of settings and policies. This allows the information security officer to monitor the smooth operation of Solar Dozor agents.

In addition, the information security officer no longer needs to contact system administrators for up-to-date information about the state of the infrastructure, because Solar Door 6.5 has a tool for investigating the local network for new nodes and services, Solar Security said.

To ensure that the Solar Door configuration does not cause unnecessary difficulties, version 6.5 also implements online help, which can be opened anywhere in the system interface.

Postgres Pro support

On September 19, 2017, the company, Solar Security a developer of products and services for targeted monitoring and operational management of information security, announced the implementation of support in the Solar Dozor system, Postgres Pro a domestic branch. DBMS PostgreSQL

According to the developers, the optimization of the event archive is an important part of the development of Solar Dozor. The product implements mechanisms for managing long-term and operational storage, which remove shelf life restrictions and provide a large "shoulder of investigation" for any period of time. Support for PostgreSQL was implemented in Solar Dozor 6.1, and thanks to the specially developed PostgreSQL partitioning system, it was possible to reduce storage costs and increase the speed of searching the archive. The proven capabilities of the Solar Dozor archive are more than 10 years of data storage and more than 850 TB of volume. In the latest version of the DLP system, a full-text archive search takes only a few seconds.

Postgres Pro DBMS is included in the register of Russian software, which makes the Solar Dozor - Postgres Pro bundle the optimal solution for companies planning to replace foreign IT systems with domestic ones.

Solar Dozor 6.4

On April 11, 2017, Solar Security announced the release of the Solar Dozor 6.4 DLP technology.

This version increases the effectiveness of investigations and the convenience of the user working with the system. According to the developers, Solar Dozor 6.4 at each stage helps the security officer get the information he needs faster, save time on routine operations, and do more work with less labor^[1]

Solar Dozor 6.4 offers a security officer a tool - summary analytics by person. The "Person Summary Analytics" contains a complete summary of the employee's activity - basic information, statistics on events and incidents, communications, communications and files. The report is adapted so that you can immediately send it to the manager, present it at the meeting or attach it to the employee's personal file in the personnel department. You can display it in the web interface or upload a PDF file for printing.

Another investigation optimization tool is the analysis of the employee email archive created before the DLP implementation. Scanning mail servers helps to "look into the past." Any mail server, cloud or public email service, with support for the IMAP protocol, can be connected to Solar Door 6.4 and analyzed the correspondence archive by applying filtering policies and rules. This reduces the time to receive the first results on pilot projects, since after the first scan, the information security service receives information on incidents that occurred before the implementation of Solar Dozor.

Solar Dozor Web-Proxy's own proxy server now works transparently, including when deployed. SSLenciphering This approach allows you to use all the capabilities of the proxy server without the need to make additional connection settings Internet on workstations. They simply connect to the network, and all employee web activity, including encrypted traffic, is under control.

More than 100 changes have been added to the Solar Door 6.4 interface. The capabilities of the interface allow you to quickly create an incident from a message, add a person to a special control group, find objects in the dossier, policies and information objects, leave comments on the incident card, and more.

The Solar Door 6.4 version implements the Bread Crumbs functionality. It allows you to view and, if necessary, quickly return to the last 10 actions in the system. This simplifies the routine tasks of a security officer when, during the course of working with a DLP system, he has to make many clicks per minute, moving from the main branch of the investigation to the side. Now the user does not need to keep a chain of his actions in memory in order to quickly return to the main branch.

From the very beginning, we sought to create a product that is different from other solutions of the Russian DLP market - optimized in terms of analytics, convenient to work and focused on the use of technologies to the same extent as on user comfort. At Solar Door 6.4, we continued to develop the security officer's analytical tools, concentrating on simplifying the incident investigation process. In addition, we are convinced that the DLP system should adapt to the user, and not vice versa. Therefore, most of the work on the release was devoted to improvements in usability. As a result, despite the fact that Solar Door 6.4 is based on the most complex technologies, the system has become even easier and easier to use. Galina Ryabova, Solar Dozor Head of Solar Security

Solar Security and Kraftway will present a joint secure solution

Solar Security announced the launch of a technology partnership with Kraftway. Prtners will bring to market a joint solution focused primarily on public sector organizations that have increased requirements for the security and origin of infrastructure solutions.

