Vous êtes sur la page 1sur 4

InfoWatch Traffic Monitor Enterprise

Confidential Data Control is a Business Priority


Businesses’ sustainability and efficiency to a great extent depend on
how well their sensitive information is protected. The loss of confidential
data, such as customer database, intellectual property, financial or legal The average total per-
documentation, market research or personal data can badly affect incident costs in 2009
businesses of any size. Even a single data leak can result in corrupted were $6.75 million
reputation, regulatory fines, customer churn or loss of competitiveness.
Ponemon Institute,
Rapid proliferation of mobile computing devices, sensitive data sharing Cost of a Data Breach Study 2009
across geographically distributed offices, widespread outsourcing
projects, etc. create additional difficulties in securing information
confidentiality, making the traditional network security approach
insufficient.
Another problem is, that because of the huge amount of data,
businesses mainly have no exact visibility into what precise information
is confidential: usually only about 20 per cent of data is structured, about “We decided to choose InfoWatch
10 per cent of sensitive data is modified each day, and newly-created so Traffic Monitor Enterprise, as it
called “zero-day” confidential documents account for about 10% of combines the most effective data
sensitive data volume in an enterprise. analysis technologies. The solution
That means today sensitive data protection can be only achieved while helped us to prevent 369
focusing on the data itself. information security violations
during about half a year after
To address the issue of essential information protection InfoWatch has
implementation.”
developed a comprehensive data security solution InfoWatch Traffic
Monitor Enterprise. Svetlana Belyalova
Information Security Director
The solution gives businesses full control over their information flow and
Raiffeisen Bank Russia
provides them with visibility into what data is confidential, where and
how it is transmitted or stored, and who is using it.

InfoWatch Traffic Monitor Enterprise to Protect Corporate Confidential Data


InfoWatch Traffic Monitor is a comprehensive modular data protection
solution to secure various data leakage channels. The solution includes:
• End-point protection module with:
o Print Monitor to control printers attached to the user’s
workstation Target Customers
o Device Monitor to control access to portable devices
and removable media and monitor data copied to them The solution targets enterprises:
• Gateway protection module with: • Processing personal data
o Web Monitor to control data sent via web-mail, blogs, (healthcare companies, banks,
Internet-forums, etc. hotels, etc.): to ensure
o Mail Monitor to control information turnover via compliance with regulators’
corporate mail-systems requirements
o IM Monitor to control information transmitted via instant
• Owning valuable technological
messengers, such as ICQ, Jabber, etc.
information (IT, pharmaceutical,
o Network Print Monitor to control standalone print etc.): to protect from all kinds of
servers loss that may arise from public
• Forensic Storage – a centralized archive that stores all the disclosure of this information
data for analytic purposes.

www.infowatch.com © 2010, InfoWatch page 1 of 4


InfoWatch Traffic Monitor Enterprise

InfoWatch Traffic Monitor performs:


• Monitoring and analysis of the data transmitted outside the corporate Total amount of leaks
network via corporate or web-mail, web-pages, IMs, printed or in 2009 increased, as
copied to portable devices and removable media. compared with 2008 by
• Sensitive data leakage prevention by blocking the transmission in 39 per cent.
case a security policy violation is detected (for example, when an InfoWatch Global Data Leakage
unauthorized employee is sending out confidential data). Report 2009
• Data storage and analysis for investigation purposes.
The solution is managed by a user-friendly management console.

InfoWatch Traffic Monitor Enterprise


With InfoWatch
Monitoring and Analysis and Decision Forensic Storage Our Customers Gain
protection Making Unlimited storage
Gateway Protection Formal attributes time • Full control over sensitive data
Web Monitor analysis Online and turnover
Mail Monitor
Linguistic analysis retrospective queries

IM Monitor
Network Print Monitor Compliance with regulators’
Digital fingerprints Statistic reports
requirements
End-point Protection Templates analyzer
Print Monitor • Minimization of financial, legal
Device monitor
and reputational risks, associated
with data loss
• Corporate culture improvements
Management Console by employees education
regarding security policies
Solution’s Architecture implementation

Product Functionality Beeline (OJSC VympelCom) is one of


the leading Russian and CIS mobile
carriers with 25+ million subscribers.
Traffic Interception and Filtering The implementation of InfoWatch
Gateway Protection Module Traffic Monitor Enterprise helped
Beeline to achieve sensitive
InfoWatch Gateway Protection module can intercept email (SMTP), Web
information security and comply with
(HTTP), secure Web (HTTPS)1, IM, and network printing traffic, thus
FSFR code requirements which
providing companies control over information transmitted via corporate
proved extremely beneficial in Beeline
mail system, web-mail, Internet forums, chats and IMs or sent to
investor and counteragents relations.
network printers. The solution supports both inline traffic filtering and
interception in the copy mode (for example, Cisco SPAN). The Gateway
protection features proxy-server integration via ICAP2.

Endpoint Protection
InfoWatch Endpoint Protection module includes two local security agents – Device Monitor and Print Monitor – that
are installed at users’ workstations and help preventing accidental and deliberate corporate data leaks via local
printing, portable devices, removable media and communications ports usage. When the data is copied to portable
devices, removable media or sent to a printer, the Endpoint Protection Module makes shadow copies of all the files
(including text extraction from graphic formats – OCR). This data is then sent for analysis to the InfoWatch Traffic
Monitor Server. Thanks to Microsoft Active Directory integration, the security agents can be centrally installed at all
employees’ workstations either with Microsoft Active Directory or with own remote installation tool. InfoWatch
Endpoint Protection module supports application of security policies to users or user groups from the corporate
directory.

