Infowatch traffic monitor Safety Settings. Infowatch Traffic Monitor…

Confidential information leakage systems (DLP)

At the moment, the problems of leakage of confidential information from the information system are quite acute before medium and large companies. As a rule, such leaks arise as a result of the influence of the internal intruder from the controlled zone on the information system.

The motives of such actions can be: material benefit, personal interest, aiding an external violator.

Data prevention format systems (DATA LEAK Prevention. DLP) are designed to identify such facts, as well as to prevent attempts at information leakage.

The purpose of this work: to design a system for preventing leaks.

  • consider the category of systems for preventing leaks and the principles of their work;
  • conduct an audit of information security in the company;
  • identify the main threats of leakage of confidential information from the information infrastructure;
  • give recommendations on the construction and implementation of a system for preventing information leaks.

Structurally, the work consists of an introduction, three chapters, conclusion and list of literature.

DLP systems

In the general case, the DLP term refers to a set of technologies for preventing leaks of confidential information from the information system, as well as technical devices (software or software and hardware) to prevent leaks.

Infowatch Endpoint Security

The principle of operation of the DLP systems is to analyze the flow of data crossing the perimeter of the protected network. When detecting traffic in this stream, in the case of confidential information, the active component of the system is triggered, and transmission (package, flow, session) is blocked.

Instant Messaging (IM):

  • Web Mail
  • Social Media
  • Blogs
  • Forums Running on Php Platforms, IP.Board, Vbulletin
  • Job Search Services
  • Cloud Storage

The Solution Categorizes Websits: Media, Potentially Dangerous Resources, Entertainment, For Adults and Others

User Actions on the Workstation:

  • Printing on Local and Network Printers
  • Data Transmission Over Bluetooth, Irda
  • Connect to Wi-Fi Networks
  • Launch Applications (“White” and “Black” Application Lists)
  • Prevent Screen Captures
  • Copy Control to the Clipboard
  • Keylogger
  • Creating Screenshots of the Desktop
  • Record Voice and Video from the Microphone and Camera on the workstation
  • Monitoring of Network Conneptions
  • Monitoring of Work with Cloud Services

The Solution Allows You to Hide the Agent icon on the User’s Workstation and Make Itsible to the Employee.

21: State grant for the development of the product

In January 2021, the Fund for the Development of Information Technologies (RIT) said that Infowatch became one of the winners of the competition for grants for the development of domestic software products. One of them, with a volume of about 118 million, is designed to develop Infowatch Auto DLP-the new functionality of the InfoWatch Traffic Monitor DLP system.

Infowatch told Tadviser that this is a new generation DLP system that will help the IB officer to identify the “gray” areas uncovered by the IB-politicians and make decisions on whether they need to be controlled and how to do it.

The company states that the uniqueness of the development integrated into Infowatch Traffic Monitor is that it will not only make it possible to identify and study the “gray” areas of circulation of information in the company, but also how information flows change over time. Based on a deep analysis of these data, the self.learning system will automatically collect all the necessary information, propose its categorization and form integral IB policies, at each particular moment in time very accurately closing all potentially dangerous areas through which confidential information can “led”.

The declared period of the appearance of new functionality is 1 year.

Another grant, in the amount of about 68 million, is designed to develop a new product of the company. a system for protecting critical information infrastructure (kii) from Infowatch Arma cyberosis (KII).

Updating integration with the Phishman system

On December 16, 2020, Infowatch, in conjunction with Phishman, completed work to update a joint solution with the aim of a more subtle configuration of automation of the process of increasing awareness of the processed IB events in Phishman. Read more here.

Integration with the Dialog Enterprise messenger

Infowatch Group of Companies and Dialogue Company (part of the Sberbank ecosystem) on November 10, 2020, they presented a joint decision. a environmental leaks for communications and work, the central part of which is a corporate messenger. To create this offer on the market, the developers have integrated their products: Infowatch Traffic Monitor DLP systems and Dialog Enterprise messenger. Read more here.

Obtaining a certificate of OUD-4 for compliance with Traffic Monitor 6.11 requirements of the IB-Standart in Kazakhstan

July 28, 2019 Infowatch reported the certification of the product Infowatch Traffic Monitor 6.11 in the Republic of Kazakhstan. The DLP system fully complies with the requirements of the standard of ST RK ISO/IEC15408-3-2017 according to the fourth estimated level of trust (OUD4). Based on the test results, a certificate of compliance with the standard registered in the register was received.