The joint development is a hardware and software complex that includes a system for protecting against internal threats Solar Dozor, deployed on trusted Kraftway servers. They can be run by one of the certified domestic operating systems, including Astra Linux Special Edition 1.5 (Smolensk release), GosLinux or Zircon 36K.

To increase the level of trust in hardware, Kraftway has developed and is implementing the concept of a trusted platform. The increased security of Kraftway servers is achieved through the use in their architecture of motherboards developed Russia in motherboards, as well as the source codes of the built-in firmware of key nodes (BIOS of motherboards and firmware of microcontrollers). Information protection and control tools are deeply integrated into motherboards at the design stage and are launched at the very initial stage of device operation, before start, with operating system a guaranteed execution priority over all other hardware and software functions. All servers companies are also equipped with specialized proprietary software tools for collecting and processing information about security events and monitoring and managing infrastructure. The production of equipment at the plant in Russia with the possibility of integration into the production cycle of special inspections and studies reduces to zero the likelihood of undeclared capabilities and hidden control channels in the server equipment.

"State information systems are becoming an increasingly attractive target for cybercriminals acting boldly and sophisticated," said Maxim Shumilov, Deputy Director of the Kraftway Business Development Department. - In modern conditions, solving information security issues is impossible without taking into account vulnerabilities below the OS level in firmware on motherboards, in microcontroller firmware. Hardware and software complexes created on the basis of trusted Kraftway platforms are devoid of such vulnerabilities and have additional functionality to repel low-level attacks on the information infrastructure. Therefore, the use of trusted server equipment Kraftway as a hardware basis allows software developers and integrators to bring to the market modern, reliably functioning, tested complexes that will help government organizations and enterprises create a truly effective system of preventive protection of confidential and classified information. "

2016

At Solar Dozor and AMT InfoDiode announced a PAC to control employee communications

In November, the companies Solar Security AMT GROUP announced the creation of a software and hardware complex to monitor employee communications and identify early signs of corporate fraud in companies with isolated secure environments. The solution is implemented on the basis of Solar Dozor products and. InfoDiode AMT

The development is focused primarily on the public sector, including power structures, industry, the fuel and energy complex, as well as commercial enterprises of any industry using isolated network infrastructure circuits. The use of DLP systems in such organizations imposes certain restrictions on the storage and processing of analyzed data. Even if the collection is carried out in an unprotected circuit, the analysis and storage of information must be carried out in a closed perimeter inaccessible from the outside. This makes it possible to ensure reliable control of employee communications and guaranteed confidentiality of corporate information.

The appliance is a Solar Dozor 6 solution deployed in open and closed loops on secure InfoDiode servers separated by a hardware unidirectional gateway. The use of Solar Dozor 6 in conjunction with AMT allows you to guarantee the protection of critical segments from external threats, and, therefore, provide an unprecedented level of security when performing controlled uploading/loading of information. Data is collected and filtered on both servers, but all data received in the open loop is transferred to the closed segment, where it is stored and processed.

Data can be transmitted both via application layer protocols (FTP, SMTP, CIFS, etc.) and transport layer protocols (TCP, UDP). The solution consists exclusively of Russian components both in the software component (including the Russian certified operating system Astra Linux) and in the hardware.

Solar Dozor 6.2

On September 28, 2016, Solar Security announced the release of Solar Dozor 6.2.

In the Solar Door 6.2 version, in addition to the usual analyst desktop, a functionality called "Manager's Desktop" is implemented. This is a section of the dashboard that gives the information security manager or DLP system business customer the opportunity to get the information they need to analyze the operational environment.

The main task of this software solution is to help the head of the information security department in managing subordinates using Solar Dozor. The information security manager can see on one screen a summary of the number of events and incidents, how many of them have been processed or are under consideration, who is responding to the analysis of an event, can view the data of the latest reports generated by the security officers of^[2].

