• CWAT includes separate network and PC monitoring components, which allows for real-time detection and immediate automatic response by each component to data extrusion actions.
• Because each component has its own detection and response capabilities, and because the system maintains monitoring logs that provide proof of data extrusion actions, they place no burden on network operating resources.
• Centralized monitoring and control components provides for centralized management of data extrusion prevention policies, and optimal time distribution to the separate monitoring components facilitates operations management.
• Data extrusion prevention policies are stored on the PC along with the monitoring component, which provides the same detection and automatic response capabilities when PCs are taken off the network as when they are on the network.
• An artificial intelligence engine studies and learns normal PC operation patterns so it can detect abnormal behavior associated with operations and data extrusion attempts that would not be detected by organization-specific policy settings.

Events Monitored by CWAT

CWAT registers PCs and users to be monitored and sets policies for data extrusion attempts. This enables CWAT to monitor the following events in relation to both PCs and users:

• User login • Terminal usage • Application operations • External device use • Printing operations

• Write attempts • Read attempts • File operations • Print screens • Network activity

• Unregistered terminal connections • Stolen terminal connections • Suspicious activities • E-mail and Web mail • Encryption activities