A certificate in force until June 26, 2023 will allow a group of companies to introduce a software product in state and commercial organizations of the Republic of Kazakhstan, improving increased requirements for information security.

Constructing the regulator’s requirements, employees of the representative office of Infowatch in g. Nur-Sultan provided a package of program documentation for the product, the assignment of information security with the most clearly defined goals and threats of security, as well as the functional requirements for both the product itself and for its working environment. In addition, the specialists of the certifying company conducted an analysis of the Infowatch of the source codes of the DLP system for vulnerability. Based on the results of the study of documentation, functional testing and other certification tests, Infowatch Traffic Monitor 6.11 recognized as compliance with all the requirements of the OUD4 of the standard of ST RK ISO/IEC 15408-3-2017.

Infowatch traffic Monitor 7.0

July 22, 2020, Infowatch, the Infowatch Traffic Monitor 7 product has released an updated version of the product.0. To control information flows and prevent confidential leaks. The functionality of the updated solution is expanded by the tool of the predictive analytics infowatch Prediction to identify anomalies and suspicious patterns of employees’ behavior.

According to the company, a change in the digital environment and the maturity of the processes of working with information requires the safety of increased attention to its protection and safety, and from the business of continuity and constant growth of efficiency. In July 2020, the DLP systems market is developing towards large data analytics, financial risk management, increasing labor productivity based on the analysis, including behavioral factors of employees.

As July 2020, millions of events are processed daily in companies, Infoatch Traffic Monitor 7.0 analyzes them all, even seeming the most insignificant. The analysis is carried out taking into account the context and interconnections of events, allows you to take into account risks, and in advance informing the security officer about them. Infowatch Prediction calculates many parameters of the employee’s behavior, based on the analysis of which an employee can be attributed to the risk group. A warning about abnormal behavior in automatic mode allows you to identify potential threats at the very early stage and see how employees interact with the company’s information assets. Minor events, minor violations of security policies in most cases are unattended, but it is precisely such chains of events that most often lies serious violations. For example, upon dismissal, an employee can in advance value in small quantities. If you look at this action in time, and later combine with other types of events. Changing the beginning and end of the working day, the decline in activity in communications by e.mail, it can be predicted that the employee is at risk “Detailed”. Thus, the security service has the opportunity to work out the incident, until the company and its assets cause real damage.

In addition, in the updated version, the technology of content analysis has been developed. now the client can independently train the system to identify various types of graphic images, which complements the previously announced protection of vector images. This is functionality based on artificial intelligence. Cloud application support (MS Exchange Online) was also expanded.

15: Jacarta keys are compatible with Infowatch Traffic Monitor

April 29, 2015 Infowatch and Aladdin R.D.”We reported the final tests for the compatibility of their products.

“Company” Aladdin R.D.”pays great attention to the compatibility issues of their solutions with the products of technological partners, conducting certification tests on a regular basis. Currently, the correctness of the work of Smart cards and USB tokens JacArta has already been confirmed by more than a hundred products of software development companies and equipment manufacturers. said Alexey Alexandrov, head of the department with technological partners of Aladdin R.D.”It is especially pleasant when the company’s technological partnership programs are such market flagships as Infowatch.

Infowatch traffic Monitor 5.0

On March 5, 2014, Infowatch announced the release of Infowatch Traffic Monitor 5.0. To prevent insider actions.

The new version of the product offers the logic of interaction with the user, where the role of business management prevails.

Infowatch traffic Monitor 5.0 was created on the basis of a fundamentally new platform that independently analyzes the completeness of the given conditions and in the formation of IB policy. Among other things, such simplicity in setting up and using a fundamentally allow you to change the situation with the distribution of DLP systems in the SMB segment, which suffers from data leaks no less than large companies, but usually does not have resources for the implementation and operation of such decisions.

The solution takes into account more data for the formation of a picture of threats than traditional DLP systems [2]. For example, built-in tools for interacting with the HR service allow you to configure and apply special targeted policy control policies that are part of T. n. “Risk Group”, with the creation of special reports on the activity of such employees. In the “risk group” are, first of all, recently hired and fired people.

Infowatch traffic Monitor 5.0 provides role-playing access for different groups of users-HR service, legal department, marketing unit, top managers, etc. with the possibility of monitoring and protecting the information that they belong to the confidential.

