| Characteristics of CWAT Internal Data
Extrusion Prevention Measures |
| CWAT includes
separate network and PC monitoring components, which
allows for real-tiome detection and immediate automatic
response by each component to data extrusion
actions. | |
| |
| Because each
component has its own detection and response
capabilities, and because the system maintains
monitoring logs that provide proof of data extrusion
actions, they place no burden on network operating
resources. | |
| |
| Centralized
monitoring and control components provides for
centralized management of data extrusion prevention
policies, and optimal time distribution to the separate
monitoring components facilitates operations
management. | |
| |
| Data extrusion
prevention policies are stored on the PC along with the
monitoring component, which provides the same detection
and automatic response capabilities when PCs are taken
off the network as when they are on the
network. | |
| |
| An artificial
intelligence engine studies and learns normal PC
operation patterns so it can detect abnormal behavior
associated with operations and data extrusion attempts
that would not be detected by organization-specific
policy settings. | |
| |
Events Monitored by CWAT
CWAT
registers PCs and users to be monitored and sets policies for
data extrusion attempts. This enables CWAT to monitor the
following events in relation to both PCs and users:
- User login
- Terminal usage
- New external device connections
- External device connections
- Write attempts to external media
- File operations
- Application operations
- PrintScreen operations
- Network activity
- Unregistered terminal connections
- Stolen terminal connections
- Suspicious activities (abnormal behavior)
- E-mail and Web mail (optional)
- Encryption activities (optional)
- Printing operations (optional)
|
