Data Security

Detecting Data Loss & Fraud

For enterprises looking to protect against data loss with a more efficient and cost-effective solution, content-aware SIEM is the perfect solution. CA-SIEM can track and analyze how protected information is accessed and used on the network, to detect unintentional data loss, deliberate theft of data, and violations of business policies that could put sensitive information at risk.

Because NitroView is built for the analysis of database activity and application data contents in addition to logs and events, it's able to detect data loss and fraudulent insider activity — all from a single platform using a single interface.

 

 

  • Overview
  • Supported Apps
  • Supported Protocols
  • Supported Databases

These capabilities go far beyond what is offered by other SIEMs — rather than relying on database and application logs to detect threats against your data, we're able to provide active monitoring: providing full database session visibility to know exactly what data is being accessed, when, and by who; and going beyond surface visibility of application logs to detect sensitive data within the applications themselves. 

Many SIEM products claim fraud detection and "application support." However, these systems rely on application logs, which provide varying degrees of application event detail depending upon the application. Some systems go even further to provide analysis of packet header information, to tie specific events to a given application. Both solutions lack the full depth of application monitoring that can be provided using a dedicated Application Data Monitor (ADM). 

Unlike logs and packet headers, full ADM provides visibility into the application's content—including:

  • Text within an email or the contents of an email attachment
  • Instant message conversations and the contents of files transferred over IM
  • The presence of sensitive or protected information 
  • The absence of corporate privacy statement in outbound emails
  • Virtually any policy violation based on how applications and documents are used

Applies to: NitroView ADM

Archives

  • RAR Archive
  • ZIP Archive
  • BZIP2 Compressed File
  • BZIP Compressed File
  • GZIP Compressed File
  • Debian Linux Package
  • RedHat Linux Package
  • Install Shield Cabinet Archive
  • Microsoft Cabinet Archive
  • Microsoft Compressed File
  • ACE Archive
  • ZOO Archive
  • Larc Archive
  • LHArc Archive
  • StuffIt Archive
  • Apple Macintosh BinHex Archive
  • Microsoft TNEF Archive
  • UU-Encoded File
  • 7-Zip Archive
  • ARJ Archive

Images

  • GIF Image
  • JPEG Image
  • PNG Image
  • Tag Image File Format (TIFF) Image
  • AutoCAD Drawing (.DWG)
  • AutoCAD Drawing (.DXF)
  • Adobe Photoshop Image
  • Microsoft Windows Bitmap Image
  • Microsoft Windows Meta File
  • Microsoft Windows Device Independent Bitmap Image
  • Corel Draw Image
  • Smart Draw Drawing
  • PCX Image
  • Visio Diagram
  • Macromedia Freehand Drawing
  • Micrografx Designer Drawing
  • Raw Digital Camera Image
  • Computer Graphics Metafile Image
  • Apple Picture
  • X-Windows Pixmap Image
  • X-Windows Window Dump Image
  • G3 FAX Image
  • Image Exchange Format Image
  • North American Presentation Layer Protocol Syntax (NAPLPS) Image
  • Nations Bank BTIF Cheque Image
  • PTI Image
  • T38 Image
  • Tag Image File Format Fax eXtended Image
  • WAP Bitmap (WBMP) Image
  • eXtended Image File Format (XIFF) Image
  • CMU Raster Image
  • Corel Photo Paint Image
  • Microsoft Windows Icon
  • AOL Image
  • Raw RGB Image Data
  • X-Windows Bitmap Image