1
In integration with partner solutions. For details please contact InfoWatch representatives.
2
BlueCoat, Squid. Please contact InfoWatch representative for details
www.infowatch.com © 2010, InfoWatch page 2 of 4
InfoWatch Traffic Monitor Enterprise

Several Content Analysis


Analysis and Decision Making Technologies for Confidential
InfoWatch Traffic Monitor first analyzes the intercepted data according Data Identification
to formal attributes (such as monitor type, sender/recipient, send date
The most difficult data protection task
and time, file name/type/size, etc.). Then the contents of the data are
is confidential data identification.
extracted from the intercepted object and analyzed using several
InfoWatch Traffic Monitor includes
content analysis technologies.
intelligent content analysis engine that
After analysis the solution automatically meets the decision how the uses several detection technologies
intercepted object should be processed further – sent or blocked. The for more accurate identification of
decision is met according to pre-defined security policies and rules. The confidential data. Combined
solution allows flexible rules customization. application of several technologies:
stop-words, regular expressions,
In case of a security policy violation the security officer is alarmed. complex text objects analysis
InfoWatch Traffic Monitor provides the security officer comprehensive (templates analyzer), digital
information on the intercepted object, without direct access to it to honor fingerprints and linguistic analysis
the personal correspondence privacy. The security officer can confirm or (with morphologic support for English,
change the system decision. German, French, Italian, Spanish,
Russian, etc.) significantly increases
detection reliability and secures
Data Storage and Retrospective Analysis confidential data throughout its whole
lifecycle.
The intercepted data is stored in a centralized archive – Forensic
Storage – for an unlimited storage time. InfoWatch Traffic Monitor allows The solution protects even “zero-day”
tracing the data transmission history and features users’ current activity data – documents that have just been
monitoring (online queries) and retrospective analysis and investigation created and are not categorized yet, to
(analytic queries). which no confidentiality level has been
assigned and for which no related
The required data can be searched by: documents exist. InfoWatch Traffic
• formal attributes of the intercepted objects (monitor type, Monitor efficiently categorizes such
sender/recipient, the date/time of sending, etc) data on the fly, making sure it doesn’t
leak.
• attributes added during the object’s content analysis
• contents of the intercepted objects (full-text search). .
The solution allows composing statistic reports (including graphical
ones3) on all intercepted objects.

InfoWatch Traffic Monitor Enterprise: Data Flow Diagram

3
Available soon. Please contact InfoWatch representatives for details

www.infowatch.com © 2010, InfoWatch page 3 of 4


InfoWatch Traffic Monitor Enterprise

Lukoil Inform LLC is IT services


Vertical Markets Served provider for LUKOIL, the 2nd largest
non-state publicly traded oil
To speed up the implementation and let enterprises immediately company worldwide with annual
benefit from an information protection system, InfoWatch Traffic turnover of over $80 billion.
Monitor is supplied with a set of preinstalled data processing rules (the InfoWatch Traffic Monitor Enterprise,
content filtering database, text objects templates and the rules for implemented by Lukoil Inform
automatic decision making), customized for several vertical market provides real-time information
segments. Currently InfoWatch Traffic Monitor supports the following control with different response
segments: banking and finance, oil and gas, telecommunications, etc. modes, rapid data processing and
easy maintenance.

Solution Benefits
• Accurate identification of confidential data with combined application of several detection technologies
• Reliable protection of enterprise security perimeter thanks to the control over the most common data transfer
channels, data copying and printing
• Support for multiple file formats
• Pre-installed security rules and content filtering database to let enterprises immediately benefit from a data
security solution
• Forensic Storage for users’ current activity monitoring (online queries) and retrospective analysis and
investigation (analytic queries)
• Flexible deployment options: inline, ICAP and interception in the copy mode (SPAN, port mirroring, etc.)

System Requirements
Gateway protection module: End-point protection module:
InfoWatch Traffic Monitor Server InfoWatch Device Monitor Server
Hardware Hardware
• Server: HP DL360 G6 • CPU: Intel Pentium 4 2GHz or higher
• CPU: Intel Xeon x86 3GHz, 2 CPU with 4 kernels • RAM 1 GB
• RAM 2 GB • HD 100GB
• HD 160GB Software
Software • Windows 2003 Server Service Pack 1
• Red Hat Enterprise Linux Server release 5 upd 4, • RDBMS: Oracle / MS SQL Server / PostgreSQL / MS SQL
x86-32 Express
• .NET Framework 3.0
Forensic Storage
Hardware InfoWatch Device Monitor Client
• Server: HP DL360 G6 Hardware
• CPU: Intel Xeon x86 2.4GHz or higher • CPU: Intel Pentium 4 2GHz or higher
• RAM 4 GB • RAM 512 MB
• RAID level 1 or higher (200GB) Software
Software • Windows 2000 Professional SP 4 or Windows XP SP2 or
• Oracle RDBMS 11gR1 (11.1.0.7) Windows Vista
Management Console
Hardware
• CPU: Pentium 4, 3GHz
• RAM: 1 GB
Software
• Microsoft Windows XP Service Pack 2

Contacts: Partner Contacts:


www.infowatch.com Austria and Switzerland: sales-ach@infowatch.com, +49 (8152) 969340
+7 (495) 22 900 22 Germany: sales-de@infowatch.com, +49 (4207) 689933
sales@infowatch.com Benelux and Mediterranean: sales-be@infowatch.com, +32 477920909
sales-oem@infowatch.com