Symantec Enterprise Vault

The first product Enterprise Vault was developed in the late nineties by specialists of the American company kVaultSoftware absorbed by VERITAS company which, in turn, was purchased in 2005 by Symantec corporation. The functionality of Enterprise Vault which is initially limited to archiving of mail objects was significantly expanded afterwards at the expense of other types of sources (files and SharePoint), the organization of-level information storage and such e-discovery tools as search, information analysis in archives and compliance-strategy creation.

Now existence of ready connectors for connection of third-party data sources allows to construct the uniform integrated management system for corporate information based on Enterprise Vault. Development of functionality of Enterprise Vault began with archiving - transfer of seldom demanded objects from the productive systems in special storages - archives. Indexation of the archived objects provides quick search and access to them in case of need. On the productive server instead of the archived objects it is possible (though it is optional) to deliver "stub" (stub-file) which is a label of the corresponding object in archive.^[1]

At the same time in stubs properties all properties of the archived object are displayed. The user, having addressed the file, will see its complete size, but not the size of a label. Externally "stubs" practically do not differ from original objects (fig. 1). Thus, the procedure of access for users to the archived objects does not change, and on the server the volume of the stored data considerably decreases.

Fig. 1. The user type of the archived file server

Mailboxes and shared folders of MS Exchange, the Lotus Domino mailboxes, MS SharePoint objects, files on network resources can act as objects of archiving. For creation of compliance-strategy the functionality of archiving of the MS Exchange and Domino magazines and also traffic of SMTP is used. Besides, there is a large number of connectors for Enterprise Vault from the third-party systems which can be used for archiving of other objects (such as ECM systems, instant messaging systems, etc.). For the companies practicing access for mobile users to corporate mail, Enterprise Vault offers ample opportunities to integration.

First, it is an opportunity to have on the mobile device the local copy of mail archive for operational offline - access to the archived objects - functionality of Vault Cache. At the same time all changes made to local archive are synchronized with the main corporate archive at the following connection of the mobile device to network. Secondly, an opportunity to get access to the archived objects is given, using the usual MS Outlook interface.

Virtual Vault Krom of options of integration Enterprise Vault with mobile environments, It should be noted the accessibility to archive objects using the client of Outlook Web Access and also search of the archived messages via the Web browser of the smartphone or the tablet. The functionality of migration of PST or NSF files in Enterprise Vault archive can be interesting to the companies planning transition to the system of archiving of mail. Very often users create to themselves "just in case" a large number of local mail files with duplicative data which during the project are difficult to be found and to difficult define what of them are really necessary to users.

Now all data can be stored and protected it is consolidated, without risk to lose something. At storage of objects in Enterprise Vault archives uses the built-in optimization appliances. For example, if the message with an investment of the big size was sent to several receivers, it will be saved in archive once. Except data storage optimization appliances in archives, Enterprise Vault gives the chance to optimize storage on file servers due to introduction the politician of storage of files. For example, it is possible to block record of an inappropriate content into file storages. These politicians can be configured flexibly, providing to certain users as option a possibility of preserving of media-files in file storage.

In addition to archiving, Enterprise Vault offers functionality which for brevity it is accepted to call the term e-discovery. This functionality can be interesting to information security support specialists. It is as about instruments of conducting internal investigations within the organization - journalizing of e-mails, the analysis and information search in archives, - and about instruments of creation and tracking of compliance to corporate security policies.

The Enterprise Vault Discovery Accelerator component is responsible for search and information analysis. It represents the module with the separate interface for cybersecurity specialists with an opportunity to perform information search at once in all archives Enterprise Vault. Search criterions can include words, phrases, dates, the sizes and types of messages, data on the sender and the addressee, investments, etc. Search results can be exported to one of widespread formats for the subsequent analysis or sending the response to an external request. The Enterprise Vault Compliance Accelerator component is responsible for work with corporate security policies. It allows to automate conducting investigations within all enterprise, having grouped the objects which are subject to monitoring according to an organization structure of the company.

In 2011 announced Symantec purchase of Clearwell company, the developer of the Clearwell eDiscovery platform - the best in this class of solutions. The Clearwell platform represents the solution on process automation of identification and collecting of necessary information, its storage in an invariable type, filtering, to the analysis and preparation for providing on demand. Clearwell has the user-friendly user Web interface and expanded data processing facilities, such as OCR, morphological search, search of the connected words and also the means of predictive coding automating the analysis of large volumes of data at investigations.