Graphical widgets on the manager's desktop give a higher-level and generalized view of the situation in the company, the dynamics of the number of incidents and the level of threats. Widgets are grouped to provide the information security manager with the necessary data for a quick assessment and making adjustments to the work of analysts who analyze incidents.

This version of Solar Dozor implements the search and display of related messenger messages in the form of conversations. According to the developers, this familiar and understandable method of presentation allows you to assess whether the system actuation is an incident, simplifies and speeds up investigations.

In order for the security service to have confidence in the control of employee workstations, Solar Dozor 6.2 monitors and displays the activity status of agents. When viewing the list of persons in the corresponding group or person cards, the security officer will receive information about the presence of an agent on the workstation and its activity.

Many DLP systems still remain a kind of "black box" for users, they point-notify about information security events, but do not help the security officer to form a single picture of what is happening in the organization. We make sure that the analytics at Solar Dozor are transparent and understandable, and for this we are constantly working to improve the reports. The manager's desktop is another step in this direction: it brings together all the top-level analytics, ensuring the completeness and integrity of the vision of the situation in the company. Igor Lyapunov, CEO of Solar Security

Solar Dozor 6.1

The new analytical tool Solar Door 6.1 is the "Thermal Communication Map," which visualizes the intensity of employee communications or information movements, while the intensity of communications in the context of channels is coded with color. This tool gives the security officer the opportunity to quickly assess the situation, see potential risks and "hot spots." Using this tool, the security officer can build a graphic map of the information object or person of interest to him.

The functionality for controlling users through the analysis of screenshots of their workplaces has also been expanded. Taking an image from the user's screen can be configured according to a schedule, by pressing a given sequence of keys, by an active user window or application, for example, by clicking PrintScreen in a CRM window, ERP system or design application. All screenshots now fall into the "Persona Dossier." For convenient display, search and visualization, the screenshot base is presented in the form of a modern gallery familiar to users, supporting all kinds of filters, for example, the name of an active application. It is possible to obtain a list of processes and applications launched on the workstation at the time of taking the screenshot.

Another new tool is an expanded communication map of information objects, containing statistics on all communications related to the transfer and storage of information objects for a specific period of time. Previously, it was possible to view a communication map of one information object, in the new version a map of categories of information objects became available. As a result, the security officer, having assessed the general situation, can quickly, in one click, obtain detail on the information object that interests him with the possibility of moving to a specific message.

As in previous versions, the development of Solar Door 6.1 paid great attention to the reporting system. The results of working with all new tools are also available in reports that can be viewed both in the web interface of the solution and uploaded in PDF and/or XML format. It is also possible to configure the distribution of reports by e-mail to all interested parties on a schedule.

Continuing the course to support import substitution and the possibility of using freely distributed software, this version expanded the possibilities of using PostgreSQL, the first support of which was implemented back in 2005. In particular, the mechanisms for long-term storage of large amounts of data were improved, which, according to the developers, are not inferior in terms of commercial DBMS.

Solar Door 6.0 increases image recognition speed by 5 times

In June 2016 Solar Security , it announced the significant development of the Solar Dozor OCR module, developed based on the company's text recognition technologies. ABBYY This module allows the DLP Solar Dozor system to control the flow of confidential data and prevent its leakage by recognizing text information in various images.

The amount of information transmitted both outside and within organizations is constantly growing, thereby increasing the risk of leakage of confidential information. Solar Dozor OCR allows you to recognize text symbols in image files that employees can transmit over network channels, send to print, copy to external media, or save to network storage. The use of this module within the DLP system helps organizations protect confidential data from leakage, even if it has been converted into graphics - printed and scanned, photographed, saved in PDF, taken from the screen in the form of screenshots, etc.

