monitorium dlp
DESCRIPTION
Data Loss Prevention system based on DPI network traffic analysisTRANSCRIPT
Data Loss Prevention DLP System
Monitorium
Monitorium
• Protects confidential information and documents from theft or accidental loss through internet transmission
• Monitors and analyzes content of outgoing IP traffic • Detects and blocks security violating traffic • Can limit corporate network users’ access to Internet
resources
• Different and complimentary to firewall and antivirus: – Protects “content”, not PC hardware or internal network – Protects against internal threats
Network installation
System characteristics
• Deep Packet Inspection (DPI) bases Level 7 network analysis system
• Supported protocols: HTTP, FTP, TELNET, SMTP/POP/IMAP • Applications:
– Webmail (Yandex, Mail.ru, Gmail, Rambler) – IM (ICQ, Jabber, gtalk, mail.ru agent)
• File formats: – txt, rtf, Microsoft Office (.doc, .xls, .docx, .xlsx), pdf, html,
XML, ps, zip, gz, 7z, rar, tar, bzip • Content analysis: linguistic, regular expressions, dictionaries,
fingerprints, keyword matching, window hashing, stat. analysis • Supported languages: Russian, English
Analyzed information
• Message sender address: MAC / IP address • Message receiver address: IP address, hostname • Message headers:
– Page url (www address, domain/host name) – email address – ICQ user name
• Message content: – Search queries – Blog, forum, social network posts – Email texts – IM chat texts – Content of attached documents and archives
Interface: Event monitor
Security rules
Reports and statistics
Advantages of Trafica DLP system • Real time protection and alerts • Full content analysis • Multiple monitoring points • Easy network installation • Detailed reports engine • Full text incidents archive search • Designed to be used by non-technical staff
Trafica LLC • Founded 2008 • Central office in Moscow • 15 people • Email: [email protected]