En
En
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
Data protection and classification
Access rights audit
User activity audit, investigation
Compliance
Use case: access control and change management
Use case: user behavior and insider detection
Use case: eDiscovery
Use case: file cleanup
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact us
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact Us
Book a return call
HomeProduct NewsNew features in the SearchInform solution: investigation management and blocking on the fly
BACK TO BLOG LIST
New features in the SearchInform solution: investigation management and blocking on the fly
04.06.2021

Blocking within the agent

“Blocking” section has appeared in the Endpoint Controller, it brings together blocking rules managing programs for websites, printing, messengers and files. Their peculiarity is that they work within the agent – they don’t depend on a network connection or a server with the installed SearchInform solution. This allows for a continuous control and proactivity – data gets processed quicker, traffic doesn’t overload network infrastructure, as the system doesn’t have to transfer data between an employee’s PC and a server with the SearchInform DLP on it in order to make a decision whether to permit or limit.

Blocking instrument interface in EndpointController

The boundaries for websites and documents sent to print work by content, thus the system will automatically stop downloading information to a web page or printing if it contains sensitive data. In the "Messengers" tab, you can configure the list of applications that can or can’t be used, as well as restrict certain actions - for example, sending attachments. It also became possible to block messages with unwanted content - if an employee decides to send extracts from confidential documents to Slack, the messages simply won’t be received by the addressee.

File blocking features are available when integrating DLP with FileAuditor: this DCAP solution assigns tags to all documents depending on their type and content, and DLP adjusts the “operating instructions” to all files of the selected category by tags. As a result, an information security specialist can restrict user access to files through any program, whether it is a text editor or an email client - unauthorised users will not be able to send an email attachment or even open it to read.

Clipboard blocking settings

Another new thing - there are fine blocking settings for the clipboard now. Restrictions can be set by user, PC, and process. They are configured in the DeviceController and operate by content - information security specialists can specify text, a sequence of characters or regular expressions that will be subject to restrictions. Complex queries are also supported. As a result, for example, you can prohibit copying texts containing bank card numbers and sending them to messengers, browsers, etc.

Smart quarantine

Quarantine is now also faster. Checking email traffic is no longer occupied by the main DLP server, but by an especially allocated engine in the Endpoint Controller - it provides fast scanning and analysis of message content, including analytics for text, attributes and attachments, including using OCR. As in the case of blocking within the agent, this increases the speed of detection and response to suspicious incidents.

For ordinary users, there is the opportunity provided to decide whether they are ready to accept the risks and send or not send a letter with confidential content. Having written such a letter, an employee will see a warning - an automatic email notification - that the transfer of the data contained in the email may lead to a violation of information security policies. If a user is sure that everything is within the rules, then he will be able to confirm the sending by clicking on the link in the notification or by a reply email. This will unload the information security department, which manually parses suspicious email content, and reduce the number of situations when an important email gets blocked and a delayed sending can harm business processes.

Investigation tools

The Task Management tool was created in the DLP to make it easier for information security departments to investigate incidents. It can be compared to the Jira system, with the difference that in Task Management everything is done with consideration of infosec specialists’ specific needs. Analysis of each incident turns into a full-fledged project, for which you can set the time frame, performers, observers, urgency status and add all the necessary information about interception. Additionally, Task Manager supports the upload of external files that can assist during investigation. It is possible to combine several incidents into one project, collect an archive of details about persons involved and keep supplementing the collected information in real time. There are special filters that work to find the projects you need, for example, those where the same employees appear.

Task Management interface

As a result, each employee of the information security department will be aware of the latest tasks for current and new investigations - a notification system is developed for this. The level of access to the Task Management section for specific employees is configured by managers. This can be Full Control, Read Only, or Denied. In the latter case, Task Management is not displayed in the Analytics Console user interface.