To prevent violations, the possibility of notifying the head of incidents in which his subordinates are involved was implemented. This applies to both a direct violation of the IB policy (sending, copying confidential information), and illegitimate storage. Such alerts allow you to prevent both simple negligence in handling information and a likely malicious leakage.

Infowatch Traffic Monitor identifies violators and the circle of involved persons, conducts statistics on violations, which allows you to prevent the most dangerous threats, including combined (internal and external violators acting in conspiracy). All information is stored in a single database for further investigation of incidents, building reports and operational response to incident. The product presents information about violations in the context of: the selected period of time; violation level: low, medium, high; types of violated rules: transfer, storage and copying.

The technologies of interception and analysis of information have been improved. Infowatch traffic Monitor 5.0 recognizes the transmission of confidential information, regardless of the type of representation: excerpts from the text, graphic file (for example, photographs) or binary data. At the same time, the attacker cannot deceive the system by changing the file resolution, adding “noise” to the image and t.PUnlike other DLP systems, Infowatch Traffic Monitor 5.0 understands the file, and not only defines its compliance with formal criteria

Infowatch traffic monitor is compatible with Huawei Tecal RH servers

Huawei, the developer of ICT solutions, and InfoWatch tested in the fall of 2014 and confirmed the compatibility of the Infowatch Traffic Monitor solution and the Huawei servers of the Tecal RH series. Following the results of the load test, a certificate was signed that the decision to protect against internal threats Infowatch Traffic Monitor 5.X is recognized as completely compatible and is recommended for installation on Huawei Tecal RH servers.

infowatch, traffic, monitor, safety, settings

The RH series includes servers with two- or quad-core XEON processors with a height of 1U, 2U or 4U rack. Huawei Tecal RH servers are highly productive, providing wide range opportunities, the company said.

Joint use of InfoWatch Traffic Monitor and Huawei servers allows you to achieve high speed of the system at low organization’s loading network. Thus, customers can be sure that the introduction of a DLP system will protect confidential information, but will not have a negative impact on the business processes existing in the company, emphasized in Huawei.

Belarusian experts gave “good” Infowatch Traffic Monitor Enterprise

On October 29, 2013, Infowatch announced a positive expert opinion of the Operational and Analytical Center under the President of Belarus regarding the use of the Infowatch Traffic Monitor Enterprise Information Streams system.

The document notes that Infowatch Traffic Monitor Enterprise 3.5.3 “It is allowed to use in the information systems of classes A2, B2, A3, BZ, ZA in accordance with STB 34.101.30-2007 “Information technologies. Safety methods and means. Informatization objects. Classification””.

This is allowed to use the product as a means of protecting information in any information systems, excluding information attributed to secrets of public importance. Obtaining an expert opinion allows Belarusian customers who are required to apply only solutions to certification or examination to protect information to use Infowatch technology in the fight against leaks in information.

The presence of a positive expert opinion from Infowatch Traffic Monitor Enterprise is of strategic importance for the development of product sales in the region, since none of the systems positioned in the Belarusian market like DLP has an expert opinion of this level [2].

Infowatch traffic Monitor Enterprise

Infowatch group has released the update of the Infowatch Traffic Monitor Enterprise 4 solution.1 To control information flows and protect corporate information, the press service of the organization on August 1, 2013 said.

Infowatch Traffic Monitor

Infowatch traffic monitor is a centralized Solution for Preventing Confidential Data Leaks and Thus Eliminating Financial Losses.

  • High Performance Even When Supporting Organizations with 300 000 Employees Or more
  • Ready-to.use Industry Solutions Based on the Nature of Business Processes in Financial Organizations, Telecommunications and Insurance Companies, Public Agencies, Energy Companes, ETCs, ETCs, ETCs, ETC.
  • Ease of Use: Can Be Ussed HR and Legal Departments, Marketing Professionals, Managers, etc.
  • Precise Identification of Intruders and Calling them to Account
  • Modular Architecture: You Pay for The Features You Need

Tasks Addressed

The Insurance Company Consultant Sends Its Clents’ Lawyers Information on Outstanding Claims. He Also Informs a Competitor ABOUT VIP-Contracts Indicating the Size of the Insurance Premium and the Time Remaining on Current Contract Contract.

