Introduction

Functionality

StaffCop Enterprise is a bundled software system for employee monitoring. Company directors, security officers and system administrators who use StaffCop Enterprise can track almost all suspicious activity occurring on company workstations, both in real-time and in retrospective. Our software system will help you estimate actual efficiency of your employees and learn what they spend time on. Our system is also a great tool fro insider threat detection and data leak prevention.

_images/vozmozhnosti_staffcop.png
  • full network monitoring (including encrypted traffic), corporate e-mail and web-mail (including attachments), instant messengers and web surfing;
  • file monitoring (file operations, clipboard, copying to external drives and network sources, analysis of archived data);
  • monitoring of employee activity on a workstation;
  • monitoring of printed documents;
  • remote desktop
  • block websites, applications and USB-drives;
  • admin interface can be accessed from any point with internet connection
  • powerful system of multi-dimensional analysis of user activity based on OLAP technology;
  • detector of user behavior anomalies;
  • alert system to notify on violations of security policies;
  • flexible settings of data collection;
  • dividing access to collected data by users and user groups;
  • Visualization of collected data as a table, graph or diagram

Architecture

StaffCop Enterprise is a client-server application consisting of two main parts: StaffCop Server and Endpoint Agents.

StaffCop Server

StaffCop Server is used to receive, store, and view data aggregated by Endpoint Agents. It’s installed on a computer with OS Ubuntu Server and uses PostgreSQL database to store data.

StaffCop Server is used to receive, store, and view data aggregated by StaffCop Agents. It’s installed on a computer with OS Ubuntu Server and uses PostgreSQL database to store data.

Endpoint Agents

An Endpoint Agent represents a service launched on a workstation. It collects information on events of a workstation and on user’s actions and transfers it to StaffCop Server. It works in the hidden mode, so a user can’t see it. Data is aggregated in the local database and it is automatically removed after being transferred to StaffCop Server. If the connection to the Server is lost, an agent continues collecting data, but when the size of data reaches the limitation on its maximal size an agent starts to cyclically overwrite it, erasing the oldest data.

Endpoint Agent for Windows can be installed locally or remotely with the help of the embedded tool or Active Directory (GPO). Installation requires rights of local (domain) administrator.

Endpoint Agent for Linux is installed by launching the installer with root rights.

Data is transferred through encrypted channel (openSSL) in packets, the minimal size of a packet and the interval of transferring are configured in the settingsIn the process of installation addresses o main and alternative servers can be specified. In case the main server is unavailable, Endpoint Agent will send data to the alternative address. This will provide connection to the server from beyond the corporate local network.

Installation overview

  1. Get the link for downloading installation files: https://www.staffcop.com/enterprise/get-started/
  2. Check the system requirements and choose the most appropriate type of Staffcop Server installation
  3. Install agents on the computers you want to monitor
  4. Set up configurations, monitoring rules and exceptions for antivirus software.

In case any questions or problems arise during the installation or configuring, please contact our support team.

Our specialists will consult you, answer your questions and, if necessary, connect to your server remotely to help you. Instruction: what is required to establish a remote connection.

Usage

To better understand following articles it’s recommended to study the terminology and interface components of StaffCop Enterprise.

If you have managed to successfully install and configure the system, agents has started transferring information on events from the users’ computers to StaffCop Server, which means that you can open the administrative panel and start working with the collected data.