An increase in the flow of transmitted information leads to an increase in the load on the equipment and, as a result, to the forced expansion of the infrastructure at the customer's side. Therefore, Solar Security and ABBYY decided to develop the OCR module within the Solar Door DLP system. The recognition speed of the module was increased by 5 times compared to its basic indicators, which allows you to process images in an information stream of more than 700 GB per day, without slowing down the DLP system. The speed increase was achieved due to the preliminary processing of images: the module corrects line distortions and their distortions, determines the top and bottom of the document and the initially reflected text, and also allows you to recognize multi-column text.

Solar Security was the first to release a DLP agent for controlling Linux workstations

In the spring of 2016, Solar Security was the first among domestic DLP developers to launch the Dozor Endpoint Agent for Linux workstation control module, which is part of the Solar Dozor 6.0 DLP system, designed to work with Astra Linux and GosLinux (Goslinux).

The development of the Dozor Endpoint Agent for Linux is an important stage in the development of the first Russian DLP system Solar Dozor 6.0. The creation of the module is dictated primarily by the requirements of the Russian market, since an increasing number of organizations within the framework of import substitution are switching to free OS ones on the basis. Linux

The Dozor Endpoint Agent for Linux allows you to monitor data content on removable media, print on local and network printers, and audit workstations and connected network storage for violations of sensitive data retention policies using content and context attributes.

The Door Endpoint Agent for Linux module can be used in organizations with increased requirements for secure systems, it provides the ability to block data transfer to effectively protect the most critical information.

2015

Solar Dozor 6.0

In September 2015, Solar Security announced the release of a "fundamentally new" version of the DLP system - Door 6.0. The company notes that it was developed taking into account changes in the vector of work of corporate security services: according to Solar Security, instead of combating individual leaks of confidential information, security officials are now increasingly focusing on combating internal fraud, protecting against disloyal employees and employees from risk groups that can cause economic damage to the employer.

To make Dozor better suited to these tasks, it expanded analytical functionality and search capabilities, as well as redesigned the interface in accordance with the new logic of work.

"When developing the new version of Solar Dozor 6.0, the company's specialists carried out extensive research work that summarized the practice of using more than 100 installations of previous versions of the system," say Solar Security. "The result of this work was a significant system update that allows Solar Dozor 6.0 users to identify, block and investigate not just leaks of confidential information, but fully combat complex corporate fraud schemes."

Analytical capabilities

Among the new analytical capabilities of Dozor are the ability to identify anomalies in employee behavior and communications (for example, communication with atypical contacts), the ability to analyze data based on OLAP and BI technologies with instant detail, and a hint of the next steps in conducting investigations. Also, a catalog of identified fraudulent schemes and their early signs with industry specifics has appeared in the system, which can help in analyzing events and incidents.

In the new version of Dozor, the "dossier" function has significantly expanded: in the previous version of the program, it was possible to compile a "dossier" only separately for each employee and separately calculate the level of trust in each of them by entering the bulk of the information for this manually. In the new version of the product, dossiers can be compiled into groups of employees, and data can be loaded into the system automatically from external systems - HRM and counterparty verification systems. Employee trust building technology has also been improved.

In addition to employees, "dossiers" can now be compiled on information objects, which mean a group of documents and information messages of a certain topic: for example, meeting minutes, summary of strategy and plans. Also, Dozor has added the ability to integrate the analytics, investigation and storage module with any third-party DLP system.

Search opportunities

According to the developers, the updated Dozor is capable of searching at a speed of less than 1 sec. in the archive of 17 million messages. According to the general director of Solar Security Igor Lyapunov, earlier the search could take from several minutes to 30-40 minutes, depending on the amount of data array on which it was carried out.

Lyapunov explained that the company conducted a study that users are more often looking for what are the most typical search queries in certain investigations, and for many requests created ready-made data slices. Due to this, up to 85-90% of requests should be processed by quick search, Solar Security expects. The search interface is now made in the style of traditional Internet search engines.

Interface

The Door 6.0 interface differs significantly from the interface of previous versions of the system: it has acquired a "space look," and its basis is the situation center for internal threats, which allows solving most operational tasks within a single information panel. allows for further monitoring and response.