Audio

  • 32k Adaptive PCM
  • Adaptive Multi-Rate (AMR)
  • Adaptive Multi-Rate Wideband (AMR-WB)
  • Basic PCM
  • Microsoft Wave Audio (.WAV)
  • iTunes Music Library
  • Ogg Multimedia
  • MIDI
  • Real Audio
  • FLAC
  • Dolby Digital AC-3
  • FlacPak Instrument
  • IFF Audio
  • CD Audio Track
  • MPEG/MP3 Playlist
  • MPEG URL Redirection
  • CN Audio File
  • 12bit DAT Audio File
  • ITU-T G.722.1 Format Audio File
  • L16 Format Audio File
  • L20 Format Audio File
  • L24 Format Audio File
  • MP4 Audio File
  • Robust MP3 Audio File
  • MP3 Audio File
  • Parityfec Audio Data
  • PSID Audio Data
  • Telephone Event Data
  • DTMF Audio Tone Data
  • 3GPP IUFP Audio Data
  • Cisco NSE VoIP Data
  • Comverse Network Systems ANP1 Audio Data
  • Comverse Network Systems INF1 Audio Data
  • Digital Winds MIDI Audio Data
  • EverAD Audio Data
  • Lucent Voice Audio Data
  • Nortel Networks Voice Messaging Data
  • Nuera ECELP4800 Speech Data
  • Nuera ECELP7470 Speech Data
  • Nuera ECELP9600 Speech Data
  • Octel SBC Format Voice Data
  • QCELP Format Voice Data
  • Rhetorex 32k Adaptive PCM Voice Data
  • VMX CVSD Format Voice Data
  • 669 Tracker Audio File
  • Apple Macintosh (AIFF) Audio File
  • Background Audio File
  • Bamba Streaming Audio Data
  • ChaCha Audio Data
  • Echospeech Voice Data
  • GSM Audio Data
  • Impulse Tracker (.IT) Audio File
  • Amiga JamCracker Audio File
  • Netscape LiveAudio Data
  • Funk Audio Data
  • MIO Audio File
  • MOD Audio File
  • Microsoft WAX Audio File
  • NSP Audio File
  • RealAudio Plugin
  • PSID Audio File
  • Future Crew Scream Tracker (S3M) Audio File
  • ShoutCast Playlist
  • TS-Player Audio
  • TwinVQ Audio File
  • TwinVQ Plugin
  • Audio Explosion mJuice Audio
  • VOC Audio
  • Voxware Audio
  • Fast Tracker II (.XM) Audio File
  • ITU-T G.711 (Voice)
  • RED (Voice)
  • PCMA (Voice)
  • G.723 (Voice)
  • SIREN (Voice)
  • x-msrta 16000 (Voice)
  • x-msrta 8000 (Voice)
  • G7221 (Voice)
  • G726 (Voice)
  • Telephone Event
  • DSP TrueSpeech (Voice)
  • GSM (Voice)
  • Speex (Voice)
  • iLBC (Voice)

Video

  • AVI Video
  • Shockwave Flash Animation
  • Apple QuickTime Video
  • Real Media Video
  • Microsoft Media Video
  • Corel RAVE Animation
  • Corel Movie
  • VideoCD Video
  • MythTV Nuppel Video
  • Id Software Quake II Video
  • MPEG-4 Video
  • Motion Network Graphics Video
  • Autodesk Animator Animation
  • Autodesk Animator Pro Animation
  • MPEG Video
  • Vivo Video
  • Flash Video
  • Digital Video (DV)
  • Parityfec Video Data
  • RTP Pointer Data
  • FVT Video
  • Motorola Video
  • Motorola VIDEOP Video
  • Nokia Interleaved Mulitmedia Video
  • Object Video
  • MAT Showrun Video
  • Atomic3D Video
  • Bamba Streaming Video
  • DL Video
  • GL Video
  • ISU Video
  • Intel Video
  • Motion JPEG Video
  • Microsoft ASF Video Plugin
  • WVX Video
  • Silicon Graphics Movie File

Messages

  • Delivery Status Message
  • Disposition Notification Message
  • External Body Message
  • HTTP Message
  • News Message
  • Partial MIME Message
  • Internet Mail Message
  • SHTTP Message
  • SIP Message
  • Chat Transcript
  • Session Transcript
  • Chat Session
  • Internet Mail
  • MS Exchange Email
  • Multi-Part Messages
  • Multipart MIME Message (Alternatives)
  • Multipart Apple Macintosh File
  • Multipart MIME Message (Byte Ranges)
  • Multipart MIME Message (Digest)
  • Multipart MIME Message (Encrypted)
  • Multipart MIME Message (Form Data)
  • Multipart MIME Message (Header Set)
  • Multipart MIME Message (Mixed)
  • Multipart MIME Message (Parallel)
  • Multipart MIME Message (Related)
  • Multipart MIME Message (Report)
  • Multipart MIME Message (Signed)
  • Multipart MIME Message (Voice Message)
  • RFC822 Internet Mail Message Header
  • vCard

