SEARCHINFORM DLP CAPABILITIES 2 Contents SearchInform DLP Capabilities ............................................................................... 3 1 Capabilities of EndpointController Interception Modules for Windows ............. 3 2 Capabilities of NetworkController Interception Modules .................................. 8 3 Capabilities of NetworkController Integration with Mail Servers, Lync (Skype for Business) and ISA/TMG .................................................................................. 10 4 Capabilities of EndpointController Interception Modules for Linux (Ubuntu, CentOS, Rosa, Gos, Astra) .................................................................................... 11 5 Blocking Capabilities in SearchInform DLP .................................................... 12 5.1 Blocking at the Level of Agent ....................................................................... 12 5.2 Blocking at the Level of Network ................................................................... 13 5.3 Blocking Email at the Level of Workstation or Mail Server (Agent) ..................... 14 6 Protection of Data at Rest .............................................................................. 15 3 SEARCHINFORM DLP CAPABILITIES SearchInform Data Loss Prevention (SearchInform DLP) is used to collect and analyse information flows within the local computer network. Data can be captured in two ways, depending on the server component: SearchInform EndpointController or SearchInform NetworkController. Server components are the platforms on which data interception modules operate. Each interception module operates as a traffic analyzer and controls its own data transmission channel. This document provides detailed capabilities of interception modules of SearchInform DLP server components. 1 CAPABILITIES OF ENDPOINTCONTROLLER INTERCEPTION MODULES FOR WINDOWS The table shows capabilities of SearchInform EndpointController that operates through agents installed on network workstations. Module Features Capabilities Filtration for Users/Groups or processes Capability to exclude system actions 1. Capturing key strokes Capability to exclude interception of 2. Capturing function keys passwords KeyLogger 3. Capturing text from Blocking PrintScreen keystroke clipboard Interception of only keyboard keys/clipboard/all Set up of clipboard size Filtration for Users/Groups or processes Capability to exclude system actions Control of any event of file system FileController (creating, changing, opening, Audit of changes of file/folder access deleting, etc.) for files or folders rights Capability to exclude audit of temporary MS Office files 1. Taking snapshots Capability to set up interval for taking 2. Recording video snapshots, options of video recording, CameraController 3. Connecting to camera in real particular options for selected time applications, users, URLs 1. Google Docs 2. OneDrive 3. Office 365 4. Dropbox 5. Evernote Cloud & 6. Yandex.Disk N/a SharePoint 7. Cloud.mail.ru 8. Amazon S3 9. iCloud 10. DropMeFiles 11. OwnCloud 12. SharePoint Maximum size of a captured file, update FTPController Capturing files sent over FTP protocol interval, timeouts of last activity 4 Module Features Capabilities Control of time spent in applications and on websites Control of time spent on websites is possible in the following browsers: Internet Explorer (from version 8) Mozilla Firefox (from version 50.1.0) Google Chrome (from version 55.0.2883.87) Yandex Browser (16.11.0.2680) Opera (Presto) (36.0.2130.80) Opera (Chromium) Safari Tor Browser Netscape Navigator Filtration for Users/Groups or processes Amigo (from version Capability to exclude system actions ProgramController 54.0.2840.189) Capability to disable audit of activity on Sputnik (from version websites 2.1.1051.0) Flock (02.06.2001) Avant Browser Lunascape Maxthon SeaMonkey K-Meleon SlimBrowser Edge (from version 38.14) Comodo Dragon (from version 52.15.25.664) CoolNovo (2.0.9.20) Cốc Cốc (from version 56.3.150) Titan Browser (from version 33.0.1712.0 (235591) Uran (from version 43.0.2357.134) Options of quality (compression) for 1. Control of printing on local images printers Filtration by users, processes, 2. Control of printing on PrintController description, printer, and location network printers 3. Control of printing on virtual Feature of blocking Escape functions printers (control of a printer by escape commands) Limitation by minimum size of POST query Limitation by intercepted nodes, IP addresses, ports, type (SSL/no SSL), 1. Capturing POST queries HTTPController processes 2. Capturing GET queries Capability to add a list of anonymizers Capability to block SPDY and QUIC Capability to exclude MIME types (audio, video, images) 5 Module Features Capabilities