The Door 6.0 interface is adapted to work on two main scenarios: regular monitoring of the operational situation and investigation.

The unified dashboard provides information on the most important system results, such as critical events, persons and special control groups, protected information objects, anomalies in employee behavior, as well as summary information on currently existing threats. According to the company's idea, this should make it easier for security personnel to monitor events and allow them to quickly assess the operational situation and highlight the current priority tasks.

The Solar Door 6.0 Situation Center also implements case management to manage the incident lifecycle: the system allows you to appoint a person responsible for the investigation, monitor its progress and see the result.

Pricing policy

Speaking about the cost of Dozor 6.0 licenses, Solar Security CEO Igor Lyapunov told TAdviser that on average it remained the same as for licenses of the previous version of the product, but for the most common installations the cost will be slightly lower: taking into account the difficult economic situation in the country, the company made changes to the licensing structure and optimized the product by price.

2014

Watch-Jet 5.0.4

On September 18, 2014, Jet Infosystems announced the release of a new release of the Dozor-Jet software complex 5.0.4. The key feature of the release is the presence of an incident investigation model. The updated management interface of the system allows you to interpret and visualize the data necessary for investigation in a convenient form with different levels of detail.

The incident model turns the DLP system into a tool for investigating information and economic security violations, increasing the effectiveness of information security and security services, allowing them to identify and suppress facts of fraud or commercial collusion of employees in the initial stages.

The new functionality allows you to analyze incidents at three levels:

• operational level: the system automatically monitors and analyzes all corporate communications of employees, creating incidents on information security events and assigning them the necessary level of criticality. Based on this data, a level of trust in each employee is also formed. An information security or security officer at this level can redirect individual incidents for deeper verification or mark the incident as erroneous;
• tactical level: an information security analyst has the ability to directly view the dossier of communication participants from the incident window, perform in-depth analysis and investigation of the incident, including on the basis of internal relationships between suspicious communication participants identified by the system (both internally and externally). The result of the work is the investigation and qualification of the information security incident, the identification of the circle of persons involved in it. Based on the results of the investigation, a report is formed for management;
• the strategic level provides for the work of the head of information security or security services and business leadership for making management decisions based on reports created in the system.

The technologies used in Dozor-Jet allow, with the increased volume of work performed by the complex, to maintain the high performance of the filtering system: the data flow is intercepted and analyzed at speeds up to 10 Gbps.

"This release translates the product from classic information security systems into a class of business systems used, among other things, to ensure economic security. After the "Employee File" module, increasing the speed of traffic analysis and the transition to data storage using Big Data technologies implemented in previous releases of "Watch-Jet," the introduction of an incident investigation model became logical. This is a natural step that allows us to move on to creating a large-scale system for investigating information security incidents and deep business analytics of corporate communications, "said Igor Lyapunov, director of the Information Security Center of Jet Infosystems.

Watch-Jet 5.0.2

On July 16, 2014, Jet Infosystems announced the release of release 5.0.2 of the Watch-Jet information leak protection complex.

The developers have changed the configuration of the complex: starting from this version, the complex consists of three functional blocks that combine 12 modules in accordance with the type of tasks to be solved.

The innovations are organizational in nature − they affect licensing and modular layout and do not relate to the technical architecture of the solution: the modules are now grouped according to specific tasks of protection against information leaks. As a result, the implementation logic and operation of the product have been optimized, as well as the technological possibilities for further increasing its functionality have been expanded.

In accordance with the new modular structure, the license policy has changed. It came into force in July 2014 and is more transparent and flexible.

