МФИ СофтGARDA ENTERPRISE

A handy DLP solution

GARDA Enterprise is a cutting edge solution featuring all the latest technologies in the field of data leak prevention (DLP)

Garda Enterprise: a new view on data leak prevention 3

Capabilities 6

System overview 11 A new generation of DLP solutions Operating principles System management

Getting deeper 16 Security policies Quick search Search criteria Data storage Traffic handling Workstation monitoring Monitoring and blocking traffic flowing over secure

connections System management

Analytical capabilities 26 Statistical reports Employee’s contacts Employees profiles Data dissemination diagrams

Methods of analysis 31

Advantages of Garda Enterprise 32

Hardware and software requirements 33

Support 35

About MFI Soft 36

A new view on data leak prevention

As a rule, configuration and maintenance of DLP

systems, as well as the analysis of results of their

operation requires lots of efforts. Garda Enterprise is

designed to streamline and automate the day-to-day

routine of information security (IS) officers. Garda Enterprise starts revealing information policy violations and potential threats right after deployment, even before all the DLP implementation and setup stages are complete.

Detection of major risks, data categorization, fast

creation and monitoring of information security policies

are intuitive and can be managed without having a

glance at the manual.

Back to contents

Capabilities

New technologies employed in Garda

Enterprise broaden the functionality and

application of DLP solutions

Efficient data leakage preventionBased on in-house smart algorithms of detection of sensitive information Garda Enterprise safeguards all communication channels and immediately alerts IS officers to security policy violation attempts.

Analytical system Analysis of the trends in the Company information flows allows the development of long-term leak prevention strategy and real-time detection of suspicious user activities.

Handy monitoring tool Interactive creation of information security policies, management of employees’ access to information resources, documents and physical devices, productivity monitoring.

SYSTEM OVERVIEW

A new generation of DLP solutions

Operation principles

System management

Garda Enterprise – a new generation of DLP solutions

Monitor and analyze communications of your employees

to minimize data leak risks. With the rich capabilities of

Garda Enterprise you will be able to:

Prevent data leaks

Identify disgruntled employees and prevent insider

attacks

Use a powerful set of tool for internal investigations

Easily manage information policies and analyze their

efficiency;

Perform comprehensive monitoring and analysis of

user activities

Keep archives of all business communications

Back to contents

Operating principlesGarda Enterprise comprises the following subsystems:

Interception and management module

Storage module

Analytical module

The modules are tightly integrated and supplied on a

single hardware platform:

All software components are the intellectual property of

MFI Soft and does not require any third-party licenses.

Go to next slide for details.

Back to contents

Interception and managementIncludes sniffers handling network channels and workstation

agents monitoring personal computers and devices

connected to them and ensuring various types of blockings

(cloud storages, removable devices, processes, etc.).

 StorageA data warehouse that ensures efficient storage and

indexing of all data (messages, files, traffic statistics)

generated and exchanged by the staff.  

AnalyticsThe analytical module ensures automated data analysis;

detection of policy violations, user behavior and traffic

irregularities; report generation.

Operating principles:

Subsystems

Back to contents

Garda Enterprise provides an intuitive web interface for

efficient system management.

Usability — an operator can easily learn and start

working with the system even without reading the

manuals;

Efficient handling of day-to-day tasks;

Platform independent — manage the system from any

device and under any operating system.

Managing the system

Вернуться к оглавлению

GETTING DEEPER

Security policies

Quick search

Search criteria

Data storage

Traffic handling

Workstation monitoring

Monitoring and blocking traffic flowing over secure connections

System management

Interactive policy creation and preview of results.

Quick and easy policy configuration. When configuring a policy, you immediately see the outcome of applying it, so you can interactively adjust the policy until you get the required result. 

With a comprehensive set of criteria (type of data, employed software, communication channels, etc.) and conditions (key words, tags, search criteria and their combinations) you can design policies of almost limitless complexity.

Policies are based on search — you can preview the result of the policy being created and, if necessary, make appropriate changes to minimize false positives.

Security policies

Back to contents

The search among data objects is done in a similar fashion as searches in the popular search engines. Found objects are displayed in a readable format. The operator can use a rich set of refining search criteria.  

The search does not depend on the file types and can be run even inside archives. 

Regular scanning and the possibility to save search templates allow the operator to receive notifications about current events without adding them to the policy list.

