E-mail communication channel

StaffCop Enterprise has a full-fledged interception of the mail protocols - POP3/IMAPS/MTP/MAPI and their encrypted analogues, this can be done by enabling options “Webmail”, “E-mail”, “Network Monitoring” and “E-mail (MAPI/Exchange)” in the agent configuration.

StaffCop Enterprise supports interception of incoming and outgoing messages in popular services of free mail services, such as mail.ru, yandex.ru, google.com, outlook.com and some others.

The agent has a module for interception of MAPI protocol from of MS Exchange.

Interception of messages is performed in a way invisible for a user. Not only messages, but also attachments are intercepted and transferred to the server. Words recognized in intercepted documents are automatically indexed and added to a special table on the server. All processing of recognizing documents by specified dictionaries takes place in real time. You can immediately see the result of the processing of messages and recognized files as output of the corresponding filters according to the phrases and regular expressions.

Based on the mail protocol and messaging, a dimension called “Messaging” is generated, in which you can easily find information on the sender/recipient, the type of message, which means that you can select the recipient and see the recipient of messaging.

You can select all mail boxes used by a particular user.

You can see the graph of user’s relations with other users by additional criteria.

Let’s take an example of detailed report on mail channel interception:

You need to find information on all users and understand which of the users have additional mail boxes, except corporate ones.

Open the admin interface, select “Mail” event type in the dimension panel.

In addition, we select “Direction/Outcoming” as an additional filter - we get a list of all outgoing addresses as a result.

../_images/cases_43.png

Switch the view mode from “Events” to “Analysis”. In this kind of view, we click on the “Dimension” menu and select “MessagingSender” there, thereby getting a filter of all senders in our organization.

To see if someone has an additional box, switch the view mode to “Tree” and get the output of this kind:

../_images/cases_46.png

Some users (on PCs “mn” and “vladz”) have additional mail boxes on yandex.ru

When analyzing user activity it may come up that this user used personal mail account on “yandex.ru” for forwarding corporate documents that may be of interest from the point of view of network security.

Another excellent indicator of a company’s performance can be the “Key PerformancIndicators (KPI)”, which can be obtained by applying a minimal number of filters and getting reliable information about who, how many and to whom sent letters per day.

According to the content of letters, you can learn what results a specific employee has achieved, thus assessing the effectiveness of his work.

To display the number of received letters, you can use the special report type /”Reports/Summary Statistics/”.

This report displays the number of received letters sent by each user, for example:

../_images/cases_48.png