Data Loss Prevention in the Banking Industry www.searchinform.ru Data Loss Prevention in the Banking Industry Leaks of sensitive data may not only weaken a bank’s competitive position, but also lead to negative attitude on the part of clients and competent state authorities. Loss of sensitive data on customers (both private and corporate) and/or their financial deals is surely the most dangerous type of data leaks. www.searchinform.ru Data Leaks Banking security officers lay a special emphasis on the following types of information security threats (data leaks): www.searchinform.ru Data Leaks A “dramatic” brain drain to rival companies. Employees planning to resign may take confidential data with them. Loss of corporate customer information. Banks usually offer special terms to major corporate clients. www.searchinform.ru Data Leaks Leakage of information on bank transactions, i.e. related parties, accounts and amounts transacted. If such data leaks are made public, a bank will most surely lose a lot of its clients and become a weaker competitor on the market. That is why controlling bank staff is a critical issue. www.searchinform.ru Data Leaks Internal messages, i.e. discussing team problems, mistakes, etc. may be of great use to rivals and other untrustworthy parties. ICQ and other instant messengers are usually used in a bank for such work-related conversations. Sensitive data may be exposed to employees who are not authorized to work with such information. www.searchinform.ru Data Leaks Leaks to the media. www.searchinform.ru Data Leaks Marketing programs and innovations being developed may also leak outside the bank. Exposure of investment plans to untrustworthy parties may ruin important commercial projects. www.searchinform.ru Data Leaks Banking security information exposed to third parties gives broad options to criminals. www.searchinform.ru Data Leaks Leakage of information on cash shifts (including cash loans) may lead to common robbery of clients or bill collectors. www.searchinform.ru SearchInform Solution SearchInform software solution is an ideal option for corporate clients enabling interception, analysis and control of internal data flows. Its major advantage over companies offering similar solutions is a proprietary similar-content search feature. You can use text fragments or entire documents as queries. The search will return either identical documents or documents similar in content or meaning. www.searchinform.ru Information Security Perimeter SearchInform Information Security Perimeter allows tracking data leaks through е-mail, ICQ, Skype, removable media (USB/CD), and printed documents. It can also find sensitive data-at-rest where they do not belong. www.searchinform.ru Information Security Perimeter SearchInform Information Security Perimeter incorporates several pieces of software providing unbiased and duly documented information on bank data flows within a limited time period. www.searchinform.ru Workstations Indexing SearchInform Server allows indexing data stored on every LAN PC. Administrator can choose any computer or disk for indexing. www.searchinform.ru Monitoring E-mail Traffic MailSniffer intercepts email traffic on a protocol level, indexes intercepted messages and provides search in them. The following protocols are supported: SMTP, POP3, IMAP, MAPI, and HTML. It allows tracking data leaks and backing up all corporate e-mail. Even if a message was advertently or inadvertently deleted, its content remains available for full-text search. www.searchinform.ru Monitoring E-mail Traffic MailSniffer intercepts HTTP traffic. It monitors messages sent through the following web-services: google.com, yahoo.com, etc. All intercepted data are stored in a database and available for search and analysis. www.searchinform.ru Monitoring HTTP Traffic HTTPSniffer intercepts HTTP traffic, i.e. messages of web-blogs and social networks. www.searchinform.ru Monitoring Instant Messaging Traffic IMSniffer intercepts messages of popular IM clients and saves them to a database you can search in afterwards using specific search modes (morphology, similar-content search, etc.). Limiting your search criteria is also possible (e.g. querying messages of two particular employees during a specific time interval). www.searchinform.ru Intercepting Skype Traffic SkypeSniffer is used to control Skype traffic, i.e. voice and text messages, as well as attached files. All intercepted data are saved to a database and are available for full-text search (with morphology and synonym analysis, similarcontent search, etc.). Limiting your search criteria is also possible (e.g. querying messages of two particular employees during a specific time interval). www.searchinform.ru Monitoring Removable Media Data DeviceSniffer is a software solution designed to intercept data recorded to USB, CD or DVD. All intercepted data are available for full-text search and unique similar-content search. This technology prevents data leaks through removable media. www.searchinform.ru Monitoring Printed-out Documents PrintSniffer monitors local and network printers and discovers sensitive information in printed documents. It monitors printed-out documents, indexes them and sends them to a database. Intercepting printed documents data allows not only to discover possible data leaks, but also find out if the printers are used as intended. www.searchinform.ru Access Rights Differentiation System Each component of company’s information security perimeter is in compliance with a single access rights differentiation system. It allows flexible configuration, and you can tune the rights to access intercepted documents any way you want it. www.searchinform.ru DataCenter DataCenter controls all the indexes created by Information Security Perimeter components. DataCenter enables you to • split indexes so as to speed up access to data; • schedule index splits on various parameters like size, document count, and time; • monitor operation of every Information Security Perimeter component and alert you on every found malfunction by email. www.searchinform.ru AlertCenter AlertCenter is a software solution uniting all Information Security Perimeter components into a single unit. It queries all data intercepted by Information Security Perimeter against a user-managed query list, and immediately notifies information security officers, should any violations of information security be discovered. This software application incorporates server console and AlertCenter client, which allows differentiating access rights to notifications and settings between information security officers. www.searchinform.ru AlertCenter AlertCenter is an independent application that can be connected to any index created by SearchInform products and can with a preset time interval scan a search index for user specified keywords. www.searchinform.ru AlertCenter AlertCenter client and other SearchInform applications allow security officers viewing incident-related documents and investigating the details of each incident. White user lists make it possible to exclude certain incidents from monitoring as they do not involve data leaks. Event and result logs show how efficient the fight against data leaks is. www.searchinform.ru Summary SearchInform solutions are successfully used in banks and financial organizations, state owned and large production, telecommunication and IT companies of Russia and neighboring countries. www.searchinform.ru Thank you for being with us! www.searchinform.ru