E-mail communication channel

StaffCop Enterprise has a full-fledged interception of the mail protocols - POP3/IMAPS/MTP/MAPI and their encrypted analogues, this can be done by enabling options “Webmail”, “E-mail”, “Network Monitoring” and “E-mail (MAPI/Exchange)” in the agent configuration.

StaffCop Enterprise supports interception of incoming and outgoing messages in popular services of free mail services, such as mail.ru, yandex.ru, google.com, outlook.com and some others.

The agent has a module for interception of MAPI protocol from MS Exchange.

Messages are intercepted in a stealth mode. Not only messages, but also attachments are intercepted and transferred to the server. Words that are recognized in intercepted documents are automatically indexed and added to a special table on the server. All processing of recognizing documents by specified dictionaries takes place in real time. You can immediately see the results as output of the corresponding filters according to the phrases and regular expressions.

Based on the mail protocol and messaging, a dimension called “Messaging” is generated, in which you can easily find information on the sender/recipient, the type of message.

You can select all mail boxes used by a particular user.

You can see the graph of user’s with other users by additional criteria.

Let’s find out how detailing on e-mail interception looks like. For example:

We need to find information on all the users and understand which of them have additional boxes except the corporate ones.

Let’s open admin interface, choose “Mail” in the “Event type”.

In addition, add a filter “Direction / Outgoing” - and get the list of outgoing messages as a result.

../_images/cases_43.png

Let’s switch the view mode from “Facts” to “Analysis”. In this view mode let’s click the menu “Dimension” and choose “Messanging / Sender” thus getting the filter of all the senders in our organization.

To see if anyone has an additional mail box, let’s switch the view mode to “Tree” and see a picture of this kind:

../_images/cases_46.png

Some users have additional boxes at yandex.rugmail.com.

While analyzing user actions it may appear that some user used personal e-mail on the web-site “yandex.ru” to forward corporate documents and this can be interested from the point of view of security policies.

Another efficiency indicator is KPI “Key Performance Indicator.”, which can be obtained by applying a minimum number of filters and getting verified information about the number of e-mails sent and received.

By the content of e-mails you can see the results achieved by each particular user, thus, evaluating the efficiency of this user.

To display the amount of the receivedsent you can use a special report type “Reports / Summary statistics”.

This report will reflect the amount of receivedsent e-mails by each user, for example:

../_images/cases_48.png