Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
2. About SearchInform Ltd.
1
Working since 1995
2
More than 200 employees
3
10 offices
4
Main product: SearchInform
Information Security Perimeter (SISP)
3. Customer Support Center
We help our customers tune information security
based on the experience of tackling similar
challenges.
Useful tips on how to:
1
2
3
set up security policies (alerts);
protect sensitive data;
restrict access to sensitive data, etc.
4. Working with Colleges
SearchInform Ltd. takes an active interest in training
information security officers.
We provide our DLP solution to
colleges free of charge to train
students in real-life environment.
5. Types of Data Leaks
Unintentional
Intentional
Carelessness
Tangible
benefit
Lack of
knowledge
Intangible
benefit
6. Three Pillars of Information Security
1
Prevention of data leaks
2
Working with employees
3
Work optimization
7. DLP Key Requirements
1
DLP system should promote business and not hinder
it. All data channels must be available to employees,
2
Full database of intercepted documents is an
essential requirement for incidents analysis,
3
Intercepted data is useless unless you have efficient
analysis tools,
4
Integration with Windows domain structure allows
accurate identification of users,
5
Controlling laptops,
6
Revealing malicious intent.
8. System Architecture
Up to date DLP
systems have a
client-server
architecture.
Network traffic
In our solution server part is either
SearchInform NetworkSniffer or
EndpointSniffer data interception
platform, and client applications
used to work with the database and
make data breach investigations.
Endpoint
Single search-analytical engine
allows using all of the abovementioned search possibilities in
full.
Mirror switch
Agent
10. System Architecture
SearchInform
EndpointSniffer
is a platform that uses agents
installed on user workstations
to intercept traffic.
The main advantage of IMSniffer and MailSniffer
working on EndpointSniffer platform is high failure
tolerance (data is intercepted even if servers are
not available). Interception of data transmitted
over secure protocols is also supported.
Print Sniffer
Skype Sniffer
Monitor Sniffer
Device Sniffer
File Sniffer
HTTP Sniffer
Mail Sniffer
FTP Sniffer
IM Sniffer
12. SISP Components
E-mail
SMTP, POP3, MAPI, and IMAP protocols are
supported
HTTP
Social networks, web blogs, forums, web
applications used to send e-mails and SMS,
web chats, etc.
FTP
13. SISP Components
MonitorSniffer
MonitorSniffer controls visual data displayed on one
or several screens in real time. You can also monitor
users working via RDP.
DeviceSniffer
Files copied to removable media (flash drives,
CD/DVD, and portable hard disks).
PrintSniffer
Local and network printers
14. SISP Components
Indexing Workstations
helps you find out if sensitive data appeared, were
deleted or copied to user computers.
FileSniffer
controls users working with shared network
resources.
15. Skype control
Skype - Encrypted data transmit protocol
Types of possible data leaks over Skype:
1.
2.
3.
Voice message
Text message
File transfer
16. Skype control
Preventive measures
1.
2.
3.
Skype use policy
Informing employees of skype data analysis
Understanding risks and risk groups
Control of Skype requires installation of so
called “agent” on the endpoint.
17. Data Leaks and Preventive Measures
Risk Group:
1. Employees who breached data security policies even
once, through other channels
2. Employees who rename sensitive files, send passwordprotected archives, etc.,
3. Employees who post negative comments about
company, top managers, etc.,
4. Employees for some reason ignoring their work,
5. Employees whose work is closely related to cash flows.
18. Skype intercepted data mininig
SearchInform
Client
SearchInform Client is the main
data breach investigation tool for
Skype. It allows searching data in
manual mode.
19. Intercepted data analysis
AlertCenter
If the database of intercepted Skype
data contains key words, phrases or
text extracts that match a search
query AlertCenter will send a
notification to the specified e-mail
address.