Products
▸
DLP has expanded a number of popular business messengers to control. Now it also monitors Mattermost, Rocket.Chat, and Zoom, which appeared to be the most popular platform for business meetings during the pandemic. Now DLP intercepts not only conferences and chats, but also forwarded files.
Data to automatically fill out forms that users save in the browser also have become available in the system.
Even more data sources can be connected optionally via the open API. The API is great for uploading random texts, files, and for analysis of archives with intercepted data. Now it is possible to analyze emails in the period prior to the installation of DLP, or monitor employee communication outside the protected perimeter. For example, if your team uses Slack on personal devices within the work subscription, you can configure the integration of the chat archive with corporate accounts via the API. Thanks to this, no valuable data will be missed.
At the same time, the captured data will not take up more space. The automated archiving function allows transferring data that is no longer required for a rapid incident investigation to slower disks. At the same time, the information can be returned for operational analysis in few clicks. Thus, a risk management specialist can optimize data storage without losing efficiency in responding to incidents.
"User Card" is a new tab that has appeared in the Analytic Console. The familiar tool not only changed the location, but was enriched with new data categories. The Card shows all data about the employee, including the communication channels that a person uses in the workplace. The system also enables additional data specification, it could be, for example, position and office number or hobbies and marital status. Such reports accelerate an investigation process, giving an information security specialist clues where to look and what to look at.
Cards can be grouped, for example, by department, hobby, or access level to confidential information. Potential violators are put under special control, also proper attention is placed on employees close to management. Cards are automatically created for external users with whom the company's employees communicate on regular basis.
In the report on user connections, we also optimized the work with external contacts. Previously, the report immediately displayed all information on non-corporate connections. Given an enormous number of such, it was difficult to figure out which connections to pay attention to. Now it is possible to filter out employees' non-corporate addresses and view them separately if they are necessary to the investigation.
In messengers, we have been improved the functionality of investigating incidents by correspondence. Thanks to the new Conversation Participants filter in the Analytic Console, you can quickly narrow down the list of suspects. The feature is already available for Skype, Viber, WhatsApp, Telegram, and Lync.
Thanks to the new tools for blocking the events, risk management specialists can prevent incidents quicker.
For example, when copying information to external media (flash drives, mobile phones, etc.), you can block the transfer of files which contents contradict security policies. The blocking will work even in case the user tries to cheat the security system and keeps the file in a password-protected archive.
Now there are more opportunities for preliminary sorting of suspicious emails. Mail quarantine works on the server without installing an agent. Thanks to this, all email is under control, including the case when employees send it through web browsers or from PCs that do not have the DLP agent installed. Email traffic is processed faster and there are no queues of messages on the mail server.
You can check the work of the newly configured quarantine rules in debug mode. It will show whether the necessary emails fall under the system's analysis. At the same time, email sending is not slowed down. This is crucial for information security specialists to make sure that new policies have been configured correctly.
Now the system allows viewing not only the indexed text, but also the original emails that are quarantined. This allows to get a comprehensive picture with all additional attributes such as graphics or special characters, which may contain important for the investigation information.
In order to extract text from such images, the information security specialist can choose the preferred OCR technology. If desired, the built-in OCR can be quickly replaced with an ABBYY analog (an additional license is required).
