Structure and description of the system

Subsystem of data collection Ethernet sniffer module performs copying of the data transmitted via a telecommunication network (communication channel) and sending to the Subsystem of storage and processing. Copying is carried out in a continuous mode, in accordance with target rules.
Subsystem of storage and processing Coordinating module receives information from the Subsystem of data collection and places it in the working database of the system.
Decoding module restores the transmitted objects (letters, requests, and files) from the initial data received from Subsystem of data collection.
Analysis module* is intended for checking the objects, formed by the decoding module if they contain any confidential information. With the help of this module information received is classified in accordance with prescribed rules of control. The system provides two types of analysis:

  1. Content analysis – morphological analysis of text content of data object.
  2. Object level analysis — analysis of the formal details of data object (for example, IP-address = 10.28.1.72, E-mail = ivanov@mail.ru, etc.).
Event module is intended to perform predefined actions in case violation of security policy takes place. An indication of violation is assignment to a particular rubric or establishment of compliance between the data object and the user under monitoring. The way to react is to send a notice to the security officer. The notice may include the text of the object where violation occurs.
Administrator Interface is designed to set up operation of the system modules (setting up the rules of data collection, data archiving), as well as to monitor the status of the system as a whole and each module separately.
Analyst Interface is designed to control the outcome of the system and setting up the rules to control information (rubrics of and the list of users under surveillance). The analyst has the ability to filter information, see the detailed contents of the data object the object and export of objects under interest for further analysis outside the system.

Archive

is intended for long-term storage of all information processed by the system. If needed information from the Archive can be retrieved and subjected to additional, more detailed, processing.

* – a software component ABBYY Retrieval & Morphology Engine © 2000 ABBYY is used in the Module. ABBYY is registered trademark of ABBYY Software Ltd.