Content-defined Risk Policies
Enforce your NIST CSF controls at the content layer by defining policies with restrictions such as “use SafeEDIT” that Kiteworks applies dynamically in real time. Base each policy on the attributes of the user, the content, and the requested action. Implement unlimited policies with Advanced Governance, or two policies with Kiteworks Enterprise.
Risk Policy Compliance Report
Easily audit enforcement of your content-defined risk policies, ensuring they trigger appropriately. Your compliance admin can filter events corresponding to a selected policy and timeframe to audit precise execution or review policy triggers: see the action requested, user, tags, and files affected. Standard parameters are included too, such as the user’s device, IP address, and geographic location.
CMMC 2.0 Compliance Report
Reduce CMMC audit risk and preparation cost by automatically gathering information for compliance controls. Get an automatic pass/fail status when detectable by the system, fix problems before the audit, and demonstrate compliance with confidence.
Insider Threat Compliance Report
Investigate suspicious insider activity by tracking the actions of a suspected user to pinpoint risky behavior. Instantly gather details of communications, files accessed, downloads, and other actions, and assemble the information you need for HR and legal action.
HIPAA Compliance Report
Stay audit-ready for complete HIPAA compliance with Kiteworks’ one-click reports. Demonstrate implementation of Administrative Safeguards like inactive account controls, Technical Safeguards such as key rotation, Physical Safeguards status per AWS and Azure SOC 2 attestations, and access management details like DLP integration and incident response plans.
GDPR Compliance Report
Gain control of GDPR readiness with comprehensive visibility of internal and external information exchange in a one-click, audit-ready report. Capture and report who’s sending what to whom, when, from which connected on-premises and cloud content sources, to where. Detailed reports allow for data analysis down to the file level, and show which files have passed or failed AV, DLP, and ATP scans.
Legal Hold for eDiscovery
Preserve all third-party content communications for litigation: files, versions, emails, and activity traces. Secure the content and protect it from spoliation within the Kiteworks hardened virtual appliance to maintain a provable chain of custody that’s transparent to end-users. It supports successful investigations and litigation with detailed reporting, as well as integrations with email archiving and eDiscovery.
DLP Content Scanning, Blocking, and Visibility
Protect your outgoing data from inadvertent or intentional leaks, using your best-in-class DLP solution to identify PII, PHI, IP, or other sensitive information in outgoing files. The Kiteworks platform logs metadata about the content and the DLP result and notifies appropriate admins of all failures. Or you can set it to block sending of failing files, and designate admins who can unlock any false positives. The CISO Dashboard provides the best way to visualize activity in context, drill in with reports, or export to your SIEM.
ATP Scanning, Quarantine, and Visibility
Protect your enterprise from zero-day threats by automatically feeding incoming files through your Advanced Threat Protection (ATP) system. Kiteworks quarantines failing files and notifies appropriate security personnel. All activity is fully logged and visible via reporting and the CISO Dashboard, and exportable to your syslog and SIEM.
Frequently Asked Questions
CRPs are truly dynamic access controls that apply the right protection at the right time, based on the attributes of the content, the user, and the action the user is performing.
A compliance report helps an organization prove it complies with a regulation by automatically displaying settings, configurations, and activities auditors need to see for each individual control. It can be run at any time to identify problems so they can be fixed in advance of an audit.
When legal teams anticipate litigation, or are served a subpoena or lawsuit, their organization is obligated to preserve relevant information for the legal discovery process. Discovery of electronically stored information (ESI) can use an automated process called eDiscovery.
DLP software automatically classifies and identifies regulated, confidential, and business-critical data within content files to help prevent violations of organizational policies or compliance requirements like HIPAA, PCI DSS, or GDPR.
ATP software uses next-generation security techniques to provide enhanced protection, visibility, and response against advanced persistent threat attacks targeting sensitive data. ATP solutions use a combination of technologies such as behavioral analysis, machine learning, artificial intelligence, sandboxing, and threat intelligence to detect, analyze, and remediate advanced threats.