Published on November 13, 2013
DLP Systems Preventing data leaks via encrypted protocols: preventing leaks via Skype.
About SearchInform Ltd. 1 Working since 1995 2 More than 200 employees 3 10 offices 4 Main product: SearchInform Information Security Perimeter (SISP)
Customer Support Center We help our customers tune information security based on the experience of tackling similar challenges. Useful tips on how to: 1 2 3 set up security policies (alerts); protect sensitive data; restrict access to sensitive data, etc.
Working with Colleges SearchInform Ltd. takes an active interest in training information security officers. We provide our DLP solution to colleges free of charge to train students in real-life environment.
Types of Data Leaks Unintentional Intentional Carelessness Tangible benefit Lack of knowledge Intangible benefit
Three Pillars of Information Security 1 Prevention of data leaks 2 Working with employees 3 Work optimization
DLP Key Requirements 1 DLP system should promote business and not hinder it. All data channels must be available to employees, 2 Full database of intercepted documents is an essential requirement for incidents analysis, 3 Intercepted data is useless unless you have efficient analysis tools, 4 Integration with Windows domain structure allows accurate identification of users, 5 Controlling laptops, 6 Revealing malicious intent.
System Architecture Up to date DLP systems have a client-server architecture. Network traffic In our solution server part is either SearchInform NetworkSniffer or EndpointSniffer data interception platform, and client applications used to work with the database and make data breach investigations. Endpoint Single search-analytical engine allows using all of the abovementioned search possibilities in full. Mirror switch Agent
System Architecture SearchInform NetworkSniffer SearchInform NetworkSniffer is a platform used to intercept data on the level of mirrored traffic, i.e. NetworkSniffer processes traffic not interfering with corporate LAN processes. HTTP Mirror switch Mail IM
System Architecture SearchInform EndpointSniffer is a platform that uses agents installed on user workstations to intercept traffic. The main advantage of IMSniffer and MailSniffer working on EndpointSniffer platform is high failure tolerance (data is intercepted even if servers are not available). Interception of data transmitted over secure protocols is also supported. Print Sniffer Skype Sniffer Monitor Sniffer Device Sniffer File Sniffer HTTP Sniffer Mail Sniffer FTP Sniffer IM Sniffer
SISP Components E-mail SMTP, POP3, MAPI, and IMAP protocols are supported HTTP Social networks, web blogs, forums, web applications used to send e-mails and SMS, web chats, etc. FTP
SISP Components MonitorSniffer MonitorSniffer controls visual data displayed on one or several screens in real time. You can also monitor users working via RDP. DeviceSniffer Files copied to removable media (flash drives, CD/DVD, and portable hard disks). PrintSniffer Local and network printers
SISP Components Indexing Workstations helps you find out if sensitive data appeared, were deleted or copied to user computers. FileSniffer controls users working with shared network resources.
Skype control Skype - Encrypted data transmit protocol Types of possible data leaks over Skype: 1. 2. 3. Voice message Text message File transfer
Skype control Preventive measures 1. 2. 3. Skype use policy Informing employees of skype data analysis Understanding risks and risk groups Control of Skype requires installation of so called “agent” on the endpoint.
Data Leaks and Preventive Measures Risk Group: 1. Employees who breached data security policies even once, through other channels 2. Employees who rename sensitive files, send passwordprotected archives, etc., 3. Employees who post negative comments about company, top managers, etc., 4. Employees for some reason ignoring their work, 5. Employees whose work is closely related to cash flows.
Skype intercepted data mininig SearchInform Client SearchInform Client is the main data breach investigation tool for Skype. It allows searching data in manual mode.
Intercepted data analysis AlertCenter If the database of intercepted Skype data contains key words, phrases or text extracts that match a search query AlertCenter will send a notification to the specified e-mail address.
Control your information!
Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...
In this presentation we will describe our experience developing with a highly dyna...
Presentation to the LITA Forum 7th November 2014 Albuquerque, NM
Un recorrido por los cambios que nos generará el wearabletech en el futuro
Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...