Databases & Spreadsheets

  • XML Database
  • XSL Style Sheet
  • XML Schema Definition
  • XML DTD
  • Microsoft Access Database
  • RRD Tool Database
  • Tab Separated Values
  • Comma Separated Values
  • SuperCalc Spreadsheet
  • Btrieve Database
  • Ability Office Spreadsheet
  • Lotus 1-2-3 Spreadsheet
  • Apple MacWrite II Document
  • Adobe FrameMaker Document
  • Lotus Approach Document
  • Lotus Freelance Document
  • Lotus Notes Document
  • Lotus Organiser Document
  • Lotus Screencam Data
  • Lotus WordPro Document
  • WordPerfect Document

Fax

  • Bitware Fax
  • Microsoft FAX Cover Sheet
  • PDF Document
  • PostScript Document
  • Rich Text Document
  • Microsoft Word Document
  • Microsoft Excel Spreadsheet
  • Microsoft Powerpoint Presentation
  • Microsoft Project Data
  • Microsoft Works Document
  • vCalendar Scheduling Information
  • Plain Text Document
  • SGML Document
  • Microsoft Calendar
  • ChiWriter Document
  • TeX DVI Document
  • TeX Document
  • Enriched Text Document
  • Microsoft Art Gallery Data

Web Related Applications

  • HTML Document
  • JavaScript
  • Microsoft License Package (.LPK)
  • DHTML Behaviour Component
  • PHP Script
  • Microsoft ASP Script
  • Cascading Style Sheet
  • Web Site Form Submission
  • WAP Markup Language (WML) Document
  • WML Script
  • Directory Listing
  • URI List
  • X.509 Certificate
  • SSL Application Data

Executables

  • MS-DOS Executable
  • Win32 Executable
  • Shell Script
  • Compiled Java Class
  • 32-bit ELF Executable
  • MacOS X Mach-O Executable
  • Apple Mac PEF Executable

Games

  • Microsoft X-Box Executable
  • Microsoft X-Box Data
  • Microsoft X-Box Data
  • Quake Model
  • Valve Source Engine Map
  • Valve Source Engine AI Navigation Information
  • Quake II Map

