Core Technology of DLP - Protection of the Data (regardless of the device or file)
Based on patent-pending, proprietary technology, the GTB Inspector, a Reverse Content-Aware Firewall TM prevents the loss of confidential or protected data from your network to the Internet over a whole range of network protocols, applications, data formats and usage scenarios. An attempted data leak is blocked, even if the protected data was altered from its original form through format conversion, copying, extracting, embedding, re-typing, compression, file extension changes etc.
Technology Foundation - A Context & Content Aware Reverse Firewall
The key to the GTB Security System is its proprietary, patent pending Data AccuMatch detection algorithms, which allow the GTB Inspector to detect and match pre defined data with unprecedented accuracy and speed. A flexible rules engine allows an Administrator to specify a wide range of compliance rules, based on users, computers, protocols and other parameters. GTB Inspector was designed from the ground up for information leak detection and prevention.
Both text and binary data are protected. Both structured data (social security numbers, credit card numbers, bank accounts etc.) and unstructured data (reports, memos, designs, source code, agreements etc.) are protected. Within documents, both visible and invisible data is protected.
The Unique Features of GTB's Detection Technology - A Unified Data Centric Policy Approach
Core Detection & Analysis Algorithms
Methods for describing sensitive content are abundant. They can be divided into two categories: precise methods and imprecise methods.
Precise methods are,by definition, those that involve Content Registration and trigger almost zero false positive incidents.
All other methods are imprecise. They include: keywords, lexicons, regular expressions, extended regular expressions, meta data tags, bayesian analysis, statisical analysis such as Machine Learning, etc.
Combined with the proprietary algorithms, GTB's detection algorithm has virtually zero false positives and very high resilience to data modifications including: excerpting, inserting, file type conversion, formatting, ASCII ->UNICODE conversion, UNIX–Windows conversion, etc.
Real-time detection is an important aspect of all DLP components, i.e., Network, eDiscovery and content-aware Endpoint protection. The GTB detection technology has the rare capability of real time inspection and detection of secure content. The unique advantage of Real-Time inspection is the ability to prevent data loss over the network on any protocol. This is in stark contrast to competing solutions which can prevent data loss/Leak (i.e.block a violating transmission) only on non-Real-time protocols: SMTP via MTA, HTTP/S or FTP via a proxy and/or ICAP server.
The GTB DLP Suite uses a different, proprietary technique for file cracking from its competitors. The process does not require knowledge of the file type, or the location of the beginning of the file or its end in the datastream.
The GTB detection engine is also able to determine the language and encoding, based on the content, in situations where the file format and metadata do not provide this information.
The main advantage of the GTB filecracking technology becomes obvious when a third party technology does not support newly introduced filetypes as was the case with the introduction of Office 2007. It took competing vendors almost a full year to keep up at that time.
Being both Port & Protocol Independant, unauthorized transmission attempts either active (e-mail, instant messages) or passive (exposing data through a web server or shared folders) covered; including protection against unauthorized printing of documents, containing any secured data.
A sampling are:
All document file types (regardless of size) and most conversions are protected, including: