StaffCop - a program for comprehensive control of user actions

The main articles are:

• DLP - Data Loss/Leak Prevention
• Firewall

StaffCop - a software solution from AtomPark Software is designed to monitor the order and feasibility of using PC resources, recording working hours and monitoring employee efficiency

The program supports the functions of monitoring computers in real time, collecting statistics on user activity, monitors running programs, visited sites, and communication in. Internet messengers

The software is simply in installation and management, and the technical support service in Russian, by phone and e-mail will help to cope with operational questions.

Functions

• Decoding of web mail and social networks services: mail.ru, yandex.ru, gmail.com... VK , FB, Odnoklassniki, LinkedIn...
• Mail protocols: SMTP/SMTPs, IMAP, POP3/ POP3s, MS Exchange,
• Transfer of hypertext information and files: HTTP/HTTPs, FTP/FTPs
• Internet messengers: Skype, ICQ, QIP, Jabber (XMPP), Mail.ru Agent, Yahoo and others
• USB ports: monitoring and blocking
• Shadow copy of files: from e-mail, from removable media transferred over the Internet, sent to print

Investigation of information security incidents

• Multidimensional Report Designer: allows the "fly" to get the required data set. Searching keywords and regular expressions will minimize the time it takes to investigate the incident.
• Search by words and regular expressions: allows you to get the required set of data "on the fly." Searching keywords and regular expressions to a minimum will reduce the time to investigate the incident,
• Many graphs and diagrams: to identify anomalous behavior, analyze changes in the intensity of events. Linear, circular and thermal diagrams, graphs of relationships.

Threat Detection and Alert Tools

• Threat Analyzer: Automatically analyze data for suspicious events.
• Content analysis of files: Parsing files for confidential or potentially dangerous information.
• Notification System: Notifications of violations appear both in the administration panel and can be sent immediately by e-mail.

Remote Administration

• Monitoring: remote desktop, network traffic, processes and applications, software installation and removal
• Locks: applications and sites, removable USB devices
• Software and Hardware Inventory

Business Process Optimization

• With StaffCop, you can monitor business processes, find bottlenecks and identify blocking factors, as well as investigate the reasons for their appearance.
• Track real KPI employees, for example, for sales managers - this can be the number of sales quotations and contracts sent, the number of contacts with customers and suppliers.

Architecture

2023: Inclusion in Softline Universe

Softline Group of Companies (PJSC Softline) and ATOM SECURITY LLC on December 13, 2023 announced the merger of the Staffcop system and the Softline Universe ecosystem. The vendor will complement the portfolio of services of Softline Group of Companies to ensure cybersecurity.

The inclusion of Staffcop in Softline Universe will allow you to provide more reliable and secure services, ensuring the protection of confidential information and customer data.

Staffcop is a tool for monitoring and ensuring data security in organizations. It allows users to identify, investigate and prevent information leaks, identify risk groups and fraudulent schemes. The functionality of the product includes the ability to record working time and monitor the effectiveness of employees.

Softline Universe is an actively developing model for providing access to the ecosystem of applied integrated services, computing resources and infrastructure via the Internet. With Softline Universe, users can quickly customize and scale their applications and services based on changing business requirements, thus reducing IT costs.

The concept of the Softline Universe ecosystem involves filling it with modern, reliable and easy-to-use IT solutions. An important parameter for the inclusion of the Staffcop product in the system is its import independence. In this case, the vendor's software becomes the optimal solution to complement the portfolio of cybersecurity services, "said Valentin Martynenko, Softline Group of companies information security architect.

We are glad to start cooperation with Softline Group of Companies. The partnership opens up opportunities for us to develop. We are confident that our interaction will be fruitful and effective, - said Yuri Drachenin, Deputy General Director of ATOM SECURITY LLC.

With the Softline Universe ecosystem, customers can get a full range of IT solutions. All products included in Softline Universe belong to the number of domestic developments and are included in state registers.

2022

Staffcop Enterprise 5.1

On November 10, 2022, the Novosibirsk software developer Atom Security presented the following version of the software complex for monitoring user actions, information flows and events of the Staffcop Enterprise 5.1 system.

In this version, the company has worked on functionality, interface improvements, and updated the logo and corporate identity. For a long time the company remained an endpoint solution, in version 5.1 they are ready to present an ICAP server. As of version 5.1, Staffcop Enterprise supports intercepting files, web form data, Team and Bitrix24 chats, and gateway site history.

Updated internal layer safety for - Linux agent.Implemented - DLP module support, file, network scanner protocol interception and - SMTP protocol at the network level, architecture support, and ARM added distribution package for Portage package manager in. Gentoo

Mas agent functionality has received more capabilities. File monitoring, a single installer for Intel and M1-2 chips, the ability to update the agent directly from the server.

Staffcop internal security at another level. Connected protection from passwords the administrator selection in the web interface, if the administrator is excluded or already does not exist in the AD synchronization group, access to the console will be automatically blocked. When the administrator changes the password, Staffcop will fix it in the logs, and all active sessions of this user will end. Also another addition to the version was a report on the latest actions of the system administrator.

Web console enhancements implemented. Incident table added event ID and incident criticality level. Notifications are implemented - about the exhaustion of the free license pool and about changing the schedule. Added functionality to display the version of agents on the server at the moment.

The company continues to expand its reporting capabilities as it is a tool for analysis and investigation. The combined report displays inactive employees, adds the Employee Position field, and allows you to group by user, and moves daily reports from Administration to the Reports menu.

Staffcop Enterprise 5.0

On May 26, 2022, it became known that the Novosibirsk software developer Atom Security presented the next version of the software complex for monitoring user actions, information flows and events of the Staffcop Enterprise 5.0 system.

time Recently, it information leaks becomes known almost every day. Of course, the level of competence of specialists INFORMATION SECURITY is constantly growing, but in addition to personal competencies, it is important to have an effective tool. The presented version of Staffcop Enterprise 5.0 implements a number of current functions, more than 500 modifications, many extensions of existing functionality.

Interception of instant messengers. Earlier, Staffcop Enterprise implemented the capabilities to intercept Skype, Telegram, ICQ, now full control of WhatsApp, MS Teams and Bitrix24 has been added to them.

Ability to convert audio recordings to text. You no longer need to listen to all the conversations, just look at the text transcript to determine the content. Built-in dictionaries and regular expressions will automate the processing of text data.

The function of using grouping of items into lists that can be used, for example, to form a mail perimeter, monitored devices, files, etc. However, this functionality will help close many more non-trivial tasks. In this case, when editing the list, all policies in which it is used are automatically adjusted.

The ability to divide intercepted files into two types: direction - from and where the file was sent/copied/moved; through the interception channel - mail, instant messengers, flash drives, etc. This function will allow you to more comprehensively analyze the movement of information.

The ability to connect the Apache Tika content parser, which allows you to extract data from more than 100 types of intercepted files, which increases the ability to control the transmission of information critical to the user.

Algorithms now allow you to respond to the and number formats bank cards UnionPay. "Mir"

Current configurations of data access rights for system administrators will allow you to create point settings for providing access to certain data (for example, limit the ability to view correspondence with top management of the company). The capabilities of monitoring system administrators have been expanded, the function of logging any data upload that the system administrator launched has been added. In addition, it is now possible to create administrators with translation of rights from AD. Also implemented is protection against a simple password, which increases the reliability of access to system data, and also has a clear indication of the reliability of the password.

Security. Earlier versions of Staffcop Enterprise introduced the adaptive control function, this version has improved its functionality - you can configure the connection of enhanced mode both upon the occurrence of an event and according to the established thresholds (for example, uploading information that contains trade secrets to personal mail).

The ability to control users working remotely. The administrator can more accurately control the activity of users within a remote session (as soon as the "Session Type" is relevant in the reports, you can determine whether the employee worked directly at the computer or connected remotely), and the user can independently provide access to data according to his working time - which he considers necessary. Employees can turn on/off Time & Attendance themselves through notification on the System Tray and thereby control the recording of Work Time.

Integrations. You can now synchronize employee data across multiple AD organizational groups independently. The login for domain users is also simplified - the domain prefix is indicated in the system settings and is automatically substituted. The ability to import information on vacations, absenteeism, sick leave and other absences of employees from 1C has been added, using it in the URV reports.

Agent capabilities Windows. The restriction of pasting copied text from the clipboard is implemented - text can only be pasted into the application from which it was copied; detecting files, encrypted using "."Crypto-Pro

Intercepts have been added to the Linux agent: files sent to print; letters from the Thunderbird mail client, as well as letters from any Thunderbird code-based mail client; interception of files in Telegram.

Support for Ubuntu 20.04 for the server has appeared. The functionality of the agent remote installation utility has been greatly expanded.

The visual design of the interface has varied. Three interface themes have been developed that can be used and changed.^[1]

Compatibility with AlterOS

The company "" and Atom Security the Group of Companies ALMIS"" completed compatibility tests confirming the correctness of the software complex for monitoring user actions, information flows and events of the StaffCop Enterprise system with. operating system AlterOS This company "ALMIS" announced on February 25, 2022.

The proven compatibility of AlterOS with StaffCop Enterprise provides users of this operating system with the opportunity to protect and preserve the confidentiality of both their personal data and information about their clients and partners.

{{quote 'author = said Stanislav Orlov, Technical Director of ALMI Group of Companies.|Any actions that the user performs at his computer carry certain information, having gained access to which, attackers can cause severe harm. This applies to the pages visited, logins entered, passwords and bank information. Protection from information leakage is necessary, especially in the work of organizations and institutions, when you have to deal with the data of other people. Therefore, we are very pleased with the technological partnership with Atom Security, and believe that the confirmed compatibility of our products will allow AlterOS users to increase their information security and protect all data inside a computer or network. }}

Шаблон:Quote 'author = noted Fedorov Ivan, General Director of Atom Security LLC.

2021

Red OS Compatibility

RED SOFTWARE and Atom Security have confirmed the compatibility of the software product StaffCop Enterprise (agent module) with the operating system RED OS. Red Soft announced this on December 20, 2021.

As a result of testing, we managed not only to expand the RED OS ecosystem, but also to increase its security. This helps our customers build a threat-resistant IT infrastructure. Thank you partners for your cooperation!, " Rustamov Rustam, Deputy General Director of RED SOFT, commented.

StaffCop 4.10 with protection against deactivation, notifications in Telegram and updated locks

On November 8, 2021, Atom Security introduced the StaffCop 4.10 version with anti-deactivation protection, Telegram notifications and updated locks.

In this situation, remote work is a convenient alternative for the employer. But the question arises - how to control the workflow of employees? Staffcop Enterprise is a software package that allows: to track how much time an employee really spent on work, protect confidential company data from leakage, the technical department - to ensure timely solution of technical problems arising from an employee, and much more.

Updated file control capabilities. Added attributes that can prevent copying or writing files from media to media (for example, copying files from USB to a hard drive).

It is possible to assign a specific condition, during which the agent configuration will change to enhanced control, using locks.

Lock settings have been created by file operation type - you can now disable specific file operations for specific users.

Work with incident investigations at a different level. After numerous requests from our clients, the ability to receive notifications about filters and policies that have worked in the Telegram bot was added. Also, the video recording functions from the webcam have been improved for offline mode.

Uploading and working with data is even faster. For the image recognition module, the ability to work simultaneously with any number of recognition/machine learning servers has been added.

Working with interface and licenses. Now there is a detailed logging of the assignment and revocation of licenses, as well as automatic revocation of licenses for specific users of the terminal station. Regarding agents, you can now:

• find out which AWS the agent was installed on;
• see in total all settings of a specific agent on the AWS;
• see by which AWS or employees there was no data upload and how long.

Huge work was also done to improve and refine the existing capabilities.

2020

• ~ 1300 server components were sold, ~ 66,000 AWS for 2019.
• ~ 2,200 server components were sold, ~ 171,000 AWS for 2020.

As a base for Infosecurity Tracker leak prevention service

Infosecurity (included in the GC) Softline December 16, 2020 announced the launch - Infosecurity Tracker cloudy DLP a service that simplifies the entire prevention process. leaks One of the subscription options is implemented on the basis of the StaffCop solution. More. here

Staffcop Enterprise 4.8

On October 20, 2020, it became known that Atom Security released Staffcop Enterprise 4.8.

To ensure enterprise information security, you need to use several systems, so the company is working on and improving the compatibility of Staffcop Enterprise with other security systems: this version improves collaboration with RuSIEM, MaxPatrol SIEM, as well as the Power BI business analysis tool. Now Staffcop is even easier to integrate into existing systems to strengthen its security perimeter.

In addition, there is increased interaction with Active Directory to make Staffcop reports in more detail. Granting access or assigning a level of control to an employee or groups of employees is based on data from Active Directory. By reading data from AD, you can supplement employee files in Staffcop Enterprise.

Employee cards are a necessary control tool - they contain all collected data for a specific employee, including: email addresses, used USB drives, recordings of conversations via corporate IP telephony, notes of managers or security officers for an employee, incidents associated with this employee, etc.

When working with information security incidents, the speed of response and incident processing is very important, so now the setting of the display of fields in the event lens can be saved so as not to waste time next time. For a large number of employees and, accordingly, events, it becomes important to fine-tune the time interval of displayed events - therefore, you can specify not only the day for which you want to view events, but also hours and minutes.

Also, Staffcop Enterprise 4.8 simplifies the organizational moments of processing information security incidents - now you can specify the employee's belonging to several departments, if necessary. If personal computers in your enterprise become inactive, you can configure them to automatically remove licenses. To streamline the work of security officers, you can send information security reports to the mail at a specific time, for example, at the end of the day.

The company continues to expand the ability to customize the operation of the agent so that it is easy to use it, regardless of the business processes used. Since many organizations transfer employees to remote work, the agent's work schedule has been added so that he collects information exclusively during working hours. Added a category for monitoring applications and programs. It is needed to control employees engaged in special or especially important activities. On top of that, it became possible to configure sound recording when certain applications are active - this significantly strengthens control over information security incidents and their investigation.

Improving file and application control systems is an integral part of each release. The mechanism for intercepting files sent to print has been completely redesigned - the original file is intercepted, the fact of printing is recorded and a screenshot is taken, regardless of which printer was printed to.

In addition to developing the existing functionality, a new one is added - Staffcop 4.8 expands the ability to control files: now the agent can scan files located on the employee's work computer. This allows you to overlap a whole range of tasks - to audit documents on the employee's computer; Determine where the files with the text you are looking for are located. detect documents outside the permissible information perimeter; Delete the information that the employee illegally had.

Staffcop Enterprise uses technology, because only by walking in step with time can you provide customers with the most efficient and modern solution. Release 4.8 continues the development of a neural network module for recognizing images of webcams, screenshots and scanned documents. This is a very powerful tool that allows you to solve a whole range of tasks that previously required a person. For example, you can find scans of documents (printing documents, passports, SNILS, driver's licenses etc.); Determine the presence of an employee at the workplace and who works at the computer find personal data or internal documents of the enterprise located outside a certain information perimeter, etc. This is a complex but extremely effective tool that can significantly facilitate information security tasks.

It is not enough just to introduce functionality or technology, and hope that this will be enough. It is necessary to regularly revise existing functions, modules and technologies for their relevance and compliance with information security standards. First of all, it is the optimization of the web interface to simplify the use of functions and the display of information.

In version 4.8, the following web interface improvements were made:

• Now, when saving or printing a report, its name coincides with the name of the report header, and when you open a link in the report in a separate tab, the corresponding report for this user opens;
• Text found using different dictionaries is highlighted in different colors;
• Instead of creating the same type of policies, you can create several copies of one specific one;
• Agent Deleted status for remote agents.

The components of the Staffcop server have been checked and updated to improve security and performance. Updated built-in file drivers - simplifying installation in hypervisors KVMi Proxmox - and updated index database. ClickHouse In addition, Staffcop was tested using the database Jatoba and installing the Staffcop server in UEFI mode - everything works correctly.

And, of course, a heap of minor changes - for example, corrections in the translation and names of menu items and reports in English. ^[2]

StaffCop Enterprise 4.7

On May 26, 2020, the company StaffCop (Atom Security LLC) announced release 4.7. The StaffCop Enterprise software package is designed to monitor all employee actions for workers, computer system flows information and events, as well as for analyzing, alerting and blocking dangerous and unproductive activities.

According to the company, operating system servers it has been updated until Ubuntu 18.04 (which will be supported until 2028). In this update, Linux the agent has expanded its functionality: domain users are now under full control; Russians usernames are not a hindrance; interception of video of various number of terminal sessions is carried out. - Windows agent has been tested for compatibility with Windows2019.

Enhanced Active Directory capabilities - You can manage access rights based on similar AD fields. Rules for interaction with SIEM have also appeared. And in order to simplify the deployment of the system, it is possible to import IP addresses and host names into the remote installer.

Since one of the main channels of leakage is a person, i.e. the greatest threat is often carried out by employees of enterprises, a considerable part of the work is carried out in the direction of improving control over the activities of these very employees. In this version, interception protocols for Skype (ver. 8.55), Office 365 иHCL Notes.

The functionality that allows you to collect, systematize and process evidence of incidents with employees is expanding. To do this, a panel for working with incidents has been created and a centralized incident processing console has been connected.

The digital label that is assigned to the file allows you to identify it throughout its existence. And now you can search among the intercepted files using a digital label (or an existing sample). This allows you to find copies of original documents - even if they have been renamed and/or changed. In addition, the system for intercepting files sent for printing has also been improved: it is possible to re-print the intercepted file to view exactly the content that was printed. And also in this version added an add-on: screenshots taken during online observation can be immediately attached to the employee's card.

You can now set up screenshots of an employee when a workflow is changed, allowing you to clearly track when an employee has switched from work tasks to personal affairs. And added additional options for employee performance reports that will allow you to clearly adjust the workflow and achieve greater efficiency. Now the program uses neural networks to recognize passports or faces of employees (including in screenshots, in shadow copies of intercepted files and pictures from web cameras), as well as recognize prints on documents.

Licensing and Cost

SMB Management Offering Series

On April 2, 2020, the company, StaffCop which develops programs of the StaffCop line designed to ensure information security and optimize the work of organizations and enterprises, announced that it had developed a series of proposals for managers small and medium-sized businesses.

Reasons for selection:

• Control over the working hours of employees;
• Up-to-date information on employee performance;
• Visibility of the state of information security;
• Search for the cause of inefficiency;
• Identification of fraudulent schemes within the company;
• Indication of employees working for competitors, if any;
• Showing those looking for work or working in parallel;
• Identifying bums and parasites.

The company offers:

• If Staffcop is already used, on request, you can expand your key for the entire PC fleet for 1 month for free.
• For new customers, it is offered to get an expanded full-featured pilot for 1 month for the entire PC fleet for free.
• The company asks to note that a special 3-month license has been made at a price of 990 rubles per agent. The ability to quickly and cheaply close the issue of monitoring remote employees for an estimated pandemic period of 3 months.

For whom is suitable:

For existing business in the field of:

• Education
• Business services
• Internet and business
• MEDIA
• Trade
• Entertainment activities
• Provision of services
• Banking sector

2019: Production version of employee control system agent StaffCop for GNU/Linux

Atom Security On December 11, 2019, the company announced the release of the production version of the employee control system agent StaffCop for monitoring and blocking actions on devices with/. GNULinux

The share of Linux systems on work computers is growing in Russia. Private companies save money when using open source software. State organizations are embedded in the policy of import substitution. The most difficult thing is for security specialists. They need to monitor security policy violations, data breach threats, and system failures.

The main features of StaffCop for GNU/Linux:

• Tracking user login
• intercepting printer printing;
• interception of the keyboard and clipboard;
• tracking and blocking site visits;
• Monitor file operations with shadow copies
• Monitoring the connection/disconnection of devices and disks
• restricting access to USB devices by their ID, users;
• automatic screenshots and pictures from webcams;
• intercept sound from all microphones;
• recording a desktop video;
• Remote desktop access
• activity tracking in; applications
• tracking text log files and intercepting zsh/bash commands.

The system works in modern distributions, including Ubuntu, RedHat, CentOS, Arch Linux, as well as special-purpose systems such as Astra Linux and Rosa Linux.

The changes allowed the Linux agent to become part of a common information system providing monitoring and security on heterogeneous networks running Linux and Windows systems. It was included in the standard product distribution along with the Windows agent.

2018

StaffCop Enterprise 4.4

On November 28, 2018, Atom Security LLC (StaffCop) announced the release of the next version of the StaffCop Enterprise software complex.

StaffCop Enterprise allows you to monitor all employee actions on Windows and/, GNULinux information flows and system events, has an advanced analytics system for preventing and blocking malicious actions.

The presented version received a built-in (autonomous) optical text recognition system. To use this feature, users previously had to purchase additional licenses for OCR systems. Embedding this feature in the basic functionality will allow you to automatically analyze documents that previously required manual processing: scanned documents, screenshots, etc.

If earlier sound recording from a microphone was available in the system, now you can record sound from speakers that the user hears. This allows you to control audio conversations and collect a more complete evidence base in the event of illegal actions.

Now security officers have the opportunity to see several user desktops on the monitor - in the updated version, the Quadrator mode is available, a function familiar from video surveillance. This is convenient, for example, when monitoring a risk group, since it makes it possible to immediately seize control on any of the computers. Added the ability to download user desktop records in mp4 format for storage from the security service.

Improvements also affected the time and attendance system. In particular, now it more accurately displays the working hours of employees, taking into account the lunch break: you can determine lovers to leave for lunch early and return later. In general, the reports on the use of working time have become more detailed and visual.

The updated architecture supports sharding (splitting) databases into parts, which allows you to flexibly work data with and manage the accumulated archive.

To scale the system horizontally, the master/slave system was implemented. Dozens of slave servers synchronize with the master server according to the settings, and when the next configuration occurs, it automatically spreads to the entire server network. This is useful for multi-user distributed systems.

The web interface of the server has added the function of remote installation/removal of agents. You now only need the System Administrator Web Console to manage remote agents.

An event type, Alert, was added, which will allow you to control emerging security events in one place. For example, it became possible to track users who have changed the composition of the equipment, who came to work late or did not come at all.

In this version, the connection between events has become more clear. This will allow you to more fully see important system events and quickly move to the nearest screen shot in one click.

There are graphs with accumulation that allow you to better aggregate and visualize the accumulated information. In fact, in one graph, it is now possible to see two dimensions, for example, the time spent on the Internet, broken down by domains and the share of time spent on each domain. Also added the ability to upload any data from the system by arbitrary fields in MS Excel or CSV format. These innovations allow you to most efficiently archive important data or share accumulated information.

In the updated version, the administrator has the opportunity to see all the information collected in the form of dashboards (analytical panels). This allows, based on the specified filters, to analyze the accumulated data and draw conclusions on any incident, on the situation as a whole, or with one glance to cover the trends in user behavior.

These are only the main improvements and improvements to the presented version of the software complex. In addition to them, based on customer feedback, the operation of existing functions has been improved. In general, the accuracy of event monitoring, system performance have improved and administrator work has become more convenient

StaffCop Enterprise for Linux systems

On July 17, 2018, Atom Security announced the release of StaffCop for Linux systems, a version of an information and analytical system for monitoring employee actions, information flows and system events that is compatible with Linux operating systems. The agent solves the task of collecting data about user actions in the information system and running programs. The solution works on modern distributions, including Ubuntu, Red Hat, Arch Linux and Astra Linux.

The import substitution program in the IT sphere dictates its own conditions for doing business. Domestic developers are actively involved in the development of solutions based on freely distributed and open technologies. Reducing reliance on foreign developers and protecting businesses from the influence of policy decisions should be supported by confidence in the security of IT systems. This task falls on the shoulders of security specialists who need to monitor policy violations, threats of data leakage and system failures using special software.

The presented version of StaffCop for Linux systems can run on any Linux-based operating system. The analytical system solves the problem of collecting data on user actions in the system and running programs. The Linux agent toolkit includes an X11 graphics keylogger and a console session bash command recorder. The function of registering a login and taking screenshots from the user's screen has been implemented. The functionality has also been replenished with the ability to intercept the printing and recording of sound from a computer microphone, as well as accounting for file operations, including on external disks.

The system administrator can monitor the user's time in applications and the connection of USB devices.

author '= Dmitry Kandybovich, CEO of Atom Security Russian companies are increasingly using Linux systems. This trend is due not only to the requirements of regulatory authorities within the framework of the import substitution program, but also to the logical saving of IT funds. The StaffCop monitoring module works both in a Windows environment and in Linux systems, including the Astra Linux special purpose operating system. We constantly develop our solution, expand the functionality, collect and implement the wishes of customers regarding the product and its support.

StaffCop Enterprise 4.3

On June 19, 2018, the company Atom Security"" announced the release of StaffCop Enterprise 4.3, the next version of the information and analytical system for monitoring employee actions, information flows and system events. The solution received integration DBMS ClickHouse with to improve processing speed, data improved interaction with, as well Active Directory as additional capabilities to control employees on and/. Windows GNULinux

The Russian software solution StaffCop Enterprise provides analysis of personnel activities, protects against internal threats arising from the actions of employees at the work computer, allows you to control business processes and monitor employee productivity, prevents possible data leakage. The software product solves business problems in the field of IT, information and economic security.

This version of the StaffCop analytical system allows you to significantly speed up information analysis and investigations on large amounts of data by integrating with the ClickHouse DBMS ‒ Yandex's open source data warehouse .

StaffCop Enterprise 4.3 extends integration with Active Directory. You can now install agents from a list of computers in AD, create Web console accounts through AD, and assign ‒ monitoring configurations to AD groups.

Windows Monitoring and Blocking

The functionality of control and blocking for users has been expanded. Windows Account passwords are now registered when you log on. The solution easily intercepts Internet resource passwords, correspondence, Vkontakte supports the latest versions, Skype intercepts files Google Drive in browsers. The system allows you to conduct special control of sites, in particular due to the increased frequency of screenshots for specified web resources.

Employee Monitoring on GNU/Linux Systems

Significantly expanded the ability to control employees on GNU/Linux systems, added:

• Monitoring file operations
• control of search queries for browsers Chrome, FireFox;
• Monitor removable USB devices
• keylogger at the kernel level, for monitoring terminals, servers and systems where the keyboard of X-sessions cannot be intercepted;
• keylogger at the kernel level, for monitoring terminals, servers and systems where the keyboard of X-sessions (Astra Linux) cannot be intercepted.

Time & Attendance - Work Schedule and Production Calendar

In addition, a work schedule and a production calendar have been implemented to take into account working hours and monitor personnel discipline, which will allow you to personalize the work schedule of employees taking into account lunch breaks, time off, holidays, vacations, etc., for users and departments. Also introduced support for the time zone ‒ displaying events and reports on the local time of the user, which is extremely relevant for geographically distributed companies.

In the StaffCop Enterprise 4.3 version, additional reports have also appeared, the interface and analytics have been optimized. Now you can view reports by department, which allows you to get an assessment of the productivity of the department, the tops of unproductive employees in the departments, etc. Add applications and sites to policies from reports, analyze files in archives, and optimize upload to PDF and Excel. Among the updates are also interface improvements that improve interaction with the system.

author '= Dmitry Kandybovich, CEO of Atom Security ' "The situation in the information security market is such that there are more and more tasks to protect against threats, both external and internal, every year. In my opinion, the main requirements for IT solutions have become: processing big data at reasonable capacities, integration with third-party systems, refinement and customization of the product under the customer - all this should cost reasonable money and meet the current parameters of the customer's infrastructure. Thanks to the use of modern technologies, StaffCop makes information security affordable for SMB customers, as well as provides a flexible and easily integrated product for large corporate customers. "

2017

Special Purpose OS Compatibility Protocol Created

On December 13, 2017, Atom Security announced the creation of a compatibility protocol with the Astra Linux Special Edition special purpose operating system for the StaffCop analytical system.

At the end of November, joint tests of the StaffCop Enterprise analytical monitoring system on the Astra Linux Special Edition special-purpose operating system were completed.

The company LLC "RusBITech-Astra" conducted testing for a month and a half. StaffCop Agent passed all the tests:

• installation,
• launch,
• operation in closed program environment mode.

StaffCop Agent functions correctly in the Astra Linux Special Edition special purpose operating system loaded with generic and PAX kernels.

According to the software certificate "StaffCop Agent" is compatible with the special-purpose operating system "Astra Linux Special Edition" version 1.5. "

StaffCop Enterprise, which includes an agent for Linux systems, can run any Linux-based operating system. The analytical system solves the problem of collecting data on user actions in the system and running programs. The Linux agent toolkit includes an X11 graphics keylogger and a console session bash command recorder. The function of registering a login and taking screenshots from the user's screen has been implemented.

StaffCop Enterprise 4.1

On October 11, 2017, Atom Security announced the release of StaffCop Enterprise 4.1.

A version of the StaffCop information and analytical system designed to monitor employee actions, control information and system events. The functionality of the solution was replenished with an employee's card with intuitive reports on his activities, video recording of user actions, a registrar of actions of system administrators on servers and workstations under GNU/Linux, and the functionality of monitoring USB devices was expanded.

The StaffCop version of the analytical system simplifies the work of security officers to process large amounts of data provided in real time, and also includes functionality implemented based on the wishes of users of previous versions.

Special reports have appeared in StaffCop Enterprise 4.1: each object (employee, PC, file or device) now has its own card with a set of indicators and graphs that display the characteristics of the object and related events in a convenient visual representation. You no longer need to build complex filters, all information is available instantly, in one click.

