Data Transition Analysis
As soon as e-mails, web posts, files on a flashcard and other bits of information going out of corporate infrastructure it could carry about sensible data. You do not want to stop the information traffic because communications are important for your business but you want to stop the transmitting of the confidential data from trusted ambient of your corporate network to unfriendly public networks without appropriate defence. DataTrack will take care about the problem inspecting outgoing data packages for sensitive data in several ways. This composite technology let us rely on high probability of the required information detection because absolute detection technology does not exist.
The data transition analysis components include:
- DPI (Deep Packet Inspection) and headers analysis – let us to figure out are the recipients belong to trusted ambient or not
- Digital fingerprints analysis – allows to detect transmitting of classified documents or its parts
- Morphologic analysis – let us to find out whether transmitting data belong to sensitive data categories or not. Remember recently created confidential data could not be classified
- Regular expression analysis – checks for data that look like personal details
DataTrack copies all the traffic passing by (or through) and processes it depending on its type. In the process of inspection the next operations are executed:
- checking formal features (sender, recipients, IP address, url and so on) of a message and marking it trusted or not in line with the security policies
- extracting text data from all attachments
- taking “digital fingerprint” of the message and its attachments and comparing it to fingerprints samples
- Morphology analysis of the all extracted text data
- saving the message and its details in security database
- making decision according to the security policies
If DataTrack detects something suspicious it creates a security event and alerts security officer. The transition can be blocked if it supposed by security policy. The information pieces detected as confidential will be highlighted and referenced to the information category that allows security officer not to waste time for looking through all the bulk of data and make his decision faster.
All data transitions are stored in the security archive for postponed analysis, audit and possibly investigations. This is important to go in line with some compliance issues.