Application Specific Documents

  • Adobe Photoshop
  • Adobe Photoshop Custom Shape
  • AOL / ICQ Instant Messenger
  • AOL / ICQ Instant Messenger Buddy List
  • Chronicle Solutions netReplay
  • netReplay Object File Store
  • netReplay Archive
  • netReplay Report
  • netReplay Report Script
  • netReplay Index Postings
  • netReplay Index Lexicon
  • Corel Draw
  • Corel Color Palette
  • Corel Draw Pattern
  • Corel Draw Template
  • Corel WordPerfect
  • WordPerfect Macro
  • WordPerfect Help File
  • WordPerfect Keyboard
  • WordPerfect Dictionary
  • WordPerfect Thesaurus
  • WordPerfect Block
  • WordPerfect Rectangular Block
  • WordPerfect Column Block
  • WordPerfect Printer Data
  • WordPerfect Driver Resource Data
  • WordPerfect Hyphenation Code
  • WordPerfect Hyphenation Data
  • WordPerfect Macro Resource Data
  • WordPerfect Hyphenation Lexicon
  • WordPerfect Word List
  • WordPerfect Equation Resource Data
  • WordPerfect Spelling Rules
  • WordPerfect Dictionary Rules
  • WordPerfect Spelling Rules (Microlytics)
  • WordPerfect Settings
  • WordPerfect Dialog
  • WordPerfect Button Bar
  • WordPerfect Shell Macro
  • WordPerfect Shell Definition
  • WordPerfect Notebook Macro
  • WordPerfect Notebook Help
  • WordPerfect Notebook Keyboard
  • WordPerfect Notebook Definition
  • WordPerfect Calculator Help
  • WordPerfect Calendar Help
  • WordPerfect Calendar Data
  • WordPerfect Editor Macro
  • WordPerfect Editor Help
  • WordPerfect Editor Keyboard
  • WordPerfect Editor Macro Resource
  • WordPerfect Macro Editor Macro
  • WordPerfect Macro Editor Help
  • WordPerfect Macro Editor Keyboard
  • WordPerfect PlanPerfect Macro
  • WordPerfect PlanPerfect Help
  • WordPerfect PlanPerfect Keyboard
  • WordPerfect PlanPerfect Work Sheet
  • WordPerfect PlanPerfect Printer Definition
  • WordPerfect PlanPerfect Graphic Definition
  • WordPerfect PlanPerfect Data
  • WordPerfect PlanPerfect Temporary Printer
  • WordPerfect PlanPerfect Macro Resource Data
  • WordPerfect Mail
  • WordPerfect Help
  • WordPerfect Ditribution List
  • WordPerfect Out-Box
  • WordPerfect In-Box
  • WordPerfect Users Archived Mailbox
  • WordPerfect Archived Message Database
  • WordPerfect Archived Attachments
  • WordPerfect Printer Temporary File
  • WordPerfect Scheduler Help
  • WordPerfect Scheduler In File
  • WordPerfect Scheduler Out File
  • WordPerfect GroupWise Settings
  • WordPerfect GroupWise Directory Services
  • WordPerfect GroupWise Settings
  • WordPerfect Terminal Resource Data
  • WordPerfect GUI Loadable Text
  • WordPerfect Graphics Resource Data
  • WordPerfect Printer Settings
  • WordPerfect Port Definition
  • WordPerfect Print Queue Parameters
  • WordPerfect Compressed File
  • WordPerfect Network Service Message
  • WordPerfect Async Gateway Login Message
  • WordPerfect GroupWise Message
  • WordPerfect GroupWise Admin Domain Database
  • WordPerfect GroupWise Admin Host Database
  • WordPerfect GroupWise Admin ADS Deferment Data
  • WordPerfect IntelliTAG (SGML) Compiled DTD
  • WordPerfect WordPerfect Graphic Image
  • Corel Presentation Exchange
  • Macromedia Flash
  • Macromedia Flash Color Table
  • Macromedia Shockwave Package
  • Nullsoft Winamp
  • Winamp Advanced Visualization Preset

3D Modeling 

  • 3D Studio Max ASCII Export
  • Blender 3D Document
  • Cinema 4D Model
  • Corel Dream3D Drawing
  • VRML Model
  • Autodesk DWF File
  • Flatland 3DML Model
  • IGES Format Model
  • MESH Format Model
  • Graphisoft GDL Model
  • Gen-Trix GTW Model
  • Virtue MTS Model
  • Parasolid Binary Transmit Model
  • Parasolid Text Transmit Model
  • Virtue VTU Model
  • POV-Ray 3D Model

Anti-Virus

  • Avast Anti-Virus Skin
  • Kaspersky Anti-Virus Database
  • ClamAV Anti-Virus Database
  • Trend Micro Anti-Virus Database

Disk Images

  • CramFS Image
  • ROMFS Image
  • NetBoot Image
  • Linux Ext2/3 File System Image
  • ISO Image
  • Reiser File System Image