Garda Enterprise keeps the full copy of all traffic. Upon creation of new rules and policies, you can run a retrospective analysis of data in the archive. Yet no other system can offer such a useful feature.

Quick search

Back to contents

Key words and phrases, including their occurrences in attached files and archives

Regular expressions

Search for similar documents

File name, document attributes, type, size, protocol, port, etc.

User accounts in Active Directory (import of user data from the LDAP server)

IP address

IM idetifiers (Skype, MSN, ICQ, etc.)

Social network IDs

Email addresses

VoIP account names / phone numbers

Search criteria

Back to contents

Garda Enterprise is one of the first DLP solutions developed with the use of the BIG DATA technology.

Our data storage subsystem was designed to address the typical problems of other DLP solutions. It ensures:

Storing of a wide range of data – information about incidents, specific data flows or full copy of the company data flows.

Fast access to data, search and analysis.

Low cost of storage in comparison with other similar solutions.

Garda Enterprise collects data from different sources (network traffic, mail servers, users’ workstations, etc.) and keeps it in the storage for further processing and analysis.

Data storage

Back to contents

Monitor all possible data transfer channels.

Garda Enterprise supports the following network protocols:

Mail and news protocolsSMTP; SMTPs; IMAP4; POP3; POP3s; MAPI; NNTP; S/MIME: MS Exchange. HTTP, HTTPs (GET and POST methods) v 1.0, v 1.1. FTP, FTP over HTTP, Tunneling protocols (IP-in-IP, L2TP, PPTP, PPoE), Telnet, Kerberos 5 authentication protocol

MessengersOSCAR (ICQ v7, v 8, v9); HTTPIM (messaging in social networks); MSNP v.12, v.13 (MSN Messenger, Windows Live Messenger); YMSG v9.0.0.2034 (Yahoo Messenger Protocol); IRC; MMP (Mail.Ru Agent); Skype (text messaging and file exchange); MS Lync; XMPP (Google Talk, Jabber QIP, SMS)

VoIP telephonySIP v .2.0 (RFC 2543bis/3261); SDP, H.323 v .2; H.245 v .7; H.225 v .4; T.38; Megaco/H248; MGCP, SKINNY; H.263 ABC; H.264 (single NAL unit mode), including video calls. Each VoIP session can be stored as a full dialog or can be split by channels (both incoming and outgoing calls)

File sharing networksBitTorent (standard 11031); Gnutella (v0.6); E-Mule (v0.49b);Direct Connect Protocol (dc++ v0.707)

Traffic handling

Back to contents

Ensure all-round monitoring of your staff workstations. In addition to in-depth analysis of communications and information about the usage of software and peripherals, Garda Enterprise provides a wide set of capabilities for user workstation monitoring.

Features of the workstation agent:

Scheduled captures of the screen;

Logging of applications run by users with time tracking;

Blocking of unwelcome applications (separately and by categories);

Monitoring of files sent to printer (interception, covert copying);

Key logging;

Blocking of file transfer over Skype;

Blocking of removable devices (internal and external);

White lists of external devices with permissions for reading/writing data;

Covert copying of data transferred to external devices;

Workstation monitoring

Back to contents

Monitoring of traffic transferred over secure connections is ensured by a special module tapped into the protected network.

How it works

The module blocks HTTP and HTTPs connections to a pre-defined list of resources (by URLs). For instance, it can ban access to social networks and cloud storages.

Main features of the module:

Instant interception of data transferred over secure connections;

Possibility to use external SSL certificates;

Bypass adapter for increased fault-tolerance.

Back to contents

Monitoring and blocking traffic flowing over secure connections

The Garda Enterprise web interface was designed with a deep understanding of the tasks of information security officers and provides maximum efficiency and ease of use.

The web interface features the following pages:

Main page — shows the current status of information security in the company — latest incidents, detected irregularities, general statistics.

Policies — serves for configuration of security policies.

Employees— displays the list of employees, their personal profiles and latest activities.

Search — the page where the user can search intercepted data for the objects of interest (messages, documents, visited web pages, etc.), group them and use searches for policy creation.

Reports — multi-level graphical reports with exhaustive statistics

Settings — system settings, workstation agent management (including installation and removal).

System management

Back to contents

A unique reporting system allows IS officers to not only monitor how company’s sensitive data is being used, but also to detect irregularities in the information flows and predict potential leaks.

See next slide for details.

Analytical capabilities

Back to contents

Interactive

All data displayed in graphical reports are interactive and allow IS officers to “drill down” to a specific object (email message, web page, IM dialog, etc.).

Real-time

All reports are generated in real time. When drawing up interactive diagrams of data flows and staff contacts you can just drag-and-drop the object of interest into the report area, the rest will be done by Garda Enterprise.

Big data

The use of the latest big data technologies provides great analytical capabilities. The system generates a variety of reports, both general and incident-specific reports for investigations.

In addition to information security aspects, Garda Enterprise allows monitoring of staff productivity by revealing facts of improper activities during office hours.

Details:

Analytical capabilities

Back to contents

The reporting mechanism is implemented with the use of the drill-down approach — from a summary report you can move to a more detailed one and eventually right to a specific information object.

Reports allow IS officers to detect deviations in the statistical picture of information exchange between employees and track important trends.

Statistical reports

Back to contents

This interactive diagram shows the cloud of both internal and external contacts of an employee, communication intensity and means.

Employees’ contacts

Back to contents

Save your time on routine tasks. Garda Enterprise automatically fills-in employees profiles.

Click over the person of interest to view his/her:

Account names in different services

Activity statistics

Latest actions 

For better monitoring results, you can manually enter additional data.

Employees’ profiles

Back to contents

Visual representation of all data movements starting from first communication inside the company till the moment it is passed outside.

Diagrams show both engaged employees and communication means and allow IS officers to quickly investigate incidents, reveal insider threats and find employees who got unauthorized access to sensitive data before it leaks out.

Data dissemination diagrams

Back to contents

Garda Enterprise uses the most efficient technologies of data analysis

Search for similar documents

Search for specific documents and their fragments in the volumes of data exchanged by users. Ensures detection of unauthorized access and dissemination of sensitive information.

Patterns (regular expressions)

The use of patterns allows scanning data flows for such data as passport and credit card numbers, email addresses, etc. Ensures detection of personal data, financial documents.

Linguistic analysis

Advanced linguistic analysis algorithms ensure quick and efficient search for required data using built-in search engine. Also these algorithms increase the efficiency of policy operation.

Methods of analysis

Back to contents

First DLP solution using technologies for storing and analysis of Big Data

Fast and user friendly web interface

Stores all the company data

Powerful analytical system with predictive capabilities

Efficient interception on all major communication channels

Control over removable devices

Monitoring of VoIP services

All sorts of reports even for the most demanding users

Productivity monitoring

Back to contents

Garda Enterprise —

Advantages

A full-functional system (including workstation agents management, monitoring of HTTPS, interception and analysis of traffic, data storage) runs on a 1U\3U or 4U server depending on the number of monitored workstations and required storage period.

Example

A system for monitoring of 400 workstations and 6-month storage period runs on a 1U server.

Hardware and software requirements

Back to contents

Up to100 Mb/s

до 104 cores8 GB RAM1 TB HDD (data storage period: up to 1 month)

Up to1000 Mb/s до 10016 cores32  GB RAM1 TB HDD (data storage period: up to 7 days)

Traffic rate Number of workstations Hardware requirements

Recommended hardware requirements for trial deployment:

Back to contents

1. Audit of information resources

On the first stage our specialists will study your requirements for the DLP system and analyze your information infrastructure. Based on this data we will develop a set of security policies tailored specifically for your company

2. DLP deployment

Soon after deployment of Garda Enterprise you will experience its efficiency. Right of the box you will get a rich set of pre-configured policies and reports.

Within the first several days the system will learn and accommodate itself to your data flows to avoid false positives in the future.

3. Support

After commissioning of the solution, our technical support team will readily assist you with its configuration and further usage.

SupportMFI Soft provides comprehensive technical support of its DLP solutions at all stages of integration with the customers’ infrastructure.

Back to contents

20+ years in development of advanced solutions

Over 300 highly skilled specialists

In-house research center developing new strategic projects

1500 deployments

Quality management system certified for compliance with ISO 9001:2008 by the British Standards Institution (BSI)

Back to contents

Garda Enterpriseinfo@tida.su

+7 951 910 4052www.tida.su