Блок 4 Создание политик защиты данных в InfoWatch Traffic Monitor

Name: Блок 4 Создание политик защиты данных в InfoWatch Traffic Monitor
Uploaded: 2025-02-09T10:31:40.000Z
Duration: 2 h 4 min 48 s
Description: 1_Вводное видео 2_Работа с технологиями Traffic Monitor 3_Объекты защиты 4_Создание политик защиты данных 5_Нарушение политик защиты данных 6_События 7_Сводка 8_Отчёты 9_Автолингвист 10_Поиск аналогов и образцов

Creating Data Protection Policies in InfoWatch Traffic Monitor

Overview of Data Protection Policies

The session focuses on creating a new data protection policy, emphasizing the need to intercept data based on the classification of protected objects.

Protected data includes terms, words, combinations, text objects, and specific formats defined by regular expressions.

Types of Digital Prints

Various forms of digital prints are discussed:

Long documents and their content fingerprints.

Fixed structure forms and their digital prints.

Database exports that define certain columns and combinations as digital prints.

Graphic objects categorized under predefined categories.

Technologies for Data Protection

The AutoLingvist technology is introduced for forming a content filtering database based on identified data.

The creation of a new data protection policy begins with selecting applicable technologies: category and terms technology, text object technology, and database export technology.

Setting Up Policy Parameters

Objects exceeding established perimeter containing confidential information will be considered violations of the data protection policy.

Rules for transferring and copying data must be configured alongside agent-based protection rules. Only two technologies (category/terms and text objects) can be used at this stage.

Demonstration of Policy Violation

A demonstration follows showing how created policies can be violated. Results will be evaluated through summaries, events, and reports sections.

Implementing Category Terms Technology

Adding New Categories

A new category named "GDPR" is added to existing preset categories by clicking the plus sign to create it.

Several terms are added under this category; the first term being "home address," which serves as a characteristic term for categorization.

Importance of Characteristic Terms

If no characteristic terms exist in a document, weight counting of terms is utilized to determine its category affiliation.

At least three weighted terms are required if there are no characteristic terms present for proper categorization.

Weight Assignment for Terms

Role of Linguists in Weight Assignment

Linguists play a crucial role in correctly assigning weights to each term to avoid false positives during analysis.

Default weight options or assistance from linguists can help ensure accurate weight assignment when uncertain about appropriate values.

Configuring Term Characteristics

Users can specify allowable character counts between term words using curly braces for minimum and maximum values before finalizing term addition.

Utilizing Text Object Technology

Creating New Text Objects

Transitioning to text object technology involves selecting existing text objects or creating new ones like "important data."

Editing Text Objects

After creation, users can edit these objects by adding templates either as strings or regular expressions depending on requirements.

Regular Expressions in Text Object Creation

Defining Regular Expressions

An example shows how to set up an email address detection string within the system using editing mode with specified values like "example@company.com."

Testing Regular Expressions

Creating Data Protection Objects

Utilizing Predefined Regular Expressions and Database Exports

The discussion begins with the use of predefined regular expressions for identifying Russian Federation passports, both domestic and international.

A new database export is created, named "db," to facilitate data management. The process of saving and loading the database is highlighted.

Exploring Database Conditions

Inside the loaded database, fields such as title and description are available for editing, along with detection conditions that can be customized.

Detection conditions can include logical operators like AND (конюнция) and OR (дезюнция), allowing for complex queries based on multiple columns.

Customizing Detection Conditions

It is noted that data from the loaded databases can be detected not only in CSV files but also in Excel files and HTML documents.

The next step involves creating protection objects based on selected technologies, specifically within a newly created GDPR catalog.

Defining Protection Object Criteria

The session emphasizes using text objects related to RF passports as detection criteria for the protection object being created.

Logical conditions are established where terms from the GDPR category or passport types trigger detection actions.

Finalizing Protection Objects

When adding new conditions, an automatic logical OR is applied; however, adding elements within a condition defaults to logical AND connections.

Two protection objects are created: one standard object and another designed to operate on agents using specific technologies.

Implementing Data Protection Policies

Creating Data Protection Policies

The video transitions into creating data protection policies applicable both generally and specifically for agents.