Scientific: Chemical Modeling 

  • Alchemy Format Chemical Data
  • CSF Format Chemical Data
  • CACTVS Binary Format Chemical Data
  • ChemDraw eXchange File
  • MSI Cerius II Format Chemical Data
  • ChemDraw File
  • Crystallographic Interchange Format Chemical Data
  • MacroMolecular CIF Chemical Data
  • Chem3D Format Chemical Data
  • CrystalMaker Format Chemical Data
  • Compass Format Chemical Data
  • Crossfire Format Chemical Data
  • Chemical Markup Language (CML) Document
  • Chemical Style Markup Language (CSML) File
  • Gasteiger Group CTX Format Chemical Data
  • CXF Format Chemical Data
  • Smiles Format Chemical Data
  • EMBL Nucleotide Format Chemical Data
  • SPC Format Spectral and Chromatographic Data
  • GAMESS Input Format Chemical Data
  • Gaussian Input Format Chemical Data
  • Gaussian Checkpoint Format Chemical Data
  • Gaussian Cube (Wavefunction) Format Chemical Data
  • GCG8 Sequence Chemical Data
  • ToGenBank Format Chemical Data
  • IsoStar Library of Intermolecular Interactions
  • JCAMP Spectroscopic Data Exchange Format
  • Kinetic (Protein Structure) Image
  • MacMolecule Format Chemical Data
  • MacroModel Molecular Mechanics Data
  • MDL Molfile Chemical Data
  • Reaction Format Chemical Data
  • MDL Reaction Format Chemical Data
  • MDL Structure Format Chemical Data
  • MDL Transportable Graphics Format Chemical Data
  • MIF Format Chemical Data
  • Portable Representation of a SYBYL Molecule
  • Molconn-Z Format Chemical Data
  • MOPAC Input Format Chemical Data
  • MOPAC Graph Format Chemical Data
  • ASN (old) Format Chemical Data
  • ASN (new) Format Chemical Data
  • Protein DataBank Format Chemical Data
  • SWISS-PROT Protein Sequence Database
  • VAMAS Format Chemical Data
  • Visual Molecular Dynamics Chemical Data
  • Xtelplot Chemical Data
  • Co-ordinate Animation Format Chemical Data

Scientific: Mathematical Modeling

  • MathCaD Document
  • Mathematica Data
  • Math Markup Language (MATHML)
  • Maple V Library
  • Maple V Worksheet
  • Matlab Document

Software Development

  • Microsoft Developer Studio Workspace
  • Microsoft Developer Studio Project
  • Microsoft Developer Studio Resource Script
  • Microsoft Windows COFF i386 Object
  • Wise InstallBuilder Script
  • Microsoft Windows Mini Dump
  • Microsoft Visual Studio Precompiled Header
  • Microsoft Visual Studio Linker Database
  • Microsoft Visual Studio Program Database
  • Microsoft Visual Studio Solution
  • Microsoft Visual Studio .NET Project
  • Microsoft Visual Studio .NET Strong Name Key
  • COFF Library
  • C Source Code
  • C++ Source Code
  • C Header
  • C++ Header
  • GCC Pre-Compiled Header
  • HBasic Source Code
  • Assembly Source Code
  • Fortran Source Code
  • Java Source Code
  • Makefile
  • QT MOC Intermediate Source Code File
  • Pascal Source Code
  • TCL Script

Microsoft Windows Related

  • Microsoft Windows Shortcut
  • Cygwin Shortcut
  • Colour Profile
  • Microsoft Windows NT Registry
  • Microsoft Windows 95 Registry
  • Microsoft RegEdit File
  • Microsoft Windows Shell Command
  • Microsoft Internet Explorer Cache
  • Microsoft URL Shortcut
  • Microsoft Shortcut
  • Microsoft HTML Help
  • Microsoft Help
  • Microsoft Windows Animated Cursor
  • Microsoft Windows Palette
  • VMWare Virtual Disk Image
  • VMWare Non Volatile RAM Image
  • Autorun INF File
  • Windows XP Backup
  • HTML Help Index
  • DOS Code Page
  • Microsoft Windows Page Dump
  • Microsoft Outlook Express Folder
  • Downloadable Sound Bank

