INFORMATION SECURITY

DATA LOSS PREVENTION & INSIDER THREAT SECURITY

Security
Officer
Program
Controller KeyLogger

Skype
Mail Controller
Controller

Print
Cloud Controller
Controller

IM Microphone
Controller Controller

HTTP Monitor
Controller Controller

Device FTP
Controller Controller

File Indexing
Controller Controller

www.searchinform.com www.gobind-tech.com
 1

Information Security Perimeter

Insiders and intruders may very well be the greatest security threat to business today, as they
have access to the most valuable asset information. SearchInform DLP is a solution that
protects businesses and other institutions against harmful insider activities, both intentional and
negligent, and against loss and leakage of sensitive information, all of which could lead to
serious financial losses and damage to reputation.

PERFORMANCE

1. The system controls virtually all information flows:

Scans the content of e-mails, messages, attachments, documents, archives, scanned copies

Controls social network interactions, messengers, blogs, forums, websites, comments

Monitors compliance with and enforces corporate security policies

Manages archives of intercepted information to provide for retrospective analysis necessary

during investigations

2. The system controls company resources and information:

Controls creating, moving, changing of confidential documents on computers and laptops

Keeps track of data copying to PC, external USB-drives, printing

Controls data upload from workstations to cloud services

3. The system monitors employee activities and behavior to help identify risk groups:

Detects disloyal, negatively-minded employees

Finds employees who are in search of a new job

Monitors work-load and productivity of employees, finds violators of working discipline

Helps to identify opinion leaders in the company and to find sources of gossip and
unprofessional conduct

To successfully fight against data leaks caused by negligence or malicious intent, all data
flows need to be captured and analyzed. SearchInform DLP technology allows to control the
maximum number of data channels available today, thus providing for the most reliable
comprehensive protection.
 2

System components
SearchInform DLP has the modular structure. Clients are able to combine modules depending on their
needs, but for the holistic information security it is recommended to use all the modules:

MailController IMController

Captures all correspondence sent and received
over SMTP, MAPI, POP3, IMAP, NNTP,
WebMail protocols. The module filters
information by any attribute
(sender/receiver/subject, etc.). MailController
works with mail clients and browsers, captures
incoming/outgoing messages.
For example:
Gmail Outlook.com
SearchInform IMController is used to capture
chats in social networks and messengers,
contact lists and history. Popular IM protocols
Viber, OSCAR MMP, MSN, and XMPP, IP
telephony, messengers and programs are
featured:
Viber
ICQ
QIP, etc.

Yandex.Mail Office 365, etc. The module also controls messaging in:
Google+ LinkedIn
MailController can block messages sent over
SMTP or in application that uses ICAP. Facebook Vk.com

HTTPController SkypeController

Captures files, messages sent over The module controls communication via
HTTP/HTTPS (Post/Get queries). The following Skype: messages, calls, SMS and files.
data channels are controlled:
The program saves messages in the database,
which allows you to conduct full-text search.
Web mail (over web interface)
SkypeController captures the history of all
Web blogs Skype communications. This feature provides
Web forums for investigating incidents that took place
before SearchInform DLP installation in the
Contact forms
company.
Web chats and browser IM clients
(ICQ, WLM, etc.)
Social networks

www.searchinform.com www.gobind-tech.com
 3 SearchInform DLP Components
MonitorController
The module makes screenshots and records video
of user activity during selected time intervals.
Information about active apps is captured along
with every screenshot. It links users and their
activities to screenshots on a time scale for easy
search.
Module features:
Controlling user monitors: making
screenshots, recording video
Making screenshots on schedule.
Configuring colors. Working with two
monitors
Making screenshots based on actions, like
when a user launches selected applications,
visits selected websites, etc.
Searching screenshots and videos by events:
program launch, document opening, etc.
LiveView monitoring up to 16 user
monitors in real time
PrintController
Monitors documents sent to local and network
printers. Text files are copied, scan copies are
captured as digital fingerprints and detected text.
Module features:
Statistics about printing on local and network
printers
Data leakage prevention: search for
documents with a seal
Evaluating appropriate use of printers by
employees
Creating electronic archive of printed
documents
www.searchinform.com
MicrophoneController
Records employee conversations in and out of
the office, on business trips or during meetings.
Recording is done with the help of any detected
microphone.
Module features:
Configurable quality, duration of recording,
noise reduction
Hidden control of employees talks
Recording is triggered when specified
processes are launched, tied security policies
LiveSound tune up to any microphone on
the network in live mode
Recording is triggered once human speech is
detected, using Voice Activity Detection
technology
DeviceController
Captures the data transmitted to removable
devices and tracks the facts of connecting such
devices. The module controls: USB, external
disks, CD/DVD-ROM, cameras and scanners,
printers and other devices.
Module features:
Blocking access to devices or ports
Restricting access to folders or local disks
Capturing content from connected
USB-flash devices
Encrypting data written to USB flash
devices
Blocking software launch from removable
devices
www.gobind-tech.com

