The next-gen DLP, Risk Monitor, automatically recognizes text that users embed in quick response (QR) codes to bypass information security rules.

The system has expanded its protection against atypical data leakage methods by now reading QR codes, with the graphic key recognized as text to which security policies are applied.

Risk Monitor comprehensively detects and decodes all embedded content in QR codes, including links and hidden messages, through its analytical engine, applying this function automatically to all new traffic and enabling retrospective analysis of previously transmitted files. It can identify and decode QR codes across all graphic formats, even when inserted in text documents or any other document files.

"It is easy to prevent leaks caused by employees' mistakes and lack of information security awareness. However, when insiders act deliberately, they can be extremely inventive. Several of our clients have encountered attempts by intruders to steal confidential data by encrypting it in a graphic code and inserting it into documents as links. Thanks to the new capabilities of Risk Monitor, these leaks were successfully prevented," stated Sergio Bertoni, Lead Analyst at SearchInform.

"QR code recognition can also be used to analyze incoming traffic, such as emails or messages received by employees from external sources. This helps identify suspicious links and provides an additional layer of protection against phishing attacks," he explained.

From now on, information security officers can analyse the text extracted from QR codes alongside the documents containing them. This text can be searched manually or through automated incident detection setups. Additionally, the security policy can be based on either the presence of confidential content or the mere transmission of emails and documents containing QR codes, serving as a key indicator for potential security breaches.

Risk Monitor enhances data loss prevention by detecting leaks through unconventional channels such as photos of PC screens taken with smartphones, hidden layers in MS Office documents, or draft emails, enabling the identification of sophisticated insider threats. The next-gen DLP system notifies security teams of incidents and can swiftly respond by blocking data transfers or taking other rapid response measures. Recent updates also empower security specialists to immediately terminate user session if malicious activity is detected on the employee’s computer, providing a robust mechanism for real-time threat mitigation.

ABOUT SEARCHINFORM

SearchInform is an information security and risk management product vendor as well as an MSS provider. The company's clients are more than 4000 companies in 20+ countries. Today, the team has products and services for comprehensive protection against insider threats at all levels of corporate information systems: FileAuditor (the DCAP class solution); DLP system with extended functionality; Risk Monitor (advanced platform for internal threat mitigation); SIEM system, IS outsourcing service.