SearchInform FileAuditor is a solution for auditing file systems, the software monitors confidential documents on users' PCs and monitors actions with them. The new software version adds the ability to block access and transfer of confidential files in any application.
The task is solved using tags that are automatically assigned to files depending on their category - "commercial secrets", PII, "contracts", "financial statements", "files with passwords", etc. Then, permissions and prohibitions are configured by tags: which users, on which PCs and in which applications you can open and modify. For example, in FileAuditor, you can prohibit sending files with the PII tag through any channel - be it a corporate messenger or the well-known Telegram. The user simply will not be able to attach such documents to attachments and will receive an error notification. Only the director can be allowed to work in MS Office with documents from the "Confidential" category - then all other users, even having access to such a file, will not be able to open it.
At the same time, labels are invisible to users and are inherited during various actions with files, including copying, renaming, changing the extension.
“A standard solution for the Russian cybersecurity market for protecting confidential files is blocking their transfer using a DLP system. But this technology has drawbacks: it does not protect against unauthorised edits or deletions of files; in addition, updates to the OS, browsers, messengers should be always considered - otherwise the blocking features will stop working.
In FileAuditor, we have implemented blocking of not only forwarding, but also working with confidential files in any application - from mail to a graphic editor. You don't have to worry that the protection system does not support your corporate messenger, or the updated OS, FileAuditor restrictions work deeper - at the level of receiving data from the file system," says Sergey Ozhegov, CEO of SearchInform.
An additional advantage of this approach is efficiency. For comparison, DLP reads each file sent separately to find sensitive content and check if it meets the blocking criteria. This takes more time and resources. In FileAuditor, information about whether actions with a file are allowed or prohibited is collected in a tag - the program reads it and acts instantly. At the same time, FileAuditor works autonomously and can protect confidential files even in those companies where DLP is not installed.
In conjunction with DLP, the functionality of the software multiplies: it will control the attempts to send not only the entire file, but also excerpts from it - for example, the text copied into the message or the body of the letter.
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!