The technical layer includes physical, hardware, cryptographic and software protection.
More about the technical level of protection of confidential information
At the level of physical protection, buildings, internal premises and territory are protected, as well as equipment and documents are protected from unauthorized access to them. In addition, the physical layer includes protection against surveillance and eavesdropping. Such protection is provided with the help of mechanical barriers, sensors, video cameras, personal identification tools, etc.
Hardware protection is provided, for example, by indicators of electromagnetic radiation or complexes for detecting radio patches and other devices. Also, hardware can be used at different levels of the network: in RAM, input and output controllers, central processing units, etc.
They help to identify possible channels of information leakage, to see where the company's security "weaknesses" are, to find means of industrial espionage, etc.
Cryptographic protection is based on encrypting physical and virtual storage media so that only the owner of the decryption key can read the content. Encryption is a reliable tool, although it does not provide one hundred percent protection, as it can be hacked.
The software level of protection is most often represented by a DLP system. The main task of a DLP system is to prevent data leakage. Using SecureTower as an example, let's see how it does it.
At the beginning of work, the security officer shows the system which data is confidential and enters into it those actions that cannot be performed with these documents. For example, they cannot be printed or sent to individuals outside the corporate network. In the event of a violation, SecureTower will notify the manager or security officer of this.
The DLP system controls all communication channels: websites, cloud storage, email, IP telephony, social networks, network storage, clipboard, instant messengers, FTP, USB devices, network and local printers.
All actions of the employee SecureTower analyzes for violation of security rules. It shows what the employee was doing during the day: what sites he visited, what programs he used, when he was away, etc.
With the help of the system, you can see who interacts with whom and what employees are talking about. If an employee contacts a person who is not authorized in the network, the system creates a profile for him. Thus, you can track the interaction of an employee with this person: what they corresponded about, whether they sent each other any documents, what kind of documents they were, etc.
With the help of the system, you can see who interacts at working place and what employees are talking about. If an employee contacts a person who is not authorized in the network, the system creates a profile for him. Thus, you can track the interaction of an employee with this person: what they corresponded about, whether they sent each other any documents, what kind of documents they were, etc.
The system can analyze files and documents by content:
When analyzing text files, SecureTower takes into account the morphological features of the language. She can analyze text with grammatical errors or written in transliteration.
The system can recognize text on images, as well as stamps and seals.
SecureTower can recognize speech and analyze voice messages and calls.
SecureTower can recognize bank cards, passport photos and internal documents.
You can also block the transmission of documents of a specific format, a specific file, a document with specific content, documents with stamps, etc.
If the security rules have worked, and their level of risk is high, then all the above functionality will help in the investigation of the incident, as well as the following features of SecureTower:
Inside the system, the security officer creates a case in which he can record the progress of the investigation, save all files, correspondence, records related to him, and, after the investigation, make a report for managers. The collected data can be used in court as an evidence base.
SecureTower stores all information in an archive. If it is removed from the device, recovery will be possible using the system. This is especially useful if the attack was carried out by a hacker and the network was encrypted with ransomware, or if an employee tried to get rid of “evidence”.
Protection of confidential information will never be one hundred percent. However, if you take care of the proper organization of each level, then you can minimize the risk of leaks or have time to prevent it in time.