With this in mind, version 9 of our solution takes a significant leap forward in bolstering our data protection capabilities with the inclusion of support for monitoring Windows users’ Microsoft Outlook email activity. Our newly released Agent (that runs on and monitors events on end-user systems) monitors and takes action on email activity, while new policies help define which activities should raise sensors and/or trigger an action. For example, policies can detect emails containing PII. Security operators are alerted to risky or non-compliant use of email by employees, with the option of real-time blocking of such activity if it is deemed to be high risk. This, combined with contextual information on user activity before and after the alert on email activity is seen, provides a powerful way of understanding what actually happened and the intent behind it. Did an employee copy confidential files from a network share, zip it, and send it to a competitor organization? Or was it a case of sending a file she was working on to her personal email to finish up work over the weekend? Does this employee often send work docs to their personal email? The context of user application, file, web and network activity cannot be gained by looking solely at email logs or dedicated email monitoring solutions.
So, what kind of email monitoring capabilities do we have and how can they help? We monitor inbound and outbound email activity and provide policies that can be configured to monitoring the following:
- Email header fields:
- Email subject content
- Email body content
- Email attachment content and size
Email policies can use optional blocking, blacklisting, or whitelisting capabilities on email header fields. Additionally, content inspection within the body or attachments can be used to audit and manage how confidential information is emailed outside of the organization. For example, is confidential information being emailed to foreign government agencies or competitors? Are documents with confidential project names being emailed outside of the organization? Are employees being non-compliant with Acceptable Use Policies (AUP) around email and handling of sensitive information? Are emails being received from known spam or phishing domains? By using our solution to both alert security operators to indicators of risk and non-compliance and provide in situ awareness and training to employees as necessary, you can significantly reduce insider risk. This seamless flow of integrating detection technology with compliance enforcement and process improvement allows for the easy adaption of different measures according to the situation.