Also, within the framework of the DLP, the concept of People-Centric Security was elaborated - an approach in which the investigation of incidents is launched beginning not with the data that could have been leaked, but with a person who could have committed a violation. It has become more convenient to carry out such work thanks to the new tools in the User Cards section. There it became possible to add psychological portraits to information about each employee - if a company has the ProfileCenter installed, the data will be "pulled up" automatically. A summary report from the ProfileCenter is displayed in the Profile tab in user cards: character strengths and weaknesses, personality traits, core values and criminal tendencies if any. It also provides recommendations on how to interact with an employee more efficiently and minimise security breach risks.

"Profile" tab in a user card

Convenient integration

The DLP expands the control perimeter - now it is easier to connect external data sources to the system and "export" data protection functionality to other IT systems.

The Analytic Console now comprises a security policies managing program and work criteria for the External API module. It allows a specialist to quickly configure control over external sources - for example, data from systems that aren’t connected to agent or network interception, but are needed to understand whether users transmit confidential information outside the control perimeter. In the policy manager, in two clicks you can set the rules in accordance with which the DLP will search for security incidents in third-party sources through the External API. All types of searches are available in policies, including those combined into complex queries. The results of the check are displayed in the system that interacts with the DLP via the External API.

Manager of criteria for checking via External API

The "Run external script" function is now available: one can access it in the Alert Center when setting up security policies. Using external scripts, the DLP transmits information about incidents to third-party applications. This allows you to comprehensively respond to negative events. In the security policy manager in the Alert Center, you can configure a list of attributes for uploading that will be especially useful in a third-party system. For example, if a policy about an abnormally high number of sent emails is triggered, you can configure the transfer of this data to the UEBA system - it will correct data about typical and atypical user behavior.

External scripts can also react to emails in Quarantine that fall under the intended launch of an external program policy.

Adding an external script when configuring security policies in AlertCenter

More features for Linux

The functionality of agents for Linux is supplemented with the capabilities of the ProgramController. It is designed to track the time employees spend in applications. Now information security specialists in companies with Linux-based infrastructure will be able to receive full data on the activity, productivity and efficiency of personnel. The module monitors active processes and window titles on employees' PCs and determines who is busy working in job-related software, and who is idling or using suspicious programs. One can customise checklists as required. There, for example, employees who don’t need to be monitored can be specified.

Configuring activity monitoring in ProgramController for Linux

In addition, PrintController functionality is now available for Linux users. Thanks to this, what and how much employees print is transparent for the top management now - information security specialists can control who can use printers, which documents can and can’t be printed. Text and graphic content of printouts can be excluded from interception in order to not overload the data storage.

Thus, the functionality of all DLP modules is now available to control PCs on Linux OS.

 

All the updates are available in a full 30-day trial version

Try for free

BACK TO BLOG LIST
Also read:
The Functionality for Employees’ Geolocation Determination was Added to SearchInform RM
Employee monitoring Remote employees DLP
20.12 Products News
The SearchInform Risk Monitor’s Capabilities of Web-camera, Monitor and User Activity Control for Linux Operated PCs Were Extended
Employee monitoring Risk management DLP
11.12 Products News
Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.
Products and Services
FileAuditor
DLP
Risk Monitor
ProfileCenter
SIEM
MSSP
Cloud Deployment
Company
Contact
About Our Company
Company Portfolio
Our Clients
Press About Us
Press Kit
Resources
White Papers
Third-party integration
Research
Practices and use cases
Videos
News
Company News
Product News
Events
Blog
Challenges
Compliance
Data Loss Prevention
Investigation
Data at Rest Discovery
Data Encryption
Data Visibility
Data Classification and Protection
Data at Rest Discovery
Time Tracking and Employee
Monitoring
Corporate Fraud Mitigation
Roles
C-level executive
Risk manager
Internal audit officer
Compliance manager
Information security analyst
Chief Human Resources Officer
Industries
Business Services
Education
Financial Services
Government
Insurance
Manufacturing
Healthcare
Retail
Energy
Hospitality
Construction
Partners
Become a partner
Partner login
SearchInform products are recognized by
Gartner The Radicati Group
Follow us:
© 2024 SearchInform LTD All rights reserved.
Terms of Use
Licence
Privacy&Cookies