D-Control
D-Control analyzes outbound e-mail and identifies messages requiring confidential processing based on definitions derived from the data security policy.
All outgoing messages are scanned. Normally in e-mail traffic the SMTP port 25 is used, however when scanning messages with D-Control mail is forwarded to port 24. This is done automatically with firewall or directly from client mail server.
Outgoing mail queue
Outgoing mail will be separated from incoming mail by creating another mail queue to the server. The outgoing queue includes all messages that come from the internal network to D- Control.
Message subjects or contents (e.g., word, sentence, image or other content) and the name, type or content of the attached file can be used as the identifiers. Encryption rules can be configured by component.
- Rules for messages: Different instances can have their own rules that can be based on attachment name, message content (word, sentence, picture, other content) and message header.
- Rules for attachments : Attachments can have specified rules (a specific type, a specific name or all attachments). Rules are based on words/sentences inside attachments. Scanned attachment types are PDF, DOCX, pictures (JPEG, TIFF, and JPG), ODT, ODS, ODP, TXT, RTF, XLSX, CSV, GNR and HTML.
- Regexp tag identifiers : Custom Regexp tag identifiers (for example contract number, social security number or bank account number) can be created in addition to basic rules. These identifiers can be added to basic rules simply with its name.
- Override rule : These rules override all other D-Control rules. For example, if all PDF files are marked as encrypted, specified e-mail addresses can still send messages with PDF attachments unencrypted. Override rules can be based on attachment name, message content (word, sentence, picture, other content) and message header.
As a result of the analysis, e-mail messages considered confidential can alternatively be automatically encrypted or the sending of these messages without protection can be prevented, thereby preventing a potential data leak.
- Encryption level : The encryption level that is used to send confidential messages can be determined (options are Letter-level, Registered letter-level, forced TLS, over D-Network connection or over VPN connection). Message can also be rejected in which case if the rules match the message will not be delivered and the sender will be notified of it.
- Sender notification (default: off) : Sender of a message can be notified if the message contained material that requires the use of protection. Notification informs that the message cannot be send unencrypted and gives instructions on how to operate. Alternatively sender can be reminded of forgetting to use protection with a notification that informs that the message was protected automatically and send forward.
D-Control also creates a clear insight into the state of the implementation of the organization's data security policy, taking into account the requirements for data security in terms of e-mail traffic. In practice, the data can be presented as various graphs or tables that can easily be utilized in other reporting.
- Rules entered into groups : Different rules can be grouped in order to make the statistics easier to manage. For example all rules relating to sales (tenders, contracts, IDs) can be named “Sales”. Different groups can be seen in statistics.