Questions about capabilities

Questions about capabilities

• Is it possible to lock up messages, sent by e-mail, by means of SecureTower?

  Yes, the possibility of lock-up of messages, sent by users by e-mail, is implemented in SecureTower, including those, transferred by means of the secured protocols.

• Is it possible to install SecureTower in the network, without notifying the system administrator?

  To install SecureTower, you require the administrator’s rights on the local server, as well as remote computers, where the agents will be installed. If you have such rights, you do not have to inform the system administrator. This enables control of activities of all employees, including the system administrators, regarding compliance with the corporate policy, by the information security department specialists.

• Can SecureTower lock up file transfer to external media?

  Yes, SecureTower provides lock-up of file transfer to external media. Besides, you can assign users, that cannot copy data on the external media, determine “prohibited” file extensions or device types.

• Can SecureTower operate, if the company’s offices are located in different cities / regions / countries?

  Yes, SecureTower supports operation in companies with the geographically-distributed office structures. The software provides control of different communication channels, as well as monitoring of the staff activities, using a remote access to several resources or combining all analyzed data into a single centralized storage.

• How does SecureTower identify that the confidential document is transferred?

  The technologies, used in SecureTower for the data analysis, minimize false responses of the system to the incidents, related to violation of the security policy, established in the company. The software can check the documents, sent through a network, regarding their attributes and content, using the preliminary determined key words, taking into account the morphology. SecureTower can also carry out an analysis on the basis of regular phrases for sending of the data of a particular type, e.g., passport or credit card numbers. Besides, the software uses the digital fingerprint technology which functions are as follows: the system creates digital images of the confidential documents, saves them in the database, and then compares them with every document, transferred in the corporate network. In case of any matches, SecureTower sends notifications on the confidential documents transfer. The system also cap make digital fingerprints of entire databases. Moreover, sending of the confidential document of database by e-mail can be locked up.

• Does SecureTower capture encrypted data?

  Yes, the system captures and analyzes the information, transferred by means of secure protocols, using SSL/TLS encryption (HTTPS, FTPS, e-mail and messenger encrypted protocols). If any encrypted object is sent in the network (e.g., a password-protected archive), the system will capture it and send a notification on detection of such data. The software has an instrument, called a keylogger, which registers all button pressing on the users’ keyboards, which can be helpful in detecting of content of the encrypted documents.

• Is it possible to establish security rules for prohibition of access to some websites for users?

  Using such option as lock-up of HTTP/HTTPS requests, in SecureTower, you can prohibit users’ access of users to the websites, transition to which contradicts the corporate security policy.

• Is it possible to capture mail on postbox servers?

  Yes, the system allows capturing of the mail, sent through MS Exchange, as well as all other postbox servers (Lotus, Sendmail, etc.). It also supports capture of e-mail messages, sent and received by means of Microsoft Office 365 cloud service, which is especially important for SMB sector companies, that do not require use of physical servers.

• It is necessary to install the SecureTower agents on the workstations?

  If you need to capture and analyze only a usual non-encrypted traffic, the agents are not required. However, to capture the encrypted and Skype traffic, as well as for use of a wide range of the system options (screenshots and tracking of application activities on the users’ computers, control of the data, copied to external media and exchange buffer, as well as sent for printing, automatic matching of the particular information, etc.), it is necessary to install the agents on the workstations.

• Is it possible to conceal the fact of the agent presence on the user’s computer?

  Yes. It is possible to conceal the agent process and service, as well as the agent files and folders on conflict with some antiviral programs, therefore, change of their settings can be required.

• How are the SecureTower agents installed on the workstations?

  There are 3 ways of the SecureTower installation on the workstations of the employees: by means of the administrator’s console, group policies (GPO) or System Center Configuration Manager (SCCM) and with the use of an installer, started manually on the selected workstations. The agent installation is completely unnoticed by users. You can find the agent installation on the server with the SecureTower in folder C:\Program Files\Falcongaze SecureTower\EPA Control Server\Agent\. ReadMe.txt, and detailed installation instructions can also be find there.

• What will happen, if the company employee removes the agent from the computer?

  If the user removes the agent program from the computer, the SecureTower will automatically reinstall it on the workstation. Besides, the information on this incident can be tracked in a special window of agent status on the administrator’s console.

  There are a few options of the agent protection from deletion:

  1. the agent hiding. In this mode, the agent hides the service, catalogues and its process in the task manager. The user is not able to detect and, consequently, delete it;

  2. the agent protection from the process termination. In this mode, the agent is detectable in the task manager. If the user tries to terminate the process, a message, that it is an important system process and it is not recommended to terminate it, will be displayed. If the user still tries to perform the process termination, the computer will reboot.

• Which USB devices can be controlled by means of SecureTower?

  SecureTower provides control of a wide range of USB devices, from flash memory cards to mobile phones. Besides, access to the use of the external media can be both allowed and prohibited, creating the so-called white and black lists. E.g., if necessary, the use of only corporate USB devices can be allowed. Different parameters can be specified as a criterion: the device serial number, identifier of the manufacturer, product or device, device name or type. All settings can be applied both for individual users and entire departments. Moreover, there is a possibility of saving (shadow copy creation) of all data which the user records on the USB media.

• Is it possible to make reports on individual users?

  Yes, apart from the instruments for collection of the general quantitative parameters, as well as detection of users, more actively using different communication channels, the SecureTower system provides creation of individual reports for every network user. This type of reports allows obtaining of statistical data of the employees’ activities on the computers within the specified period, regarding a great number of criteria. Thus, the report contains the information on the employee’s working day duration, quantitative information on the websites, visited by the user, messages, sent through messengers and other statistical data.