Strengths: It performs quite well with the functions it has built-in
Weaknesses: CWAT doesn't provide complete protection without buying additional modules
Verdict: Has great potential but more features would make this stand out
The CWAT (cybercrime, warning, alert, termination) product takes a modular approach to data leakage prevention. It consists of four parts: organization monitor (OM), segment defense controller (SDC), operation defense controller (OPDC) and unknown terminal defense controller (UDC).
These features together perform basic data leakage protection. Perhaps the most vital is the OM, which serves as a centralised management console allowing the administrator to create, modify and monitor policy settings.
The OM can also create an audit log record that contains enough information to make it a viable source of forensic information. The OPDC module monitors normal traffic to create a baseline of normal network usage per user. It also looks for local system policy violations and suspicious network operations by monitoring system changes, such as log in, keyword detection, external (USB) device protection and application and file operations. The UDC looks for new systems attached to the network and begins the client enrolment process.
The CWAT modules do not provide complete coverage from data leakage and to enhance this protection there are several additional units that can be purchased, including mail, encryption and anti-theft options.
The mail option monitors the contents of outgoing emails and blocks messages that have confidential data, spam and viruses. The encryption module requires encryption of sensitive data if it is to be stored on portable media.
The anti-theft option will expire passwords to the system after a certain number of incorrect login attempts. The printout option simply logs the user who printed a sensitive document. Lastly, the malware prevention feature uses signature matching to determine if a system is propagating viruses, worms and botnets, both internally to the network or through an egress point out to the internet.
Support is available for phone and email and customers can also have an engineer on-site for no extra fee. 24/7 support is available from CWAT resellers and is subject to fees. Intelligent Wave maintains a website with a knowledge base and a FAQ section.