The key features of the program include:

• Network traffic capture

Interception of any downloaded pages and files, incoming and outgoing e-mail messages including attachments and archives, chat history of instant messengers Skype, ICQ, QIP, Windows Live Messenger, etc. The program conducts analysis of network traffic and retrieves information transmitted over HTTP, HTTPS, FTP, POP3, SMTP, IMAP, OSCAR and MSN application-level protocols, including SSL protocols for POP3 and SMTP. The list of supported protocols is constantly updated to include new protocols.

• Traffic filtration upon capturing

The system allows arranging and filtering traffic upon interception in accordance with user customized settings, which ensures capture of the required information only and from the specified workstations only.

The program provides large possibilities for traffic filtration upon interception: by IP-addresses, by MAC-addresses of network adapters, by network ports, by logins, by protocols, etc.

One can permit or forbid traffic capture within a certain range of IP-addresses in the administrator console.

• Storage in a database

Interception system stores the information retrieved from traffic into Microsoft SQL Server database.

• Full-text search

A keyword search with the help of a high-performance text retrieval system. Search results are available in a second after the submittal of a request. Entering keywords that may indicate a possible transmission of confidential data will enable the security department to view all the documents retrieved and make judgments as to their confidentiality.

Also searching within the context of the data intercepted is possible (by mail, by data of instant messenger clients, etc.).

• Information presentation possibilities

A possibility to view intercepted data in any presentation convenient for the user (the program has its own large possibilities for viewing such data, as well as allows using specialized applications for this purpose). For example, a message sent by some user can be viewed with all its attributes and attachments.

• Interception data access restriction

Restricted access to viewing intercepted traffic, as well as a multi-user access system with various levels of user privileges.

• Automatic delivery of security breach notifications

The system automatically analyzes captured data, develops reports on the analysis results and delivers notifications of the cases of suspicious or confidential information tranmission.

At a customizable frequency, the Security Center scans the intercepted data using the list of security rules. Upon detecting some documents or information corresponding to the stipulations of this list or containing keywords from the search request, the system automatically sends notifications to a specified e-mail address.

The list of rules for the automatic data search is set by the security department and can include different search conditions. You can set the folowing types of search conditions as the basis for security notifications: certain words, IP addresses, types of data (e-mails, IM chats, files, URLs, etc.), user names, date and time, size of documents, and regular expressions. For example, you could include the words and expressions indicating the degree of confidentiality as well as the contents of any given information transmitted, such as “confidential”, “for internal use”, “financial information” or specific names of certain files that must not leave the borders of the company under any circumstances. As for regular expressions, these could be patterns for credit card numbers, social security numbers, or company's EIN or bank account number. Once the system detects any of the above types of information transferred, it will instantly notify the security department.

The system also allows combining and setting complex search conditions subject to which traffic analysis shall be conducted. For example, security rules can provide for sending notifications about actions of a certain user or about an outgoing message to a certain e-mail address.

Apart from data leak notifications, you can take advantage of statistic notifications: security department can be notified of the actions of certain users if they use specific communication channels too often or, vice versa, too rarely, for example, send too many instant messages per hour or per day, or do not reach the minimum daily limit for e-mail submissions to prospective customers.

Security rules, the frequency of search requests and other operation conditions of the security center are assigned in the client console.

• Network user identification and activity reports

Assignment of network user ID cards for immediate identification of a user who sent or received the data detected by the search system or through the notification of the security center. A possibility of complex monitoring of certain users and their activities for any specific period (for the day, for the week, for the month, etc.).

User ID cards are created for each employee who uses local network resources and include their contact information (full name, job title, e-mail addresses, UINs for ICQ, usernames in social networks, user SIDs, etc.). With the help of the user activity monitoring feature of SecureTower, you can select any specific user or employee of interest and view their network activities over a certain period of time. 

User ID cards also enable immediate identification of a user who sent or received suspicious data detected by the search system or through the notification of the security center. Also, when viewing search or notification results, for example, some IM conversation, you can select the user who is the party to it and see all their conversations with other users or with a certain recipient.

• Interception statistics in a real-time mode

This option is available in the administrator console.

• System event notifications

The system automatically delivers notifications upon the interception system or database overloading or other operation events.