Detecting Data Loss in ObserveIT

Detecting Data Loss in ObserveIT

ObserveIT enables the detection of potential data leaks. The ObserveIT detection mechanism prevents data exposure, data theft, and out-of-company-policy activities, by enabling security and risk analysts to track the following user actions:

These features are enabled by default on the ObserveIT Agent by a data loss detection policy which is configured in the Server Policies settings of the ITM On-Prem Web Console. For details, see Data Loss Detection Policy.

ObserveIT enables detection of potential data loss when a user:

  • Attempting to move files (or folders) by copying them to the clipboard or dragging them with the mouse.

    ObserveIT immediately captures the names of the files as well as their source location and size. Thresholds can be defined to indicate a LARGE file copy based on the number of files being copied and/or their total size.

    (See How to detect the copying/dragging of files and folders.)

  • Connecting any USB device (including mobile phones).

    ObserveIT immediately captures the device description (i.e. model , vendor and serial number) and the mapped drive letter.

    (See How to detect the insertion of a USB-based external storage device.)

  • Copying or downloading a file to a USB device.

    ObserveIT detects any file that is copied or downloaded to a USB device.

    Some smart phones (primarily Android) and specific SD cards might be recognized, they are not however, fully supported as an exit point.

    (See How to detect file exfiltration to a USB device.)

  • Performing a paste operation

    ObserveIT detects paste operation of files, folders, images, and text when paste is performed by right-click menu item Paste, keyboard shortcuts Ctrl+V, CTRL+Insert (Windows), menu items Edit > Paste and equivalent right-click menu items and keyboard shortcuts Cmd+V (Mac).

    (See Detecting Paste Activity)

  • Printing of files

    The ObserveIT detection mechanism helps to prevent data exfiltration by enabling security and risk analysts to track any user attempt to print sensitive or confidential data. ObserveIT captures the titles of the files, the printer, and the number of pages being printed.

    (See Detecting the Printing of Files.)