Creating Data Protection Policies

Introduction to Data Protection Policy

The discussion begins with the creation of a new data protection policy named "GDPR Data Protection Policy."

A catalog for GDPR protection objects has been established, including specific protected data types.

Setting Up Rules for Data Transmission

Five main rules are outlined: transmission, copying, storage, application work, and file operations.

The first rule focuses on data transmission; it allows any sender but restricts recipients to those outside the domain demotochek.com.

Defining Specific Transmission Rules

A high threat level is assigned if documents are sent outside the specified domain.

Another rule specifies that emails from any sender to partner.com will trigger a medium-level violation if confidential data is transmitted.

Additional Rules for Group Restrictions

A new rule states that if members of group V send confidential information to anyone else, it will be considered a low-level violation.

This emphasizes the importance of internal group communication regarding sensitive information.

Copying and Storage Regulations

A copying rule indicates that any copying action involving confidential information will result in a high-level violation notification.

Storage rules dictate that storing confidential information by anyone outside group V is classified as a medium threat.

Clipboard and Application Work Rules

Clipboard actions involving protected data will trigger high-level violations upon detection.

The final step involves setting up device monitoring rules for file operations within applications.

Implementing Agent-Specific Policies

New Agent-Based Data Protection Policy

A new policy titled "Agent Data Protection Policy" is created focusing on agent-specific protections.

Understanding Object Visibility Limitations

It’s noted that standard protection agents do not appear due to database unloading technology requirements.

Configuring Email Transmission Rules for Agents

An email transmission rule is set where sending confidential information to competitors (e.g., enemy.com) results in blocking actions with high-level violations.

Importance of Monitoring Violations Carefully

Caution is advised when assigning block verdict statuses as they may disrupt business processes.

Finalizing Configuration Changes

GDPR Policy Violations and Data Protection Techniques

Overview of Data Protection Policies

The video discusses the implementation of data protection policies, specifically focusing on GDPR violations. It references previous content where two types of data protection policies were created: a standard policy and an agent-based policy.

The presenter mentions the use of specific technologies such as categories, terms, text objects, and database exports in creating these policies.

Demonstrating Policy Violations

A demonstration begins with accessing sensitive data to test how violations are logged. The first action involves sending this sensitive information for printing.

An email is sent to a test domain (testpartner.com), which triggers a medium-level violation due to existing transfer rules associated with that domain.

Testing Agent-Based Policies

Another email is attempted to be sent to a hostile domain (test@a.m.com). This action aims to test the effectiveness of the agent-based data protection policy against unauthorized data sharing.

The attempt fails as the agent's policy blocks the transmission of sensitive information, preventing even draft saving in the email client.

Monitoring Violations in Traffic Console

Future videos will explore how these violations appear in the traffic monitor console, including sections like summary, events, and reports.

Events are defined as intercepted network traffic instances caused by actions such as employee data transfers or public postings. A list of events is generated based on user queries.

Creating Custom Queries for Event Management

Users can create folders for organizing queries; a new folder named "GDPR" is established with specific access rights assigned.

Within this folder, both standard and advanced queries can be created. Standard mode allows users to specify search parameters while applying logical conditions.

Advanced Query Configuration

In advanced query mode, users can combine conditions using logical operators and define query parameters more flexibly.

GDPR Data Protection Policies and Event Management

Creating a Query with Advanced Syntax

The discussion begins with selecting GDPR and its parameters, specifically focusing on OЗ (Operational Zones) and agents. A new group of parameters is introduced to formulate a query using advanced syntax.

Logical operators are explained, where the dash represents "OR" and parentheses indicate grouping. An additional condition regarding policy violations is suggested for inclusion in the query.

Defining Conditions for Data Selection

The conditions for data selection include checking if the event text contains home or work addresses, or if GDPR data protection policies are triggered. This will ensure relevant events are captured in the query.

The event tile provides an overview of each incident, including identification number, date/time, attachment count, and violation level indicated by color coding: red (high), yellow (medium), green (low), gray (no violation).

Event Tile Details

Additional information on the event tile includes device policies, descriptions, senders/recipients, type of event, user decisions, verdict status. Users can modify verdicts at any time based on their assessment of whether an event constitutes a violation.

The event tile can be displayed as either a table or list format. Brief and detailed views provide different levels of information about each incident.