Infoatch traffic Monitor: Detects Any Clents’ Personally Identifia Information Or Any Information for Claims and Contracs Sent to an External email Address Address. The Security Officer or Authorized Person Will Promptly Receiving ABOUT THENCENT.

“A Bank Loan Consultant Negotiates with Clents for Approval of A Loan with” Special Conditions “. He Also Messages with The Consultant of A Competitator Bank Regarding Provision OFORMATION ABOUT MORTGAGE CONTRACTS FOR A BIBE, In Order to Clients Later (BY Providing MORE FARE FARE.””

InfoWatch Traffic Monitor: Detects This Conspiracy by Detratinging and Analyzing the Consult’s Personal Correspontence Via E-mail, Instant Messaging, Skype, ETC. The Security Officer or Authorized Person Will Promptly Receiving ABOUT THENCENT.

A corporate Account Manager is ABOUT To Resign, and So He Copies Contacts From The Client Database and Sugggests to His Clents to the Switch to a Competitor (HIS New Employer).

Infowatch traffic Monitor: Detects The Copying of the Database and Any Suspicious Correspondence with Clents, and Also the Employee’s Intention to Resigne. The Security Officer or the Authorized Person Will Promptly Receiving ABOUT THENCENT.

A Tender is announced for the Purchase of Expensive Equipment in a Large Company. The Acquisition Manager Engages in Correspontence with One of the Suppliers, Negotating with Him Dining of Office Houurs. The Majority of All Corrup Schemes are Simply Discussed Openly Via Personal E-mail (@, @, etc.) Skype or Instant Messaging.

Infowatch Traffic Monitor: Detects Suspicious Correspondence Via Email, Instant Messaging, Skype, ETC.

A Production Engineer At the Manoufacturn Company Sends Design Documents, Specifications, Plans and Calculations for a New Project to a Personal E-mail Address.

InfoWatch traffic Monitor: Detects Any Secret Documents as Part of the Network Traffic Flow, Even If the Employe Sends Them as Pictures, Images, Or Photos.

An employe of a mobile Phone Shop Delivers Scans of Personal IDS to HISCOMPLICE AT A Bank to Carry Out Fraudulent Loan Processing.

Infowatch Traffic Monitor: Detects The Sending of Personally Identifia Information, Scanned Ids Or Complemed Forms Or Questionnaires. All this Information Will Be Saved in the Forensic Storage Database for Further Investigation of the Incident and To Provide Evidence in Counds.

Avalood Employee Has Become Negligent in His Work, Constantly Printing Documents, and Copying Information to Removable Media.

InfoWatch Traffic Monitor: detects the employee visiting job search websites, sending out his resume daily, using the company’s infrastructure for private purposes, printing confidential documents, and copying sensitive information and a customer data base onto a USB drive.

The Manager of a Trading Company Constantly Prints Out the Company’s Price Lists, and Sends Out Special for Projects and Tenders to Third-Party Addresses. Competitors Always Indicate a Slichtly Lower Price THETTED BY Your Company, and So Constantly Win Tenders.

Infowatch Traffic Monitor: Detects Printing of Confidential Data.

We are Delighted with the Excellence of Infowatch ’Technology and the Company’s Expertise in the Banking Domain, Which undrills. OUR Partnership with Infoings Secures OUR Business in A Complicated Information Environment. Ali Al SaEGH, IT Security Manager Firstenergybank, Bahrain

Control of mobile employees

  • Controls the work of employees on smartphones and tablets, reducing the risk of leakage of confidential data through a mobile channel.
  • Control of communication channels of employees on mobile devices
  • Monitoring the movement of information inside and outside the perimeter of security
  • Automatic classification and data analysis
  • Safe expansion of the perimeter of the corporate network

High data analysis speed

For example, the productivity of the “Database Unloading Detector” technology is 54 million records per second, which allows you to protect large volumes of customer databases. Filled forms are analyzed at a speed of 12.7 million signs per second (in the conditions of analysis at the same time 150 profiles). This allows you to protect the large amount of personal data contained in questionnaires, questionnaires, forms, etc.D. We are constantly improving our technologies so that they correspond to the growing speed of changes taking place in business.

The minimum number of false works

Combined protection objects allow you to combine technologies to protect documents, at the same time corresponding to several conditions at once. For example, classify scanned agreements certified by a seal. This approach allows you to accurately detect commercial secrets in the traffic flow and reduce false triggering.

