Docs Security Suite

Docs Security Suite (DSS) is a new paradigm of IRM systems

Our comprehensive solution minimizes the risks of possible leakage of corporate information arising from the distribution of electronic and printed copies of documents. The main problems solved by DSS are the implementation of the information security regime adopted in the organization. Docs Security Suite is a new generation of IRM.

Questions

Are the requirements of the law “On Trade Secrets" fulfilled”
Where are electronic documents located, and who works with them?
Are confidential electronic documents protected in your company?

DSS is aimed at

protecting important information;
identification and classification of valuable data for the company;
determining access rights to resources;
unification of company documents with the possibility of investigation;
control of each operation to prevent misuse of data.

Tasks for Docs Security Suite (DSS)

Classification Labeling and classification of information

Access control Differentiation of access to information

Analytics Integration with DLP/SIEM to improve the accuracy of the rules in order to monitor / prevent information leaks

Unicalization Unification of documents with the possibility of investigating incidents

Encryption Encryption of critical documents

How Docs Security Suite (DSS) works

The program runs on the EndpointController platform - scans employees' PCs, network folders and transmits data for analysis to the server.

Flexible customization of the program taking into account the needs of the company

create rules for searching critical documents (by text, by file attributes);

set permissions and prohibitions on working with files by users, computers and applications;

select the schedule and scan conditions.

DSS modules and their purpose

Depending on the tasks facing the company, Docs Security Suite can be represented by the following modules:

DSS IRM is a module for marking Microsoft Office documents and access control

Purpose:

set a visual and hidden label to MS Office documents (Word, Excel, Power Point, Visio);
to differentiate users' access to electronic documents and labels in accordance with the regulations and policies of the Information security System in force in the organization for the operations of opening, saving and printing a document;
for each document, determine its location, as well as who, where and when worked with it;
recreate and systematize the entire history of document creation, regardless of the existing document management systems in the company;
restore the chain of creating versions, copies, drafts of a document from a blank sheet to its final version, including all shipments for printing;
provide the possibility of integration with DLP systems and reduce the percentage of false positives;
set an additional hidden label to the document session.

DSS DLP Integrations - Data Leak Protection Module

Purpose:

ability to work with various DLP systems
autolabeling of documents with the dss label received from the dlp system
marking of documents based on the analysis of the contents of the document, which is carried out inside the dlp system
ability to adjust the marking process
ability to configure the correspondence between the dss labels and the data that came from the dlp system
marking a document based on the level of criticality of the label

DSS Analytics - Analytics Module

Purpose:

Registration and display of events from client workstations performed on documents.
Based on the received data about the event / document, the possibility of analysis and identification of suspicious manipulations or activities.
Registration of system events produced by the system.
Displaying the history of document changes from child to parent.

DSS Uniqueization - module for steganography and document unicalization

Purpose:

hidden encoding of information in the document text while the user is working with doc\docx format documents;
hidden encoding of PDF documents using the "Circles" algorithm;
access control to the functionality of the unicalization and parameter settings are centralized from the server part of the system;
uniquely record the facts of opening documents with reference to the environment;
identification of the involvement of a particular user in the publication of internal documents of the company, which led to the leakage of confidential information;
increased recognition accuracy due to photo preprocessing.

DSS Classification

is a classification module whose task is to search for information, which consists in assigning a document to one of several categories based on the content\location of the document

classification of organizations' documents by location or content;
managing the classifier service on the system admin panel, generating templates for classification;
classification of documents in the following formats: doc, docx, xls, xlsx;
monitoring of actions depending on the type of classification performed;
organization of information in the organization;
does not depend on the language, terminology and context;
improves the quality of information searches, accuracy and completeness of results;
serves as a basis for the selective distribution of information and statistical data.

DSS Encryption - Document encryption module based on access control

Purpose:

converting information and not being able to view it without an encryption key;
the possibility of maintaining the secrecy of highly confidential company documents;
the document can be decrypted only by users who have access to the decryption key;
document decryption control, for employees only with a certain level of access to confidential documents.

Hardware and software requirements

The functioning of the DSS product is ensured by the combination of the following components:

Software component - DSS Server;
DSS database;
The DSS Client software component.

1. DSS Server

The system provides collection, storage and analysis of information about user actions (within its technical purpose), from all endpoints with the installed client part of the DSS product. The DSS server can be deployed on the following operating systems:
- Windows Server 2008 Standard / Enterprise Service Pack 2 (64-bit);
- Windows Server 2008 R2 Foundation / Standard / Enterprise (64-bit);
- Windows Server 2012 Foundation / Essentials / Standard (64-bit);
- Windows Server 2012 R2 Foundation / Essentials / Standard (64-bit);
- Windows Server 2016 (64-bit);
- Windows Server 2019 (64-bit).
2. DSS database

The DSS database is an integral part of the DSS product. It provides storage of all data used and stored by the DSS product during operation. The DSS database can be deployed on the following DBMS:
- MS SQL Server, versions: 2012, 2016, 2019;
- PostgreSQL.
3. DSS Client

The DSS client provides the collection from the client machine and the transfer of information necessary for the operation of the DSS system to the DSS server. The DSS client can be deployed on the following operating systems:
- Windows 7 Home / Professional / Enterprise (32 / 64-bit);
- Windows 8 Professional / Enterprise (32 / 64-bit);
- Windows 8.1 Professional / Enterprise (32 / 64-bit);
- Windows 10 Home / Pro / Education / Enterprise (32 / 64-bit).
- The DSS client supports the following versions of MS Office office packages:
- MS Office 2010 32/64-bit;
- MS Office 2013 32/64-bit;
- MS Office 2016;
- MS Office 2019.
Deploying the DSS client requires pre-installation of the following additional software:
- .NET Framework 4.6.2 (or higher);
- VSTO Runtime 2010.
4. Minimum requirements for the DSS server and database:
- Microsoft Windows server: dse versions starting from 2008 R2 (32/64-bit);
- Microsoft SQL server: all versions starting from 2008 R2;
- 2-x processors with a clock frequency of 2 GHz (recommended at least four-core Intel E5v2);
- 16 GB of RAM (64 GB recommended);
- from 100 GB hard drive (500 GB recommended).

Docs Security Suite Architecture