The functionality of working with USB devices has been expanded: now it is possible not only to completely block USB devices by equipment class or by unique identifier (HID), but also to restrict writing to removable media in read-only mode, or to use shadow copying of information recorded on the device.

"The result of our work is a product on a modern technology stack that allows us to identify and prevent information security incidents, investigate and analyze dangerous and unproductive activities. The solution proactively protects your company from internal threats. In Staffcop Enterprise 4.1, we have laid the technological base that will allow us to further implement the processes of behavioral analysis and machine learning. " Dmitry Kandybovich, CEO of Atom Security

Joint promotion with Ideco ICS

Ideco and Atom Security have announced strategic cooperation in promoting their flagship products: Ideco ICS and StaffCop Enterprise.

According to company representatives, combining the capabilities of the two products speeds up integration and saves the client time and money.

Thus, perimeter protection against external attacks using the Ideco ICS software gateway provides:

• prevention of external intrusions by blocking botnets, virus activity, network scanners and other current threats;
• Content traffic filtering (cloud data base for 500 million URLs and 141 categories)
• protection servers (by blocking excessive activity using pre-installed rules firewall and optimal configuration of network services).

In turn, protecting against insiders and controlling employee actions using the StaffCop Enterprise program allows you to:

• control the actions of users at computers: visiting sites, using programs, correspondence by mail and in instant messengers, and more;
• Quickly detect internal threats (built-in threat analyzer and behavior anomaly detector allow you to point out potential information security threats with high accuracy)
• receive instant notification of incidents (block excessive activity using pre-installed firewall rules and optimal configuration of network services).

The solution lay on the surface: Ideco ICS protects the corporate network from penetrations from the outside, while StaffCop protects the enterprise from leaks from the inside, "explained Dmitry Kandybovich, CEO of Atom Security.

Both products work on the basis, and operating system Linux our Novosibirsk colleagues in the latest version also released an agent for this OS. All this facilitates integration and leads to savings in time and money for the client, - added, for his part, Ruslan Khafizullin the CEO of Ideco.

StaffCop Enterprise 4.0

On April 26, 2017, Atom Security announced the release of the StaffCop Enterprise DLP system. This version supports GNU/Linux and Windows agents.

Version 4.0 provides the ability to receive data from computers running GNU/Linux, not just Windows. The function of monitoring the desktop has been added with the ability to remotely control via a web interface. Now the computer of any user connected to the system is controlled using the mouse and keyboard.

An anomaly detector is allocated as a separate function: the system automatically forms a picture of the behavior of each user, then notifies about deviations from the norm. The inventory of software and equipment used in the enterprise is allocated as a separate functionality, this simplifies the tasks of planning and rational use of resources.

StaffCop has "learned" to find files that are the same in content using digital fingerprints (hashes), which eliminates the possibility of masking important data by an attacker to organize a hidden leak. All analytical tools of the system can be applied to hashes, including columns for disseminating information.

The full list of changes is more than two dozen positions.

We are constantly improving our product: this is the first full version in 2017. In parallel, the development of functionality for product upgrades is underway. Dmitry Kandybovich, General Director of Atom Security LLC

Version 4.0 is available for download from April 20, 2017. The server side of the program requires the Linux 64-bit Ubuntu operating system. The agent part is compatible with all OS Windows from XP to Windows 10.

2016

StaffCop Enterprise 3.1

On October 12, 2016, Atom Security announced the release of the software package StaffCop Enterprise 3.1.

The program records all events, channels for the movement of information and files within the company, their transfer outside. Allows you to analyze the effectiveness of employees, get real KPIs, ensure control and protection of important information, investigate incidents, identify insiders and intruders.

In StaffCop Enterprise 3.1:

• improved anomaly detection schedules, with timeline;
• Categorization of events with flexible customization
• Improved Site Time Count and Active, Productive, and Unproductive Time Count
• possibility to adjust sensitivity of microphone recording activation threshold.

Our advantage has always been and remains ensuring information security, so in the new version we paid special attention to user convenience: we want StaffCop Enterprise to become a real assistant director of the enterprise. In the new version, we have optimized drill-down search algorithms when working with data using OLAP technology: now it has become even easier to search, and most importantly, I am not afraid of this word, more interesting. Dmitry Kandybovich, General Director of Atom Security LLC

You can download the StaffCop Enterprise 3.1 version on the company's website. A free thirty-day trial period is available.

StaffCop Enterprise 3.0

In June 2016, Atom Security introduced the next version of the StaffCop Enterprise 3.0 software package, designed to monitor workstations and terminal servers in order to prevent confidential data leaks, investigate information security incidents, record employees' working hours and analyze their productivity behind PCs.

The version has added a function for viewing remote desktops and a module for content analysis of files. The endpoint module (agent) began to work at a lower level, providing conflict-free operation.

The program monitors the employee's work computer and records all activity - start and end times, downtime, time spent to benefit the company and unproductive time.

In terms of information security, StaffCop Enterprise monitors running programs, visited sites, email correspondence, communication on social networks and popular instant messengers. Shadow copy of all files that are transferred outside the company, be it e-mail or downloading to cloud services.

StaffCop supports the ability to block access to programs, sites and USB devices using blacklists and whitelists.

The program also monitors HTTP/HTTPS traffic, shadow copying of all sent files, including to cloud services, as well as documents copied to removable media. StaffCop also supports recording the environment from a workstation microphone, pictures from a webcam, screenshots of a computer screen, print control on printers, monitoring USB devices and much more.

StaffCop Enterprise allows you to provide a qualitatively new level of detection and prevention of confidential data leaks, - commented on the release of the new version Dmitry Kandybovich, CEO of Atom Security. - In the near future, we plan to implement the functions of remote administration of workstations to the full extent, add new channels for controlling information flows, as well as make the system multi-platform.

2015

StaffCop Enterprise

Atom Security announced in February 2015 the official release of the StaffCop Enterprise software complex, created to ensure information security for the corporate sector. StaffCop Enterprise allows you to investigate incidents, keep records of working hours and has an alert system (alerts) ​. The solution is designed using new technologies and is designed for large and medium-sized businesses.

The tasks solved by StaffCop Enterprise can be divided into 5 main blocks:

• Employee Time Accounting
• Investigation of incidents and distribution of insiders
• Information Security with Violation Notification System
• Personnel control with monitoring of correspondence in instant messengers and social networks, as well as site visits.
• Ensure enterprise information and internal security by analyzing user activity using OLAP (online analytical processing) technology for multidimensional data arrays

"StaffCop Enterprise is a completely new software product designed for the corporate sector. When creating this solution, we took into account all the requirements and wishes of our large customers. StaffCop Enterprise uses the most modern technologies and programming languages, which makes it easy to scale the system to any number of users and branches, as well as refine the functionality for specific needs of the customer. The product will become an indispensable assistant in matters of event control, investigation of incidents and monitoring of user activity at work PCs, "said Dmitry Petrovich Kandybovich, General Director of Atom Security LLC.

Among the additional advantages of the software complex, it is worth noting the possibility of refinement "under the customer" and a high degree of scalability.

2014

StaffCop Standard 5.8

In December 2014, a new version of the StaffCop Standard product was announced. In version 5.8, considerable attention was paid to the vendor's specialists to optimize the interaction of the solution with terminal servers and increase the speed of reporting.

In version 5.8, qualitative changes affected the Report Wizard, in particular, its interaction with data on terminal server users. In addition, by improving the algorithm for building PDF reports, their generation time has been reduced.

StaffCop Standard 5.8 intercepts messages in Skype without using a network component. The clipboard control tool is also optimized when interacting with MS Office applications (including macros).

Improved

• Hidden for display in managers and viewers processes related to the work of agents (except for Windows 8 and higher);
• Skype message interception mechanism now works without a network component;
• By improving the PDF reporting algorithm, the process of closing the Wizard has been optimized and the time for generating the report has been reduced;
• qualitative improvements have been made in the field of printing PDF documents and connecting to network printers;
• the clipboard control tool is optimized when interacting with MS Office applications (including when executing macros);
• improved mechanism of Report Wizard interaction with data on terminal server users.

Corrected

• Addressed the issue of arbitrary application closure when working with the Report Wizard;
• by changing the algorithm and optimizing the operation of the network component, the problems have been fixed:
• - site blocking;
• - working with certificates on sites using encryption;
• - performance of web browsers and network applications;
• - network connection failures; Internet
• - Stop the network component, followed by an error message.

StaffCop Standard 5.7

StaffCop Standard 5.7 has optimized the Detailed Reporting Wizard and made qualitative changes to the interface.

One of the popular channels for leakage of confidential information is email. Often, the data is contained not in the body of the letter itself, but in the files attached to the message. StaffCop Standard 5.7 provides the ability to monitor mail correspondence implemented through MAPI, which also implies the interception of attachments. MAPI is used by numerous mail servers and clients, including MS Exchange and Lotus Domino.

The new version of the product implements an effective mechanism for tracking and viewing files sent for printing. At the numerous requests of users, the ability to generate reports in CSV format has been added.

Also, special attention was paid to the developers of the program with server operating systems and a number of Internet applications.

StaffCop Standard 5.6

On January 28, 2014, Atom Security announced the release of a new version of the software product StaffCop Standard 5.6.

In the new version of the solution, experts paid considerable attention to the issue of performance. StaffCop Standard 5.6 has optimized the work of tools related to monitoring actions during visits to social media sites and other resources in this category.

One of the main features of the update is the transfer of event filtering to the file driver level. Thus, the resource intensity of StaffCop Standard is significantly reduced, which facilitated the operation of the system as a whole. The changes were made to the tools for monitoring Internet messengers and actions with files.

2013

StaffCop Standard 5.4

StaffCop Standard 5.4 adds USB block functionality to allow organizations to reach a new level of local network protection against internal threats.

The following changes have occurred in the new version:

• complete blocking of USB devices in the local network, as well as provision of temporary and permanent access to USB drives for individual employees of the company;
• the function of shadow copying of files that are written by users to USB devices (USB sticks, hard drives, etc.) has been introduced. Copies of files are saved on the server;
• added the ability to generate whitelists of allowed sites/applications for working on agent PCs, as well as web resources, which should not be monitored https traffic;
• the algorithm for creating reports on the actions of employees at work PCs has been improved, their generation instead of a few minutes began to take seconds.

The next step in the development of the StaffCop program is the implementation of an active notification system for any personnel action, compatibility with the new version of OCWindows 8 Enterprise, as well as refinement of the visibility of the Report Module and the Scheduler.

StaffCop Standard Floating License

A significant number of companies need to monitor the actions of employees on computers. But there is not always a need to monitor all workstations at the same time. The admission of new employees, the transfer of an employee to another department, the start of the project, the emergence of new responsibilities is far from a complete list of reasons to add (or remove) a specialist's computer to the "risk group."

StaffCop Standard Floating License is a product license that allows you to simultaneously track a certain number of computers and vary the participants in the list of monitored workstations. Thus, by purchasing a product, for example, on 50 PCs, the organization is able to gradually analyze the actions of any number of employees with a single limitation - simultaneous control of 50 workstations.

2012

StaffCop Standard 5.2

AtomPark Software has announced the release of a new version of StaffCop Standard 5.2. The new version of the program has added monitoring of all correspondence in Skype, and the fact of calls made using Skype is also recorded.

"Support for monitoring Skype correspondence is one of the most anticipated features that our clients most often asked to add," commented Konstantin Makarov, CEO of AtomPark Software, on the release of the new version. - Due to the complexity of the encryption algorithm, the implementation of this function took some time. However, our specialists have successfully coped with a non-trivial task, and now we are proud to present a unique opportunity to monitor communication in Skype - one of the most popular instant messengers in the world. "

The program supports the functions of monitoring computers in real time, collecting statistics on user activity, monitors running programs, visited sites, communication on social networks and Internet instant messengers. It is also possible to delimit access to programs and sites using blacklists and whitelists.

The software is easy to install and manage, and the technical support service in Russian, by phone and e-mail will help you cope with operational questions.