Capability to set up interval of taking screenshots, interval of taking screenshots of Skype video conferences and for URLs, particular options for selected applications, users; color 1. Taking screenshots settings, settings for several monitors 2. Videorecording user’s MonitorController actions Capability to adjust color and exclude 3. Connecting to a user’s background; frame frequency settings screen in real-time mode Capability to configure a schedule and operating mode (for all/for selected) Capability to specify access settings for connection by password or for specified users Capability to specify settings for profiles In Office/Out of Office: maximum 1. Sound recording with a duration, noise reduction, quality of microphone recording, speech recognition, list of 2. Connecting to a user’s software, schedule MicrophoneController microphone in real-time Capability to configure a schedule of mode recording 3. Audio recognition (speech- to-text transcription) Capability to specify access settings for connection by password or for specified users Interception of the following protocols: IMAP MAPI (without encryption) POP3 SMTP General settings: NNTP Filtration by sender, recipient, domain WebMail as part of: user, subject, protocol, size, number of mail.ru recipients MailController gmail.com tut.by Individual settings for WebMail: yandex.ru capability to activate/deactivate rambler.ru interception of incoming email messages outlook.com Blocking outgoing (SMTP) email office 365 messages by content and/or context ukr.net criteria yahoo.com qip.ru Google Sync Etc. 6 Module Features Capabilities Interception of the following protocols: 1. ICQ 2. MMP (mail.ru agent) 3. XMPP (Jabber) 4. MSN 5. Gadu-Gadu Interception of contact list 6. Lync Capturing chats, calls, files, contact; 7. Viber settings of maximum file size, sound and 8. Telegram duration 9. HTTPIM as part of: Capturing chats, calls, files, contacts, IMController vk.com ok.ru message history; settings of maximum facebook.com file size, sound and duration mamba.ru Audio recognition (speech-to-text my.mail.ru transcription) LinkedIn Evernote Google+ Yammer Fotostrana Web-Skype icq.com etc. Capturing chats, calls, files, contacts, SMS, message history Capturing calls, messages, files, SMS Settings of maximum file size, sound and SkypeController via Skype for desktop duration Audio recognition (speech-to-text transcription) 7 Module Features Capabilities a) Audit + Block of Access: General capabilities: 1. USB HID devices (except Maximum size of a processed keyboard and mouse) file 2. Printers (USB) Exclusion of system users 3. Bluetooth adapters (USB) Black and white lists by type, 4. Scanners (USB) device, manufacturer, serial 5. All USB devices (except number, user, computer concentrators) 6. COM ports 7. LPT ports Capabilities for A group: 8. Bluetooth Users/Groups 9. Printers Computers 10. IR ports Full right access/No access 11. Media devices Audit On/Off 12. HID devices (except Exclusion of system users keyboard and mouse) 13. Keyboard and mouse 14. FireWire 15. Smart cards Capabilities for B group: 16. PDA Users/Groups 17. Tape device Computers 18. Block of folders 19. Block of disks Full right access/No access b) Only block of access: 1. Modems Capabilities for C and D groups: 2. Wi-Fi Capabilities described above, as well as: c) Audit + Block of access + Shadow Shadow copy by file name, file copy: type, process, user, computer DeviceController 1. USB devices Access by file name, file type, process, user, and computer 2. CD/DVD-ROM Shadow copy of data stored on 3. Cameras/Scanners device 4. Floppy disks 5. SCSI 6. Network folders 7. RDP disks 8. Portable devices of Windows Android Apple Blackberry Palm Windows Phone All portable devices d) Available blockings: 1. USB devices 2. Block at the start of software 3. CD/DVD-ROM 4. Floppy disks 5. SCSI 6. Network folders 7. Clipboard 8. RDP disks 9. Portable devices of Windows 10. Processes 8 Module Features Capabilities Encryption is available for selected users or groups For encrypted files you can configure access settings for: • All users except specified • Only specified users Encryption of all data types sent to Data encryption external USB storage devices using a A file can be opened only if agent is unique key (generated by user) available and there is a permission to open Black/white list settings are also available for encryption You can configure settings of shadow copy, where ONLY encrypted files will be captured Automatic addition of such connections in Notifications about failed attempts of exclusions SSL notifications agents to trap connection1 Filtration by time, computer, user, process, and type Audit of technical
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages16 Page
-
File Size-