Enterprise Vault Whitepaper Netbox Blue Integration with Enterprise
Transcription
Enterprise Vault Whitepaper Netbox Blue Integration with Enterprise
Enterprise Vault Whitepaper Netbox Blue Integration with Enterprise Vault This document describes how Netbox Blue’s Social Risk Management products can capture unified communications, instant messages, collaboration, and social media traffic and archive the contents into Enterprise Vault with rich metadata and indexing for enhanced search value from the data. This document applies to the following version(s) of Enterprise Vault: 10 and 11 (including 11.0.1) If you have any feedback or questions about this document please email them to [email protected] stating the document title. Copyright © 2015 Symantec Corporation. All rights reserved. Veritas and the Veritas Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Document Control Contributors Who Contribution Daniel Strydom Author Andy Joyce Reviewer David Scott Contributor/Reviewer John Fison (Netbox Blue) Contributor/Reviewer Trent Davis (Netbox Blue) Contributor/Reviewer Revision History Version Date Changes 1.0 April 2015 Initial release Related Documents Document Title Version / Date Upgrade to Enterprise Vault 11.0.1 http://www.symantec.com/page.jsp?id=upgrade-ev Netbox Blue’s Social Risk Management Capabilities and EV integration demonstration https://youtu.be/GCnckLMWC54 Page i Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Table of Contents Terminology .................................................................................................................................................. 1 Introduction.................................................................................................................................................... 1 Netbox Blue’s Social Risk Management (SRM) Platform ............................................................................. 2 Capture ...................................................................................................................................................... 2 Secure ....................................................................................................................................................... 2 Control ....................................................................................................................................................... 3 Supervise ................................................................................................................................................... 3 Archive ....................................................................................................................................................... 3 Architectural Overview of Netbox Blue’s SRM platform ................................................................................ 4 Deployment options for the Netbox Blue SRM Platform ............................................................................... 5 Microsoft Lync ........................................................................................................................................... 5 ICAP .......................................................................................................................................................... 6 Direct Proxy ............................................................................................................................................... 7 Secure Web Gateway................................................................................................................................ 8 Netbox Blue Integration with Enterprise Vault ............................................................................................ 10 Rich Metadata and Intelligent Indexing ................................................................................................... 10 Capturing Content and Enterprise Vault Ingestion .................................................................................. 11 Enterprise Vault Search ....................................................................................................................... 15 Compliance Accelerator ....................................................................................................................... 15 Discovery Accelerator .......................................................................................................................... 16 Licensing ..................................................................................................................................................... 17 Conclusion................................................................................................................................................... 17 Appendices Appendix A – Deploying the Netbox Blue SRM software Appendix B - Extensive Metadata Capture Page ii Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Terminology The following terms and abbreviations are referred to throughout this document: Term Description AD Active Directory AV Anti-virus EV Enterprise Vault ICAP Internet Content Adaptation Protocol LSI Local Software Instance – the VM itself that does the capture SRM Social Risk Management SWG Secure Web Gateway Introduction Netbox Blue is a Symantec Technology Enabled Partner and the Social Risk Management platform is certified for use with Symantec Enterprise Vault. Netbox Blue’s unique platform offers: Reliable capture of Social Media, IM, Collaboration communications and even web search requests. Active compliance to allow organizations to implement a range of innovative pre-posting security and compliance policies to ensure regulatory, workplace and cultural compliance. Archive ingestion to Symantec’s Enterprise Vault platform with full metadata and intelligent indexing to provide ease of search and discovery, as well as digital sustainability. This integration ensures that the associated Symantec tools – Discovery Accelerator, Compliance Accelerator and eDiscovery Platform (powered by Clearwell) can easily perform unified search and discovery across all content stored in the Symantec Enterprise Vault. This document describes the methods available to capture social content, the active security and compliance services offered by Netbox Blue and the ingestion of the social content to Enterprise Vault. Examples of the search and discovery and summary details on how the platforms are integrated is also included in this document. The document also describes the rich metadata and intelligent indexing that is created by the integration of Netbox Blue’s platform with Symantec Enterprise Vault. Page 1 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Netbox Blue’s Social Risk Management (SRM) Platform Netbox Blue’s SRM Platform has the ability to capture and control instant messages from public IM networks, enterprise IM networks (such as Microsoft Lync), community networks (such as Google Hangouts), as well as web and messaging networks. In addition the platform offers the ability to capture web search requests. The value in doing this is to add context to an audit or compliance review case. All of the captured content can be archived and intelligently indexed by Enterprise Vault. Messaging Category Public IM Networks Enterprise Unified Communication and Collaboration Public Social Media Google Web search Supported Platforms • AOL Instant Messenger • Google Talk and Google Hangouts • Yahoo Messenger • Microsoft Lync • Microsoft Yammer • Cisco Unified Presence (Jabber) • Facebook • Twitter • LinkedIn • Google Apps for Work (Gmail, Hangouts and Chat) • GMail • Google • Yahoo • Bing • YouTube • Wikipedia Table 1 – Platforms Supported by Netbox Blue’s Social Risk Management Platform Netbox Blue’s Social Risk Management (SRM) platform offers a wide range of features for managing and capturing messaging. These features include flexible capture methods, security, management and control as well as compliance. Even