A powerful solution with the support of complex structures

It works effectively in structures even with a number of more than 300,000 people. Suitable for large organizations with a large volume of analyzed traffic and a territorially distributed structure.

Установка Infowatch Traffic Monitor

Accurate identification of violators

All events are stored in a single base, which can serve as a legally significant base in the investigation of incidents. Special investigation tools. a column of relations, employees and dossier cards. allow you to identify threats at an early stage and bring violators to responsibility.

Convenient product web-intensive

You can manage the settings and politicians, build and view reports from any workstation, regardless of the operating system used (Windows, Linux, Apple Mac OS). Daily work with events and investigations of incidents is convenient to conduct Infowatch Vision in an interactive console.

Involvement of business units

The involvement of all business units in corporate security management: HR service, legal department, marketing, management-can determine which of the employees requires more dense control and what information is special protection.

Accounting for industry specifics

Ready-made industry solutions that take into account the features of business processes: Content filtration bases for companies of various industries: financial, insurance companies, government agencies, energy companies-total more than 29 industry BKFs!

Modular structure

The equipment and composition of the product are determined by business needs. InfoWatch traffic Monitor functional modules can be turned on sequentially, as appropriate tasks appear


Infowatch Traffic Monitor is included in the register of domestic software and provides compliance with a number of regulators:

history of the company

In 2005, the release of a complex product to protect information.

IDC allocates DLP as a separate segment of the information security market, thereby confirming the existence of the market and the need of companies to protect information about leakage.

The output of the product Infowatch Traffic Monitor Enterprise, which combines several monitors (Net Monitor, Mail Monitor and others).

In 2006, the release of InfoWatch Cryptostorage.

INFOWATCH CRYPTOSTORAGE Product release to protect companies using encryption technology based on GOST. Developers. O. Kalyadin, d. Shustikov, a. Kuzekin, a. Ivanov.

In 2007, Natalia Kasperskaya. Infowatch General Director.

Natalya Kasperskaya, Chairman of the Board of Directors of Kaspersky Laboratory, is the general director of Infowatch.

Under her leadership, the company focuses on the development of leakage protection systems.

The company leaves the wing of the Kaspersky Laboratory and goes on free swimming.

In 2008, Infowatch, the leader of the data protection market.

The Infowatch CryptoSTorage product is awarded the PC Magazine magazine in the Network and Personal Security nomination.

Infowatch becomes the absolute leader in the leakage data protection market (DLP), occupying 70% of the market.

In 2009, the output of the product for the SMB segment.

Infoach Data Control, which is specially optimized taking into account the needs of small and medium.sized companies.

The company’s attempt to enter the markets of France and Germany. hiring employees in these countries.

The product is awarded the award of PC Magazine magazine in the Best Soft nomination.

infowatch, traffic, monitor, safety, settings

2010 from defense against leaks to information control.

Together with Ashmanov and Partners, Crybrum has been created to develop a decision to monitor social networks.

InfoWatch traffic Monitor has developed a software solution to an autolinguist.

the year of “pilots” and regional expansion.

The acquisition of the German company Synapspro (Egosecure), the developer of the Endpoint Security class systems.

Infowatch is structurally transformed into a group of companies.

The first “pilot” projects in the Middle East.

In 2012, building a holding with advanced grocery solutions.

Infowatch is the first company that included in Gartner’s magic quadrant in the Content-Aware segment.

The product of the product to protect the workstation of the corporate network of the InfoWatch Endpoint Security enterprise.

Infowatch sales volume has almost doubled.

In 2013, the formation of a balanced grocery supply.

Infowatch Group of Companies invests in the Taiga startup, which plans to develop smartphone protection from various threats.

Active development of Southeast Asia (Malaysia, India), the expansion of the geography of the Middle East presence.

New areas of business

The acquisition of the FINALLYSECURE BUSINESS (full-disc encryption) of the large Swiss developer Secude Ag for the development of German business Infowatch.

In 2014, unprecedented growth in sales, building business in key regions.

Unprecedented growth in sales (67%) Infowatch, growth in the regions is a record 78%.

Infowatch Group of Companies holds high positions in the ratings of the largest IT and IB companies according to the analytical agencies of CNews Analytics and Tadviser.

than two dozen transactions in Bahrain, the UAE, India, and Malaysia have been concluded.