Opportunities:

• The Task Scheduler has added the ability to send reports to different e-mail addresses.
• Checking the job name in the scheduler, tasks with the same name are not allowed to avoid confusion.
• The mechanism for remote installation and uninstallation of agents has been improved.
• Log maintenance during installation has been added, as well as two options for removal:
  • With log - you will need to enter the login and password of the administrator on the remote PC.
  • Without a log - the deletion starts automatically without additional data.

In addition to the above functions, the program monitors communication on social networks, tracks employees' search queries and their correspondence in popular instant messengers - ICQ, QIP, etc. StaffCop records correspondence, shows all incoming and outgoing messages.

StaffCop 5.1

The program supports the functions of monitoring computers in real time, collecting statistics on user activity, monitors running programs, visited sites, communication on social networks and Internet instant messengers. It is also possible to delimit access to programs and sites using blacklists and whitelists.

The software is easy to install and manage, and the technical support service in Russian, by phone and e-mail will help you cope with operational questions. New StaffCop 5.1 features with full terminal server support:

• addition and deletion of observed users on terminal servers;
• Import users from AD
• uploading reports and scheduling tasks for terminal users;
• the ability to exclude processes from network monitoring through the administrator panel interface.

In addition to the above functions, the program monitors communication on social networks, tracks employees' search queries and their correspondence in popular instant messengers - ICQ, QIP, etc. StaffCop records correspondence and shows all incoming and outgoing messages.

StaffCop 5.0

• Blocking sites and programs in blacklisting and whitelisting mode. The blacklist feature allows you to deny access to specific sites and programs that an administrator has blacklisted. White lists, on the contrary, only open access to the resources that are included in it, everything else remains banned.
• Monitoring encrypted network traffic allows you to track employee mail that is transmitted over an encrypted SSL channel, as well as visiting sites over an https connection.
• Optimizes access rights to folders created by the program. Delineation of rights has become easier and more convenient.

"We have significantly expanded the functionality of the program," commented the release of the new version Makarov Konstantin, CEO of AtomPark Software. "Our company is trying to complement the program with the functions that our customers lack, so when developing, we took into account the feedback and wishes received from those who have already purchased StaffCop and are successfully using it."

In addition to the above functions, the program monitors communication on social networks, tracks employees' search queries and their correspondence in popular instant messengers - ICQ, QIP, etc. StaffCop records correspondence and shows what messages were sent and to whom, as well as all incoming messages.

StaffCop Home Edition 5.0

With StaffCop Home Edition, you can watch a child's actions on a computer, find out everything he does during the absence of his parents. The program records visited sites, as well as correspondence in ICQ (Mail.ru Agent, QIP and other messengers), VKontakte and other social networks. The program also saves desktop shots to a separate folder, and parents will be able to see everything that was displayed on the screen.

The software is easy to install and work, and the technical support service in Russian, by phone and e-mail will help you cope with operational questions.

The new version of StaffCop Home Edition 5.0 has received significant changes:

• Blocking sites and programs in blacklisting and whitelisting mode. The blacklist feature allows you to prevent a child from accessing certain sites and programs that parents will blacklist. White lists, on the contrary, only open access to the resources that are included in it, everything else remains banned.
• Monitoring encrypted network traffic allows you to track the correspondence of children by mail, which is transmitted over an encrypted SSL channel, as well as visiting sites via https connection.

2011

StaffCop version 4.0

The new version of StaffCop 4.0 has received significant changes, the functionality has been significantly expanded:

• Monitoring of actions in social networks has been implemented. Now information is available about the messages left and received on VKontakte, Odnoklassniki, Facebook and Twitter. Displays information about who, when and with whom he corresponded.
• A separate type of monitoring has been added - "Search engines." All user searches are now available in a separate event log tab. Thanks to which you can find out what interests the user and what information he is looking for. All major search engines are supported - Yandex, Google, Rambler, Mail.Ru, Aport, Bing, Yahoo, BigMir, ASK, etc.
• The architecture of the application has changed, so that using quick filters it is possible to view saved data in the event log and for previous periods of time, and not just for the last day. Also added the ability to search and filter information, previously such an opportunity was provided exclusively in reports.
• The Scheduler has added the ability to create reports in PDF format, which makes viewing reports more convenient, they can be viewed both from a computer screen and printed and taken with you.
• The performance of the monitoring system has been increased. This reduces the load on the system during the analysis of collected data on user activity.
• In addition to the above functions, it is possible to monitor correspondence in popular instant messengers - ICQ, QIP, etc. The program also records correspondence and shows what messages were sent and to whom, as well as all incoming messages.

StaffCop 4.1

The new version of the program has significantly expanded the functionality of monitoring social networks. Added backup of files sent to social networks: photos, music, videos; correspondence is saved in Vkontakte chats "" and; Facebook private messages are saved in; Twitter viewing photos and videos is logged; added social media monitoring My circle,,. MySpace LinkedIn

Also, the new version of StaffCop 4.1 implements the following functionality: added the ability to adjust the quality of saved screenshots: black and white version, setting the image compression level; monitoring of search queries in Wikipedia was implemented; implemented viewing of saved screenshots in the form of a slide show; added the ability to generate and save a report for network resources; improved speed and stability of agent operation, fixed errors in administrator module operation.

2010

StaffCop version 3.6

In version 3.6 StaffCop, the following functionality is implemented:

• The ability to set properties for a single agent group. Multiple agent selections are supported in the Computer List window.
• Stop/start monitoring of the selected agent. I.e. If you do not currently need to monitor a particular PC, you can pause it and resume it at any time.
• Encoding information on the agent side and decoding on the administrator side will prevent outsiders from accessing the information collected by the agent.
• If a large amount of spam falls on the mailbox and there is no need to collect information about incoming correspondence, monitoring of incoming mail can be disabled/enabled in the agent settings.
• A new network driver has been introduced, which increases the stability of the agent and fixes the problem of interaction with Kaspersky Antivirus.
• The process of sending reports to the FTP is optimized. Now, in case of unsuccessful saving, the manager will repeat attempts to upload the report to the FTP several times

Notes