"In more than 15 years, the Dozor-Jet market has gone from a mail archive to one of the most mature DLP solutions on the Russian market. The functionality of the complex has been repeatedly updated in accordance with current market trends, but its structure has remained unchanged, − said Igor Lyapunov, director of the Information Security Center of Jet Infosystems. - As a result, we faced difficulties in launching new opportunities within the framework of a structure that does not correspond to them. In an effort to improve this process, we have created a conceptually new product structure, on the basis of which we will continue to develop it. This also affected the change in the licensing policy. Basically, we "relaunched" "Watch-Jet." "

"Watch-Jet" structure 5.0.2

• A Dozor Monitor unit designed to conduct passive monitoring and analysis of corporate communications, including checking email messages, instant messaging systems, files and other data for compliance with the provisions of internal policies for the use of Internet resources and internal information resources of the company. It also provides an investigation into incidents in the field of information and economic security in corporate information environments;
• The Dozor Prevent − unit provides active control and protection of confidential data, allowing not only to track, but also to prevent information leakage from the corporate network through various communication channels;
• Dozor Full Archive - the third block, combines the means of extended archive and investigation. This block contains elements of Artificial Intelligence (technologies for processing and searching data) and allows you to segment databases, search for similar documents, categorize mail messages.

The blocks and modules of the complex can be combined and scaled according to the size of the organization (from SMB sector companies to large holdings with a complex distributed branch network).

2012

Watch-Jet 5.0.1

Version 5.0.1 implements control over cloud distribution and file sharing tools such as Dropbox, Yandex.Disk, SkyDrive - and this list is constantly being replenished. The popularity of cloud technologies provides the richest opportunities for the development of DLP, especially if we talk about new agents, network interaction, because the amount of this data is huge.^[3]

One of the main and fundamentally new functionality that appeared in the fifth version is called "Dossier." We are talking about collecting data on people who are suspected of insider actions. The technology uses various algorithms for obtaining additional information and processing it and is based on the integration of information security systems and other IT systems. DLP has become one of the key nodes in the security management system and is able to provide the most complete answers to questions of interest to the security officer from the point of view of protecting corporate information (What kind of person is this? What is he doing? What was he doing yesterday? Is there anything suspicious about his actions?).

There are quite a few modes of searching and extracting information during the analysis: this is a search by part of the match or by statistical marks. Search modes are adjusted according to the levels of accuracy and reliability. Fuzzy search involves searching for both replacement documents and those that are compilations of other known documents. The new version of the Dozor-Jet product implements a mechanism for accurate search of confidential data, which we call a template document. It will reduce false positives.

Watch-Jet 5.0

In November 2012, Jet Infosystems announced the release of version 5.0 of the Watch-Jet 5.0 information leak protection complex, which has significant improvements. "Watch-Jet" 5.0 is distinguished by an intuitive interface and increased to 10 Gb/s filtering system performance, as well as the presence of new functional modules. The operation and processes of processing the results of the complex and incident investigation have been significantly simplified.

The new interface of the "Watch-Jet" 5.0 complex makes the work of the information security officer with the system more convenient and visual. For example, it became possible to quickly compare the results of several queries and evaluate the state of the entire complex online. The distributed systems of the complex are controlled from a single point through a web interface. At the same time, constant monitoring of the operability of all services and, if necessary, their automatic restart are provided. This significantly reduces the time required for an information security officer to maintain the system, and increases its manageability and reliability.

The performance of the filtering system of the new version of the complex is more than doubled and allows you to intercept data flow at a speed of 10 Gbps. By porting the complex filtering system to the Crossbeam platform, you can flexibly increase its performance and provide the necessary level of reliability and security.

The information processing algorithms in the fifth version of the complex are optimized for working with significant data arrays. In particular, the use of a hybrid data store in "Watch-Jet" 5.0 allows you to store directly in databases only "light" metadata of letters and indexes. "Heavy" data (attachments, etc.) is stored in a file store. Due to this, a 60% reduction in the occupied space on the disk subsystem was achieved compared to previous versions of the complex, the speed of placing data into the database was significantly increased (in some cases, a hundred-fold increase in the indicator was recorded). Also, the fifth version of the complex allows you to work more efficiently with historical data, connecting their necessary units in automatic mode and independently monitoring the correctness of this process. Improving the distinction between the concepts of "sender" and "destination" of messages allows you to significantly reduce the permissible error when searching for the necessary information in the conditions of many different message sources.