In 2015, division of business into two directions was formed. protection against target attacks and protection against internal threats.

Release of an innovative complex for protection against target attacks, including the best technologies.

The output of the new version of InfowatchendPoint Security

Entering the version of the 5 and 6 key product Module Taiga Infowatches Monitor Enterprise.

In 2016, Infowatch Group of Companies was included in the Association of the League Promotion Enterprise League.

Продукты InfoWatch Traffic Monitor Enterprise Edition, InfoWatch Traffic Monitor Standard Solution, InfoWatch CryptoStorage SDK, InfoWatch Targeted Attack Detector, InfoWatch Attack Killer и InfoWatch Appercut включены в единый реестр программного обеспечения.

Infowatch group of companies is actively developing in the Southeast Asian market, concluding an agreement on cooperation with Silverlake Sprints.

The analytical company Gartner included the product of InfoWatch-Infowatch Traffic Monitor-in the “magic quadrant” of the best DLP solutions in the market. As a result of the study, Gartner analysts gave Infowatch the primacy among vendors.

In 2017, international expansion and expansion of the geography of the presence.

Infowatch group expanded business geography, opening offices in the Middle East and Southeast Asia.

“Infovotch-Volga” in the special economic zone “Innopolis”

Infowatch Group of Companies announced the sale of a minority package of shares to the Direct Investment Fund (PI).

Control of information flows and preventing unlawful actions with information.

Purpose: control of information flows, analysis of information security events and preventing internal threats.

Improvements in the new version are primarily aimed at reducing the number of erroneous works and more efficient identification of incidents.

Tests in pilot projects showed a reduction in the number of false works to almost zero.

New structure and standard content filtration base (BKF):

Interception of messages on social networks when correspondence through the browser:

Control of cloud services

In the new version of the Infowatch Traffic Monitor product, integration with Microsoft Office 365 is implemented, which allows:

  • Control the appearance of confidential information in the cloud
  • Analyze the intercepted data in Infowatch Traffic Monitor
  • Identify information security incidents
  • Store events and shadow copies of transmitted documents in a single database

Comprehensive Infowatch: Continous Security

Organization of the safe development process: Protection begins at the programming stage

Infowatch Attack Killer technologies will help build a safe web development process and promptly release updates. While programmers are correcting the vulnerabilities found by scanners, users can safely visit the resource. Protection is provided by Virtual Patching technology.

Continuous study of the protected resource and automatic adaptation of protection settings

The effectiveness of the work of any WAF is determined by the accuracy of filtering rules. Regular change in code requires regular updating such rules, so manual setting cannot provide a high level of protection. An effective response to modern threats will be a self.learning and self.adaptive system.

Complex active automated web infrastructure protection

Even with regular updates, the web infrastructure is under complex, continuous and active protection against hacker hacks and DDOS attacks, as well as at the level of the application level.

Continuous protection of valuable information, reducing reputation and financial risks

Infowatch Attack Killer university university will protect the organization from most types of attacks aimed at decommissioning the web resource, compromising confidential data or abduction of funds.

Guaranteed accessibility of the resource 365/24/7

One of the most common and easy-to-implement threats to organizations is DDOS attacks, that is, a refusal to reach the web resource. Infowatch Attack Killer Antiddos will provide round.the.clock protection without additional efforts on the part of the organization from reputation and financial losses, to which even the temporary inaccessibility of the site inevitably leads.

Automation of the safe development process (SDL)

The combination of WAF and CCS modules is able to optimize the processes of safe code development (SDL, Security Development Lifecycle). The modules can be integrated into an existing system for monitoring the versions of software and the error tracking system for each detected vulnerability automatically creates a task for developers, followed by verification of execution.

Automation of the process of proactive protection based on self.learning algorithms

Infowatch Attack Killer provides continuous protection of the company’s assets at the web application level. Self.learning algorithms of Infowatch Attack Killer significantly reduce the load on security officers. Solution users will learn about the reflected attacks only from reports.

Safe update operational production

Virtual patching technology will automatically close the found vulnerabilities in the code, which will allow you to release even unsafe web resource updates to Production ”. While programmers are preparing correction, the entire functionality of the site, except for the vulnerable part, will be available to legitimate users.


We implement a scheme of two servers with ICAP, SMTP, TCP 9100 services and a load balancer installed on one of them.

