Data Loss Prevention system based on DPI network traffic analysis

1. Data Loss Prevention
DLP System
Monitorium

2. Monitorium
• Protects confidential information and documents from
theft or accidental loss through internet transmission
• Monitors and analyzes content of outgoing IP traffic
• Detects and blocks security violating traffic
• Can limit corporate network users’ access to Internet
resources
• Different and complimentary to firewall and antivirus:
– Protects “content”, not PC hardware or internal network
– Protects against internal threats

3. Network installation

4. System characteristics
• Deep Packet Inspection (DPI) bases Level 7 network analysis
system
• Supported protocols: HTTP, FTP, TELNET, SMTP/POP/IMAP
• Applications:
– Webmail (Yandex, Mail.ru, Gmail, Rambler)
– IM (ICQ, Jabber, gtalk, mail.ru agent)
• File formats:
– txt, rtf, Microsoft Office (.doc, .xls, .docx, .xlsx), pdf, html,
XML, ps, zip, gz, 7z, rar, tar, bzip
• Content analysis: linguistic, regular expressions, dictionaries,
fingerprints, keyword matching, window hashing, stat. analysis
• Supported languages: Russian, English

5. Analyzed information
• Message sender address: MAC / IP address
• Message receiver address: IP address, hostname
• Message headers:
– Page url (www address, domain/host name)
– email address
– ICQ user name
• Message content:
– Search queries
– Blog, forum, social network posts
– Email texts
– IM chat texts
– Content of attached documents and archives

6. Interface: Event monitor

7. Security rules

8. Reports and statistics

9. Advantages of Trafica DLP system
• Real time protection and alerts
• Full content analysis
• Multiple monitoring points
• Easy network installation
• Detailed reports engine
• Full text incidents archive search
• Designed to be used by non-technical staff

10. Trafica LLC
• Founded 2008
• Central office in Moscow
• 15 people
• Email: info@trafica.ru