ProgramController
Collects data on applications users work in
during the day as well as the amount of time
spent in each application. The system
automatically detects whether an application
simply runs in the background or the user really
works in it.
ProgramController provides similar statistics
for web sites. One of the advantages is an
automatic classification of web-sites: dating,
music, on-line shopping, etc. The module
already has more than one million of classified
web-sites, and the number is growing.
Workstation Indexing
The module is designed to monitor sensitive
information on workstations, file servers and
shared document storages (PCs, laptops). The
client application searches for information on
computers in the local networks, using
specified list of key words, phrases and even
text fragments.
Module features:
Selection of indexing part: computer, disks,
and folders
Search for new and changed information
for re-indexing
Search by content of deleted files
CloudController
Monitors cloud download and upload. Whether
an employee sends information via browser or
application SearchInform DLP controls both.
The list of cloud data storages includes:
Google Docs SharePoint
Office 365 Dropbox
Evernote Yandex Disk
www.searchinform.com
SearchInform DLP Components 4
FTPController
Captures documents sent and received via FTP
protocol, including encrypted connection
(FTPS).
Module features:
Monitoring encrypted and unencrypted FTP
traffic
Identification of users and their activity
Configured search
KeyLogger
The module captures key strokes and
information copied to clipboard. KeyLogger
allows capturing logins and passwords,
controlling activity on the high-risk resources.
The module also searches for employees who
use clipboard to enter passwords for
encrypted documents.
Module features:
Capturing key strokes
Capturing functional key strokes
Capturing text from clipboard
FileController
Monitors operations with files stored on
servers and in shared network folders. It
registers any operations executed by users
opening, copying, changing, deleting files, etc.
www.gobind-tech.com
 5 SearchInform DLP

FTP Cloud HTTP

Controller Controller Controller
Security
Officer

Pad / PC / VoIP Mail

IM
Controller Controller Alert Report
Center Center

Mirror
Switch

Internet Database
IWS Cloud Skype HTTP Device Monitor
Controller Controller Controller Controller Controller

Pad / PC / Notebook

IM Program
Controller Controller

File
EndpointSecurity Sniffer

Data SysAdmin
KeyLogger Print FTP File Mail Microphone
Center
Controller Controller Controller Controller Controller

Integration with Windows Domain Structure

Integration with Windows Domain Structure allows accurate identification of a user who is working on
the computer, changing and copying files, sending messages in a web-browser, chatting in messengers
and social networks hiding behind nicknames. Thus, activity of separate employees and entire
departments can be monitored.
 SearchInform DLP 6

Modular System
SearchInform DLP has a modular structure. All components are included in one of the two groups:
network SearchInform NetworkSecurity, and agent SearchInform EndpointSecurity.
SearchInform NetworkSecurity is a platform designed to capture data on the level of mirrored traffic
not affecting operation and performance of corporate network.
SearchInform EndpointSecurity is a platform designed to capture/quarantine traffic with the help of
workstation agents. Captured data is sent via the Internet or corporate network.

AlertCenter
AlertCenter is the brain center of the information security system. In it you can configure security
policies and enforce compliance. The module alerts designated security officers on all security
breaches.

DataCenter
DataCenter is a software unit designed to control and monitor status of indexes and databases
created by SearchInform DLP.

ReportCenter
ReportCenter is a robust analytics tool for advanced reporting on statistics, security incidents,
user activities, their connections with one another and the outside world. It offers highly
specialized analysis capabilities.

Access Rights Hierarchy

User rights to view and analyze intercepted data should be differentiated as a part of the information
security strategy. SearchInform DLP allows you to temporarily or permanently exclude selected
employees from being monitored, and differentiate security officers rights so that they only have
access to data directly related to their working duties.

www.searchinform.com www.gobind-tech.com
 7

Analytical Module

Full control of transmitted information comes with powerful business intelligence, to effectively
analyze all captured data, discover and remediate security breaches. Robust search engines which can
effectively work with all kinds of confidential information are integrated in SearchInform DLP.

High

Complex queries

Similar
content
search
Search efficiency

Regular expression Digital fingerprint

search search

Phrase Dictionary Attribute

search search search

Word search

Low High

Semantic match of results to the search query

 Analytical Module 8

SearchInform DLP supports the following search types:

1. Word search with morphology and synonym analysis

This search type allows to find documents with queried words and phrases in any word form and
located anywhere in the document.

2. Phrase search with optional locked word order and space between words
This search type allows analyzing documents by phrases, e.g. "first name last name", or fixed
definitions and not just separate words.

3. Dictionary search
This search type provides for finding documents or messages related to particular topics.
Professional and habitual lexicon and slang used in the context of various activities, e.g. bribes,
kick-backs, drug abuse, harassment, etc., can be added and edited as a query.

4. Similar-content search
This search type allows finding sensitive data even if it was heavily edited. You can use text
fragments or entire documents as queries. The search will return either identical documents or
documents similar in content or meaning.

5. Attribute search
This search type allows finding documents by their attributes format, sender name, etc. You can
also use it to monitor activity of certain domain users, IP addresses, e-mail addresses, etc.

6. Regular expression search

This search type allows tracing data recorded in patterns, like character or word sequences used in
personal data, financial documents or structured records.