In case of Clearwell - unlike Discovery Accelerator - not only Enterprise Vault archives, but also normal files can be a source of information. Clearwell special collectors are capable to collect information from external systems (file servers, MS Exchange, IBM of Lotus Domino, MS SharePoint, Documentum, etc.), to index it and to use for postprocessing. Thus, it is possible to construct the system automating search and the analysis of corporate information, having covered at the same time all significant data sources of the organization, having reduced time of investigations and the risks connected with it.

With an exit of Enterprise Vault 10 integration of this product into other solution of Symantec - Data Loss Prevention (DLP) appeared. Integration consists in adding of the mechanism of classification of objects of MS Exchange - Data Classification Services (DCS) which allows on the basis of the content analysis by DLP methods to add tags to the archived messages. Classification tags can demonstrate existence in messages of the confidential data determined by politicians of the company. It promotes implementation of more granular selection of information that eventually will allow to accelerate conducting investigations in the organization.

Fig. 2. Interaction of Enterprise Vault and Data Classification Services

Symantec Enterprise Vault 9

This corporate software will extremely simplify the solution of a broad spectrum of the tasks connected with storage, search and management of unstructured information in scales of the organization.

The product will allow the client enterprises to reduce significantly costs for archiving of information, detection of duplicates and removal of unnecessary data and also will help to organize work in full accordance with legislative and industry standards. Users of the version of Enterprise Vault 9.0 should estimate advantages of the updated Enterprise Vault Discovery Collector and Discovery Accelerator components and also support of new versions of the Exchange Server, SharePoint Server and Lotus Domino platforms.

In the new version of Symantec Enterprise Vault 9.0 support of the on-line products Microsoft Business Productivity Online Suite (BPOS) is implemented. The updated Discovery Collector component provides enhanced capabilities of search and information extraction from uncontrollable data sources and also their sendings to Enterprise Vault according to legal requirements. The Enterprise Vault Discovery Accelerator component uses new, more effective technologies of removal of duplicates of data. The augmented list of the platforms supported by Enterprise Vault 9.0 includes new versions of Microsoft Exchange Server 2010 Service Pack 1, Microsoft SharePoint Server 2010 and Lotus Domino 8.5.1. Users of the Lotus Domino platform are also given an opportunity of archiving of the database of the entering electronic correspondence.

The new version of Symantec Enterprise Vault was tested and certified on compatibility with Symantec FileStore devices. Thanks to close integration between these products, the client organizations will receive the end-to-end solution for management and data protection in traditional and cloud environments of storage. The enterprises will be able to use the built-in mechanisms of protection against viruses, backup and data recovery, archiving, creation of instant pictures (snapshot), etc. The organizations using the solution Symantec NetBackup will be able to use the integrated agency application for backup of contents of Enterprise Vault storages now.

Symantec Enterprise Vault 10

In the version of Enterprise Vault 10 possibilities of collecting and archiving of information placed on public social resources including publications in blogs, Twitter message and record on Facebook pages are implemented. Representatives of Symantec for the first time announced this demanded functionality at the Visions 2011 conference in May, 2011. The new mechanisms created using technologies from the partner companies (Actiance, CommonDesk, Globanet, Hanzo and Socialware) will allow the enterprises to organize work according to industry standards, such as Financial Industry Regulatory Authority (FINRA).

The service Data Classification Service created based on patent Symantec Data Loss Prevention 11 technology is responsible for automatic classification of mail correspondence and the choice suitable the politician of storage and archiving. The new version of Enterprise Vault is also closely integrated with technologies of enciphering of Symantec that opens ample opportunities of classification, storage and detection of the ciphered information before the staff of the organization.

Other key features of Enterprise Vault 10:

• Transfer of the least demanded information from expensive main storages and servers (Microsoft Exchange and SharePoint, IBM Lotus Domino, file servers, etc.) in the low-level storages unrolled locally or in a cloud.
• The deduplication mechanisms guaranteeing sending to archive only of one copy of the file or messages irrespective of the initial number of such files and their location.
• Automatic detection and archiving of the existing .PST and .NSF files for the purpose of preserving of control over information which is contained in them.
• Convenient access to archive information at any time and in any place, including from mobile devices.
• Powerful tools for detection and information search in an electronic format with determination of powers of the user on the basis of his role in the organization.

The Clearwell eDiscovery Platform technology since recent time used in products by Symantec will give to clients additional opportunities of processing, the analysis and reviewing of the records used as proofs in court, audits, necessary for carrying out, drawing up reports and the solution of other tasks. In case of judicial proceedings of the organization will be able to prove security of each document on all processing stages.

Notes