On 11-15 October, Sochi hosted SearchInFORUM annual private event. Company’s top officials summed up results of the outgoing year, presented new solution – SearchInform Event Manager (SIEM) – and shared products development plans that are to be implemented by the end of 2016 and in 2017.

SearchInFORUM became a platform for closed professional community, members of which could deliver their speeches, share experience, as well as openly discuss problems and solutions to them. We got a feedback that helps make products applicable: products are developed not for the sake of development, but for solving particular tasks about which clients are currently concerned.

We present a review of the most important upgrades and updates in SearchInform products in 2016:

SEARCH BY VIDEO

Advanced search capabilities by video simplified data analysis process. Now, information security officer just needs to choose the activity in which employee’s actions can pose potential threat (TeamViewer start, work in 1C, etc click now.) – and start watching video from a particular moment. Now, it is not required to watch the whole video to find and view one specific fragment.

WINDOWS 10 FULL SUPPORT

The updated versions of SearchInform products allow protecting computers that are running under Microsoft Windows 10. TimeInformer is capable to work properly in the environment, and SearchInform DLP supports work of interception agents and client parts in the newest operating system.
This allows customers of SearchInform to update safely OSs on corporate computers to the latest versions of Microsoft OSs. The level and quality of protection against data breaches remain as high as before.

COMPATIBILITY WITH VDI VIRTUAL ENVIRONMENT

Previously, SearchInform DLP could work with popular virtualisation environments, but in VDI environment, there were problems. During integration of capturing agent into the system image, it was assigned an identifier which, due to the VDI scheme peculiarities, could be repeated.
The upgrade changed behaviour of the Endpoint server, and data from each agent began to be identified unambiguously.

IPV6 SUPPORT

Support of the communication standard allows SearchInform DLP and TimeInformer work properly in the networks of new type. The IPv6 parameter is an additional attribute and can be included in search, which significantly extends device identification capabilities.

ES HUB FOR SMALL AND REGIONAL OFFICES

It allows solving information security issues more efficiently in remote offices where there are less workstations and/or narrow channel of communication with headquarters.

Operating principle: data from workstations is captured by agents and transferred to ES Hub where it is filtered, processed, compressed, and encrypted. Then, data is transferred to the main EndpointSniffer server.

Advantages:

• Optimisation of load on data transmission channel.
• Centralised data processing and recording to one database.
• Management by ES Hub installed at the local level through the main SearchInform EndpointSniffer server.
• Saving on SW purchase for branch offices (OSs, DBMS).

PROTECTION OF LOCAL RESOURCES

This feature allows you to control access to critical data: hides/locks folders of top management, denies access for even privileged users (system administrators, technical experts, etc.). Differentiation of access to resources (folders and disks) is performed only at the DLP level and cannot be canceled either at the system level or at the domain level.

AUTOMATED CLASSIFICATION OF WEB-SITES

Before, SearchInform DLP and TimeInformer users had to manually classify every unknown web-site, which occupied much time. Now, resources are classified automatically. Once in 10 minutes, programs collect and process all unknown resources distributing them by categories: dating web-sites, social networks, online games, news web-sites, shopping, job sites, etc. Currently, more than one million web-sites are categorised.

SPEECH RECOGNITION

Any audio data can be recognised and transformed into text. It allows you to solve a range of tasks that previously could be solved only through audio interception. The whole process is local: data does not leave the network, external services like Yandex SpeechKit and Google Speech are not used. The feature is at its experimental stage and tested by clients.

AGENT FOR ASTRA LINUX

SearchInform DLP is integrated with Astra Linux OS. DLP system fits well into Astra Linux eco-structure and allows solving issues of internal information security. In particular, it provides a level of protecting classified information “Top secret”.

SEARCH BY STAMPS

The innovation of SearchInform allows monitoring transmission of scanned documents by standard stamp samples. Stamp scanner is available for all SearchInform clients without additional fees. The component is integrated into the system by default and no additional technology is required.

IMAGE CATEGORIES SEARCH

Quality and speech of image recognition in SearchInform DLP broke new ground. Due to the technology of optical character recognition (OCR) from ABBYY, the system classifies files and separates personal data circulating inside company.

Recognition and image classification technologies automatically determine the type of personal data. ABBYY classification module helps identify any standard document: passport, credit cards, etc.

SIMULTANEOUS WORK OF TIMEINFORMER AND SEARCHINFORM DLP AGENTS

Some clients use simultaneously two products of SearchInform: for instance, control e-mail with SearchInform DLP, and other tasks are solved with TimeInformer work time control system. Before, agents of two systems used to conflict upon installation on the same workstation. Now clients can start two systems simultaneously without any problem.

NEW SEARCHINFORM DLP LICENSING

New licensing plan gave the possibility to manage licenses centrally from one place. Before, a user had to differentiate license on every server separately, now it is enough to make changes once, and license will be applied to all servers. Flexibility of licensing also increased.

You can separate necessary number of licenses from key for every particular server, or choose dynamic scheme for automatic license distribution.

DETECTING AGENTS OF OTHER DLP

Agent of any DLP is integrated in the main system features. Thus, integration of two agents on one user workstation will result in a conflict.  Users and technical support both encounter problems. To avoid this, SearchInform DLP was equipped with the feature of detecting other agents.

This feature allows information security officer to make sure that other solutions were not left accidentally (for example, after trial) or not used by other departments intentionally. SearchInform DLP detects all popular DLP systems which are in demand in the market.

BLOCKING TRAFFIC VIA ICAP

Interaction of DLP and ICAP Proxy enabled monitoring all traffic. When security policy is violated, traffic can be blocked. The technology allows securing company’s network regardless types of devices.

EXACT FILE SEARCH BY HASH

Due to this technology, unambiguous files identification became possible, analytical capabilities of DLP were extended, and search was simplified.

AUDIT OF OPERATIONS WITH PARTICULAR FILE/DEVICE

It is possible to control all operations with particular file or device and unambiguously recreate the situation of violation.

NEW REPORTS ON EFFICIENCY

• User efficiency – shows efficient/inefficient use of SW/web-sites by users.
• Detailed user efficiency – shows total time of user activity in SW/web-site and specify activity type there; you can specify by date.

Both SearchInform DLP and TimeInformer feature setting up rules and list of efficiency.