The capabilities of the system have been expanded with the help of new functional modules. Thanks to the integration module with the BI-platform QlikView, the Dozor-Jet 5.0 complex can be effectively used to control the execution of the company's business processes, monitor the level of employee loyalty, compile top-level business-friendly reports of the information exchange picture while simplifying the work of information security officers.

The mechanisms for deep data analysis in the fifth version of the Dozor-Jet complex are supplemented with a tool that allows you to search for documents similar in content and get a holistic picture of information exchange on a certain topic. This approach is implemented in a special module that allows an information security officer to use a couple of clicks to determine the subject of a detected document of any volume by highlighting the most typical words and phrases and search for similar information in the accumulated archive.

2011

Watch-Jet 4.0.26

The version of the Watch-Jet system 4.0.26 contains the ability to monitor not only messages sent, but also messages received from the mail systems of Google, Mail and other sites. At the same time, the specialists of Jet Infosystems have completed the development of a new version of a special agent for workstations, which allows you to control documents printed on printers (local and network), control two-way correspondence, voice calls and file transfer via Skype.

Unstructured text analysis is another new feature. The system automatically analyzes any unstructured text, finds the most significant words and expressions in it and forms a list of them. After that, the system compares this list with dictionaries, for example, commercial vocabulary. This allows you to increase the accuracy of the leak alert and thereby increase the administrator's performance, explained in Jet Infosystems.

This version of the Dozor-Jet complex also increases the effectiveness of the digital fingerprint method, which allows you to find matches with reference texts or images in confidential documents and track cases of unauthorized use of business-critical information.

In terms of innovations that are interesting for administrators, we can note a more convenient, intuitive interface and a new mechanism for self-monitoring the system. It automatically determines the amount of "free" space in the databases, and you can set rules for clearing archive data. At the same time, search mechanisms on the accumulated database began to work faster and more accurately. In addition, a new intelligent search mechanism works: the system independently recognizes the e-mail addresses entered and searches by e-mail address, which speeds up the work for the administrator.

Important innovations include the ability to integrate with the Security Operations Center, which allows security officers to receive structured information about information security events in a single interface. Experts will also appreciate the new ability of the complex to work with Oracle 11 R2 and Oracle Exadata Machine, as well as use the Real Application Claster technology from, Oracle according to Jet Infosystems.

In addition, the specialists of Jet Infosystems added to the new version of the complex the ability to monitor corporate mail and document management system based on Lotus-Notes software, which is in demand for many companies today.

Connector for Watch-Jet and ArcSight integration

Jet Infosystems developed in the summer of 2011 a special connector for the integration of the SIEM (Security Information and Event Management) ArcSight class system and the Watch-Jet information leakage protection complex. With its help, the information received by the ArcSight information security monitoring system from the Dozor-Jet DLP system will be promptly received by information security officers . This will allow companies to minimize financial and reputational risks by accurately and promptly identifying events and incidents related to information leaks, the Jet Infosystems company said in a statement.

The development of the connector took place in several stages. First, the specialists of Jet Infosystems identified the main types of events for which centralized collection is required using ArcSight solutions. transport The syslog protocol was chosen as the most convenient to implement: a standard syslog connector is used, which allows you to do without buying additional licenses for the monitoring system, explained in Jet Infosystems. Further, the connector was finalized and tested at the company's stands. Based on the test results, correlation rules were additionally written and consoles were compiled to help security administrators work with the system. At the final stage, load testing was carried out, which demonstrated the connector's ability to handle the flow of events from several servers at the same time.

"We are closely monitoring demand, constantly updating and improving the functionality of the product," said Kirill Viktorov, Deputy Director for Business Development at Jet Infosystems. "Most of our customers needed a single collection point for all logs, and now we can easily combine our system with ArcSight

."

"It was a rather complex, but at the same time interesting project," said Artem Medvedev, head of the Operational Management Centers of Information Security of Jet Infosystems. - Any company that has an information security event monitoring system in its arsenal, sooner or later thinks about the need to combine it with a DLP solution. In practice, we have made sure that the integration of ArcSight products can be carried out with virtually any application. "

Notes