UNIX Related

  • Time Zone Info File
  • Unix Crontab File

Apple Mac OS Related

  • MacOS X Folder Information

Fonts

  • UNIX Font
  • PostScript Type 1 Font
  • TrueType Font
  • OpenType Font

Network Analysis

  • TCP-Dump Capture
  • TCP-Dump Extended Capture
  • Network General Sniffer Capture
  • Microsoft NetMon Capture
  • NetStumbler Log
  • EtherPeek Capture
  • Cinco Net X-Ray Capture
  • AIX iptrace Capture
  • NBB2 Capture Data
  • NBB2 Capture Index
  • Solaris Snoop Capture
  • Nettl Capture
  • RADCOM WAN/LAN Analyser Capture

Applies to: NitroView ADM

Base Protocol Modules

  • AOLMAIL (AOL Webmail)
  • DeltaSync (Windows Live Mail over Outlook client)
  • FTP
  • Gmail
  • Hotmail
  • HTTP
  • IRC
  • MAPI (Microsoft Exchange)
  • MSNMS SQL Server
  • SQL queries
  • Network Printers (Print monitor, PJL, postscript, PCL)
  • NNTP
  • OSCAR (ICQ, AOL Instant Messaging)
  • Peer to Peer / Gnutella
  • POP3
  • SIP (IM / VoIP)
  • SMTP
  • SSH 
  • SSL 
  • Telnet
  • XMPP / Jabber IM
  • Yahoomail
  • Yahoo Webmail
  • YIM

Low-Level & Transport Protocol Modules

  • DNS
  • IPv4
  • KERBEROS
  • NBNS
  • RPC
  • RTP
  • SOCKS
  • TCP
  • UDP

Network Modules

  • BASE64
  • DNS (IP -> Name Cache for Use by Modules)
  • GZIP
  • HU01 (Compression used by windows live mail)
  • IPv4
  • KERBEROS (Windows Login Detection)
  • LZFU (Compression used by MAPI / TNEF)
  • MARKUP (Text Extraction from HTML for Indexing)
  • MIME (Email and Web Form Decoding)
  • NBNS (Names for MAC Addresses from Windows)
  • QP (Quoted Printable decoding)
  • RFC822 (Email Decoding)
  • RPC
  • RTF (Text Extraction for Indexing)
  • RTP
  • SMB
  • SOCKS (Proxy Server)
  • TAR (Archive extraction)
  • TNEF (Winmail.dat files)
  • TCP
  • UDP
  • ZIP

WebMail

  • AOL
  • GMAIL
  • Hotmail
  • Yahoo
  • Webmail supports extraction of:
    • Email contents
    • Attachment Name
    • Bcc
    • Cc
    • Display Name
    • File Name
    • Host Name
    • From
    • To
    • Subject

Instant Messenger / Chat

  • AOL
  • ICQ
  • Jabber
  • MSN
  • SIP
  • Yahoo
  • IM / Chat supports extraction of:
    • Message Contents
    • Call ID
    • Client Version
    • Contact Name
    • Contact Nickname
    • Display Name
    • File Name
    • User Name
    • User Nickname

VoIP Protocol Modules

  • SIP
  • SIP Supports extraction of:
    • Call ID
    • Client Version
    • Contact Name
    • Contact Nickname
    • Display Name
    • File Name
    • User Name
    • User Nickname

Database Protocol Modules

  • TDS (MS SQL Server)
  • TDS Supports extraction of:
    • App Name
    • Ctl InternalName
    • Database
    • Host Name
    • Password
    • Server Name
    • User Name

* NitroView DBM supports full database monitoring of all databases

Decompression & Decoding Modules

  • BASE64
  • GZIP
  • HU01
  • LZFU
  • MIME
  • Quoted-Printable
  • RFC822

Content Extraction Modules

  • HTML
  • RTF
  • TAR
  • TNEF
  • ZIP

SCADA and DCS Protocols

  • DNP3
  • Ethernet/IP
  • ICCP
  • Modbus
  • Others (see SCADA & DCS tab for more details)

Applies to: NitroView DBM

Note: Log collection and analysis of additional databases may be supported using NitroView ESM or NitroView ELM

Supported Database Platforms

  • DB2
  • Informix
  • MS SQL
  • MySQL
  • Oracle
  • PI Server
  • PostgreSQL
  • Sybase
  • Teradata