Like many products in this group review, the CWAT (Cybercrime, Warning, Alert, Termination) product takes a modular approach to data leakage prevention. CWAT consists of four parts: the OM (Organization Monitor), the SDC (Segment Defense Controller), the OPDC (Operation Defense Controller), and the UDC (Unknown terminal Defense Controller). These work together to perform basic data leakage protection function. Perhaps the most vital component is the OM, which serves as a centralized management console allowing the administrator to create, modify and monitor policy settings.
The OM can send an email for a manual response from security personnel. Regardless of the human interaction, the OM will create an audit log record, which contains enough information to make the OM a viable source of forensic information.
Another component of the CWAT product is the OPDC. This module monitors normal traffic to create a baseline of normal network usage per user. The OPDC also looks for local system policy violations and "suspicious network operations." It contains a log repository with entries about monitored systems. The OPDC can take action against the suspicious system or it can merely log the information.
The UDC looks for new systems attached to the network and begins the client enrollment process. Most extrusion detection packages include more features.
The modules of the CWAT do not provide complete coverage from data leakage. To enhance this protection there are several additional modules that can be purchased. The first module to start with is the mail option. This feature monitors the contents of outgoing emails and block email messages which have confi dential data, spam and viruses. The mail module also monitors the contents of web mails (HTTPS, SSL), BBS and file-sharing services, and stops the operation if necessary.
The encryption module requires data encryption of sensitive data if it is to be stored on portable media, while the anti-theft module will expire passwords to the system after a certain number of incorrect login attempts.
Pricing is $5,500, plus $200 per client, with a 15 percent maintenance charge. This makes it a higher priced option toward the upper end of the spectrum.
The OM can send an email for a manual response from security personnel. Regardless of the human interaction, the OM will create an audit log record, which contains enough information to make the OM a viable source of forensic information.
Another component of the CWAT product is the OPDC. This module monitors normal traffic to create a baseline of normal network usage per user. The OPDC also looks for local system policy violations and "suspicious network operations." It contains a log repository with entries about monitored systems. The OPDC can take action against the suspicious system or it can merely log the information.
The UDC looks for new systems attached to the network and begins the client enrollment process. Most extrusion detection packages include more features.
The modules of the CWAT do not provide complete coverage from data leakage. To enhance this protection there are several additional modules that can be purchased. The first module to start with is the mail option. This feature monitors the contents of outgoing emails and block email messages which have confi dential data, spam and viruses. The mail module also monitors the contents of web mails (HTTPS, SSL), BBS and file-sharing services, and stops the operation if necessary.
The encryption module requires data encryption of sensitive data if it is to be stored on portable media, while the anti-theft module will expire passwords to the system after a certain number of incorrect login attempts.
Pricing is $5,500, plus $200 per client, with a 15 percent maintenance charge. This makes it a higher priced option toward the upper end of the spectrum.