Viewing Event Details

In brief view mode, key attributes such as ID, violation level indicators, type of event are shown along with options to download shadow copies of events.

Detailed view includes comprehensive information about senders/recipients involved in incidents along with triggered policies and protective objects.

Content Analysis within Events

The content area displays email text or attachments; highlighted results show triggered objects in red while search results appear in green. Color indicators help identify protective measures activated during analysis.

For clipboard events that generated screenshots during copy-paste actions may also be displayed. Users can save selected files directly from this interface.

Summary Section Overview

Statistical Insights into Violations

The summary section presents statistical insights into violations through widgets organized by themes for efficient monitoring. Default widgets include trends in violations and top offenders.

Overview of Widget Functionality in Data Analysis

Adding and Customizing Widgets

Users can add widgets to their dashboard by selecting desired statistics, such as policy statistics or violation dynamics.

The layout of the widgets can be customized into different column formats for better visibility and organization.

Analyzing Violation Dynamics

The "Violation Dynamics" widget displays trends over a specified period, like the last seven days, highlighting high and medium-level violations.

Users can interact with specific rules to see how they affect the data displayed in the widget, allowing for detailed analysis of rule violations.

Exploring Object Statistics

In the "Object Statistics" section, users can filter results based on specific rules to analyze violations related to particular protection objects.

Data Exporting Capabilities

Users have the option to export widget data into HTML or PDF formats by selecting relevant widgets and clicking on the "Export" button.

Reports Section Introduction

The reports section contains a list of reports that visualize statistical data about intercepted objects through graphs and charts.

Organizing Reports with Folders

Creating and Managing Folders

Users can create folders to organize reports thematically, which helps manage access permissions effectively across multiple reports.

Steps for Folder Creation

To create a new folder, users click on "+" and name it accordingly. Permissions for viewing or executing tasks can also be set during this process.

Generating New Reports

Report Creation Process

After creating a folder, users can generate new reports by adding various widgets tailored to their analytical needs.

Widget Configuration

Each widget allows selection of statistical types (e.g., event types), enabling customization such as pie charts or bar graphs based on user-defined queries.

Saving Reports

Overview of Reporting and Document Management Features

Report Generation and Management

Users can navigate to events by clicking an arrow, generating a request for detailed insights into all events related to their widget.

Reports can be copied, deleted, or edited, allowing users to modify existing reports as needed. The session concludes with thanks for attention and anticipation of future videos.

Introduction to Autolingvist Technology

Autolingvist is a thematic classifier that can be automatically configured based on company documents, ideal for managing large sets of standard documents across various categories like accounting and logistics.

Navigating Autolingvist

To access Autolingvist, users must select it from the technology menu; pre-trained categories are available, and users can create custom categories by adding files for training.

Documents can be dragged between categories using a mouse interface; new categories require naming and description before saving.

Training the Classifier

After adding documents to a category, users initiate training by clicking the training button; this process may take several minutes.

Upon completion of training, notifications indicate success along with quality metrics for each category. High similarity among documents in a category results in better classification accuracy.

Applying Configurations and Checking Document Categories

Users apply configurations through the upper menu; document quantity and content significantly affect classifier performance—more similar-themed documents yield better results.

To check document categorization accuracy, users select "check document," which displays percentage affiliation with selected categories.

Best Practices for Classification Accuracy

A category will only appear in results if the minimum threshold for document affiliation is 10% or higher. It’s recommended to group documents in one language within a single category; both English and Russian are supported.

Finding Document Versions: Analogs vs Samples

Utilizing Search Tools

The tool allows tracking all versions of nested documents during investigations involving employee actions or incidents where documents have left company premises.

Integration Requirements

Before utilizing the analog search function, integration with data analysis servers is necessary; this enables functionality post-integration setup within traffic monitoring systems.

Understanding Analogous Documents

"Analogs" refer to documents sharing similar terms but differing structures (e.g., supply contracts from different suppliers), while "samples" denote structurally identical documents created from the same template but varying slightly in wording.

Executing Searches

In Traffic Monitor's web console under events, selecting text-containing events leads to options for finding analogues or samples after clicking on relevant attachments.

Document Presentation Overview

Key Insights on Document Display