7. Digital fingerprint search

This type of search allows making digital prints of confidential documents placed in a particular
folder. The search returns documents containing data from original groups of confidential
documents.

8. Complex queries
Complex queries include two or more simple search queries mentioned above combined with
logical operators AND, OR, AND NOT.

www.searchinform.com www.gobind-tech.com
 9

Security policies
SearchInform DLP features more than 150 ready-made security policies.

Common security policies

Relevant for any company:

Control of kick-backs and corruption

Management of positive social environment
Detection of risk groups tied to espionage, substance abuse, harassment, etc.
Protection of personal information: passports, IDs, credit cards, etc.
Monitoring of interactions with business rivals, former employees
Detection of visiting forbidden web-sites
The policies that SearchInform experts develop free of charge based on clients requirements.

Industry specific policies

Built for particular businesses:

Banking and finance

Mining and chemical industry
Transport and logistics
Gas supply, electric power supply, water supply
Construction
Telecom and communications

Individual security policies

These are the policies that experts of SearchInform develop cost-free according to
clients requirements.

Advantages of SearchInform products
SearchInform DLP can be easily
integrated into an existing local network
structure without any technical
complexities
SearchInform software can be installed within
several hours by our clients own IT specialists.
There is no need to provide your internal
sensitive data to SearchInform. SearchInform
DLP does not affect any information systems
used in the company.
Powerful analysis technology
Fast and flexible alerts, customizable without
engineers. Efficient protection of sensitive data
is achieved with the minimum expenses on
person-hours needed for data analysis.
Similar content search is a highly effective
technology that helps to capture data that
resembles given samples meaning-wise.
User access rights
Customizable hierarchy of user and access
rights for info-security staff.
Control and visualization of user
connections
Employee connections with one another and
third party are automatically revealed and
analyzed. It is a must-have for carrying out
investigations.
Remote laptops under control
LaptopController detects security breaches
through laptops used out of the office.
Monitoring workstations and shared
network folders
Discovery of sensitive data where it should not
appear or be stored.
www.searchinform.com
10
Archive of all captured data
Provides for retrospective analysis and
investigations, making it possible to restore
the sequence of events in the past.
End-to-end solution
SearchInform DLP controls virtually all data
channels in a company. Though its
multicomponent architecture allows you to
select any combination of modules to suit your
particulars.
Live control
SearchInform DLP can connect to user
monitors and/or microphones to detect
violations in real-time mode.
Deployment department and training
center
Working with more than 1600 diverse
companies helped us accumulate truly unique
experience in problem solving and
investigating complex cases. A unique set of
security policies and knowledge that perfectly
fit your company needs is what we deliver
along with our technology.
Included in Gartner Magic Quadrant for
Enterprise Data Loss Prevention
Experts at Gartner admit that SearchInform
DLP holds the dominant position on the
information security markets of Russia and the
CIS, and has a great potential for to go global.
Gartner emphasizes DLPs strong analytical
capabilities, convenient modular structure and
advanced image analysis.
www.gobind-tech.com
Contacts

Middle East, United Arab Emirates International Business Development and Partnerships
Narender Singh Sergei Yavchenko
Phones: Phones:
+971 (55) 548 0026 UK +44 207 043-71-52
+971 4 379 3565 RU +7 (910) 421-92-81 extension number 158
E-mail: sy@searchinform.com
E-mail: narender@gobind-tech.com
Head Office (Moscow, Russia) Saint Petersburg
8/1 Skatertnyi pereulok, building 1, offices 1-12, Kolomyazhskiy Prospekt, 27, lit. , office 27
Moscow, Russia, 121069 Phones:
Phones: +7 (812) 309-73-35
+7 (495) 721-84-06 +7 (495) 721-84-06, extension number 119
+7 (495) 721-84-06, extension number 125 (technical support) E-mail: e.judov@searchinform.ru
+7 (499) 703-04-57
E-mails: Minsk, Belarus
General inquiries info@searchinform.ru Izmailovskaya str., 30
Technical support support@searchinform.ru Phone: +375 (29) 649-77-79
Orders order@searchinform.ru E-mail: ab@searchinform.ru
Mass media pr@searchinform.ru
Almaty, Kazakhstan
Ekaterinburg Auezova str., 84, office 200
Serafimi Deryabinoy, 24, office 801
Phone: +7 (495) 721-84-06, extension number 137
Phones:
E-mail: d.stelchenko@searchinform.ru
+7 (495) 721-84-06, extension number 105 or 117
+7 (343) 344-50-88 Kiev, Ukraine
+7 (343) 344-51-38 Glubochitskaya str., 33-37, office 206

E-mail: a.popov@seachinform.ru Phone: +38 (067) 476-15-18

E-mail: a.bugaenko@searchinform.ru
Novosibirsk
Vladimirovskaya str., 2/1, office 109
Phone: +7 (495) 721-84-06, extension number 106
E-mail: n.sorokin@searchinform.ru

Saint Petersburg
Minsk
Moscow
Kiev
Kazan

Ekaterinburg

Novosibirsk
Khabarovsk

Almaty