We have two RHEL6 servers from which standard repositories and part of the packages are removed.

Services that we need to balance:

Traffic transfer service from DM. TCP 9100.

Then we turn on the IP Forwarding on two TM servers. How to do this on Redhat described here.

We decide which of the servers we will have the main one, and which is the backup. Let Master be tm6_1, backup. tm6_2.

On Backup we create a new Balancer routing table and routing rules:

The above teams work before the system rebooting. For the routes to be preserved after rebooting, you can enter them in /etc /rc.D/RC.Local, but better through the settings file/etc/sysconfig/network-scripts/route-ty1 (pay attention: another syntax is used here).

Install Keepalved on both servers TM. As a distribution source, we used RPMFind.Net:

In the Keepalved settings we assign one of the Master servers, the other is Backup. Then we set VIP and load balancing services. The settings file are usually located here:/etc/keepalved/keepalved.Conf.

Install on Master LVS, which will balance traffic. For the second server, it makes no sense to install a balancer, t. to. In the configuration we have only two servers.

Keepalved, which we have already set up, will manage the balancer.

To complete the picture, we add Keepalved to the autostart on both servers:

VRRP virtual address checking

Using the Ping command, check the availability of VIP:

Now you can turn off Master and start the Ping command again.

The result should remain the same, and on Backup we will see VIP:

Take, for example, SMTP. Launch two connections at the same time by 10.twenty.twenty.105:

At Master, we must see that both connections are active and connected to different servers:

Thus, we implemented a fault.resistant configuration of TM services with the installation of a balancer on one of the TM servers. For our system, this reduced the load on TM by half, which made it possible to solve the problem of the lack of horizontal scaling by means of the system.

In most cases, this decision is implemented quickly and without additional costs, but sometimes there are a number of restrictions and difficulties in setting up, for example, when balancing UDP traffic.

Review of the DLP system Infowatch Traffic Monitor 6.7

Infowatch Traffic Monitor is a comprehensive solution that protects organizations from the actions of internal attackers and provides reliable protection of corporate data from intentional or unauthorized distribution (unauthorized distribution). Infowatch technologies allow you to consider all the customer documents, dividing them into categories, structure information assets, identify confidential data from a large amount of information. Infowatch concept is to control the movement of information at all stages: from the audit (which and where it lies), identifying content routes of movement and storage of information (from whom. to whom, which data category is transmitted or stored) until the distribution of confidential information using DLP systems and configured information security policies.

Compared to the previous version in question (5.1), the product has undergone a number of important changes and improvements that are aimed at increasing the protection of confidential data, convenience of working with the system, expanding reporting on events and incidents of information security, and increasing the performance of the system. In the latest versions, the approach to ensuring internal security has changed: in the focus of InfoWatch Traffic Monitor, an employee of the organization in the context of information to which he has full access, as well as devices, applications and business systems in which he works with this information. In the new version of Infowatch Traffic Monitor, opportunities such as corporate information on mobile devices (personal and corporate) were implemented, control information flows generated by the company’s business systems (creating a partner ecosystem due to the development of SDK), and the development of analytical capabilities and visualization of data collected by Infowatch Traffic Monitor (Infowatch Vision).

Infowatch has received a certificate of compliance with the Ministry of Defense of the Federation on a system for preventing leaks of confidential information and protecting organizations from internal threats Infowatch Traffic Monitor 6.7 with support for the special.purpose operating system Astra Linux Special Edition 1.5. Infowatch traffic monitor is also included in the register of domestic software, and is also certified in the FSTEC certification system (certificate 205 for compliance with the TU and 4 level of RD NDV).

The main differences of the new version are the possibility of blocking the leaks of confidential information at workstations, the ban on operations when working employees in applications with critical data for business, ban on copying and data extension operations using an exchange buffer and screen shots.

Infowatch software solutions and related actions

Annotation: In the final lecture, the latest recommendations are given the implementation of technical means of protecting confidential information, the characteristics and principles of the work of solutions infowatch are considered in detail

The purpose of this course is not a detailed acquaintance with the technical details of the work of Infowatch products, so we will consider them from the technical marketing. Infowatch products are based on two fundamental technologies. content filtering and audit of the user or administrator at the workplace. Also, an integral part of the complex solution Infowatch is the storage of information that has left the information system and the unified domestic security management console.

Content filtration of information movement channels

The main distinguishing feature of the Infowatch content filtering is the use of a moological nucleus. Unlike traditional signature filtration, Infowatch content filtering technology has two advantages. insensitivity to elementary coding (replacing some characters with others) and higher performance. Since the core does not work with words, but with root forms, it automatically cuts off the roots that contain mixed encoding. Also, work with roots, which in each language there are less than ten thousand, and not with the word forms, which in the languages ​​of about a million allows you to show significant results on quite unproductive equipment.

Audit of user actions

To monitor users’ actions with documents at the Infowatch workstation, offers several interceptors in one agent on the workstation. interceptors of file operations, print operations, operations inside applications, operations with attached devices.

Storage of information that left the information system through all channels.

Infowatch offers the storage of information that has left the information system. Documents passed through all the channels leading out of the system. Email, Internet, print and replaceable carriers, are stored in the Storage (until 2007 g Module Traffic Monitor Storage Server) indicating all the attributes-name and user position, its electronic projections (IP addresses, accounting or mailing address), date and the time of operation, name and attributes of documents. All information is available for analysis, including content.

Concomitant actions

The introduction of technical means of protecting confidential information is represented ineffective without the use of other methods, primarily organizational. We have already considered some of them above. Now we will dwell on other necessary actions in more detail.

Models of behavior of violators

Having launched a monitoring system with confidential information, in addition to building functionality and analytical capabilities, you can develop in two more directions. The first is the integration of protection systems against internal and external threats. In recent incidents show that there is a distribution of roles between internal and external attackers, and the combination of information from monitoring systems of external and internal threats will detect the facts of such combined attacks. One of the points of contact of external and internal security is the management of access rights, especially in the context of the simulation of production necessity to increase rights by disloyal employees and sabotageists. Any applications for access to resources not provided for by official duties should immediately include the mechanism of audit of actions with this information. It is even safer to solve suddenly problems without opening access to resources.

Let us give an example from life. The system administrator received an application from the head of the marketing department for opening access to the financial system. As a justification for the application, the Director General’s task was attached to marketing research on the processes of buying goods manufactured by the company. Since the financial system. one of the most protected resources and permission to access it is given by the General Director, the head of the information security department at the application wrote an alternative solution. not to give access, but to unload it to a special database for analysis by depersonalized (without customers) data. In response to the objections of the chief marketer that he was inconvenient to work, he was asked the question “on the forehead”: “Why do you need the name of customers. you want to drain the base?”. after what everyone went to work. Whether this was an attempt to organize a leak of information, we will never know, but no matter what it was, the corporate financial system was protected.

Prevention of leaks at the preparation stage

Another direction for the development of the monitoring system of internal incidents with confidential information is the construction of a leak prevention system. The algorithm for the operation of such a system is the same as in the solutions to prevent invasion. First, the model of the intruder is built, the “violation signature” is formed on it, that is, the sequence of the violator’s actions. If several user actions coincided with the signature of the violation, the next step of the user is predicted, if it coincides with the signature, an alarm is given. For example, a confidential document was opened, part of it was allocated and copied to the buffer, then a new document was created and the contents of the buffer were copied into it. The system suggests: if further a new document is saved without a “confidential” mark. this is an attempt to abduct. The USB drive has not yet been inserted, the letter has not been formed, and the system informs the information security officer who decides to stop the employee or trace where the information will go. By the way, models (in other sources. “profiles”) of the behavior of the offender can be used, not only collecting information from software agents. If we analyze the nature of the queries to the database, you can always identify an employee who is trying to get a specific section of information nearby. It is necessary to immediately trace what he does with these requests, preserves them, connects interchangeable information carriers, etc. D.

Organization of storage of information

The principles of anonymization and encryption of data are a prerequisite for the organization of storage and processing, and remote access can be organized on a terminal protocol without leaving on the computer from which the request is organized, no information is organized.

Integration with authentication systems

Sooner or later, the customer will have to use the system of monitoring actions with confidential documents to solve personnel issues. for example, dismissal of employees on the basis of facts documented by this system or even judicial persecution of persons who allowed a leak. However, everything that the monitoring system can give is an electronic violator identifier is IP address, account, email address, etc.D. In order to legally blame the employee, you need to tie this identifier to the personality. Here the integrator opens a new market. the introduction of authentication systems. from simple tokens to advanced biometrics and RFID. identifiers.