content such as saving drafts can be captured, preventing potential data leaks or unapproved content leaving the organization. The “save drafts” feature of Gmail has been used by malware as a place to interact with the command and control servers as it is normally just the completed emails that are ever captured (if at all), rather than the saved drafts. An overview of these SRM features is provided in the next section. Capture Customers can choose how to capture communications – from a proxy-based capture solution, including integrating with an existing proxy solution, endpoint capture technologies or other methods. All of these methods provide comprehensive security and risk management solutions. Secure As the use of Social Media, IM and collaboration tools increases, so do the security risks. Netbox Blue offers a broad range of security features, including: Malware scanning – detection and blocking of web borne malware Secure Access Controls for corporate social media accounts Page 2 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Identity Management – linking each communication to each staff member Prevention of vicarious liability through the addition of disclaimers Identifying rogue accounts in use within an organization that could otherwise have a far-reaching reputational impact. Control Risk-averse organizations have been managing their internet-based communication channels for email and in some cases voice and other file sharing applications for many years. As Social Media, IM and collaboration tools pervade office environments, so the controls must adapt to these otherwise uncontrolled communication channels. Netbox Blue’s platform provides a unique ability to apply pre-defined pattern matching technology on communications before they are transmitted or posted. This unique ability to apply active compliance “instream” gives organizations the ability to prevent issues occurring. In-built patterns are available, while custom policies can easily be set up. A full reporting and alerting system is included with the Social Risk Management platform to ensure breaches are recorded and supervisors notified as required. Supervise Many organizations are now looking to enable digital transformation by engaging their staff on social channels. This can improve customer service or add many new brand advocates to help promote new products or services. Netbox Blue’s platform offers the ability to hold messages that meet predefined criteria for review. This can be used to review any potentially sensitive messages that may include an executive’s name, a released product name or financially or market sensitive data such as an acquisition target. The feature offers automated workflow and logging for training purposes and all data can also be passed into the organization’s archive platform. Further supervisory capabilities are available including ethical wall establishment. Archive Netbox Blue’s platform is able to present social communications into the organization’s Enterprise Vault archive platform. Using the COM API for EV 10, and as of EV 11.0.1, through the direct SMTP ingestion method. These communications are presented in an evidentiary quality format that is digitally sustainable. Netbox Blue adds value to the data by: Passing it to the Enterprise Vault archive platform in a standard format, enabling ease of search and discovery Adding all associated metadata Time stamping each message Page 3 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Adding the unique user identity (i.e.: the AD user name, not just the user name on the social platform) De-duplicating the messages to ensure the data store remains manageable and threading communications for contextual value. Netbox Blue identifies each unique user by integrating with the organization’s Directory Services. Capitalizing on existing Secure Web Gateway authentication services, user identity is preserved through on each message, both inbound and outbound. Architectural Overview of Netbox Blue’s SRM platform The platform is deployed as a Local Software Instance (LSI) running in a virtualized (VMware) environment. This enables ease of deployment as well the ability to build on the High Availability options provided by VMware. The next section outlines the various ways the LSI can be deployed to capture the traffic. Once the traffic has been captured, it can be ingested into to EV using ether the legacy API method, or the SMTP direct ingestion method available as part of EV 11.0.1. An extension is then installed into the EV server to facilitate direct ingestion of SMTP data. When the LSI prepares the captured data for archiving, the metadata is also set using MIME headers. With the assistance of the extension, the data is correctly then indexed by EV. This means that searches can look for specific values in specific fields – providing a much richer search experience, and accelerating the time it takes to get the results that are needed. See the section “Rich Metadata and Intelligent Indexing” for more information on the values captured, and the attribute names in EV. By using the EV extension, the LSI is also able to associate each content source with an existing Retention Category. This allows for simple management of required storage, without the administrator having to manually configure each content source. The deployment of the LSI is covered in Appendix A. Page 4 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Deployment options for the Netbox Blue SRM Platform Netbox Blue's Social Risk Management Platform can be deployed within an organisation's network in four primary ways, depending on the capture requirements. More than one method can be used at a time with a single instance, allowing for different capture methods for different networks. For example, a WiFi network with BYO devices may have a different deployment method and rule set to users on corporate wired devices. This can all be one in a single instance saving on compute resources, and simplifying administration. Microsoft Lync The Netbox Blue SRM platform can capture Lync 2010 and Lync 2013 chat messages and package them in a universal format to be submitted to the Enterprise Vault Archiving service. It's role is to query the Lync archive service to extract the Lync messages, then package these messages into the correct format before sending to EV, (with all the relevant metadata information such as user identity, profile name, timestamps, etc.), to the Enterprise Vault archiving service. Note: Lync Archiving services (in addition to the core Lync services) must have a valid license and be correctly configured before this deployment role can be supported. More information can be found at technet.microsoft.com. Diagram 1 - Microsoft Lync integration with Netbox Blue's SRM and ingestion into Symantec EV Page 5 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration There are three key aspects to this deployment method: 1. Installing the Netbox Blue Lync Service, which is a service typically installed onto the Lync Archive Server. 2. The Netbox Social Risk Management Platform Local Software Instance (LSI). This is a virtual machine to which the Netbox Blue Lync Service will communicate. 3. Setting the destination server within the Netbox Blue platform for Enterprise Vault. The Netbox Blue Lync Service queries the Lync Database, and sends all the relevant chat messages to the Netbox LSI via an encrypted and secure connection. The Netbox LSI then collates the data and sends it, via secure SMTP, to the Symantec Enterprise Vault Archiving service. ICAP ICAP (Internet Content Adaptation Protocol) is a fast, reliable process where two complementary services can talk together (for example, a secure web gateway (the ICAP client) sending HTTP data to an Anti-Virus server (the ICAP server) for scanning, and then the AV server responding to the proxy with an action to take based on if it is “clean” or “infected”). ICAP is also often used by DLP servers. Most enterprise Secure Web Gateways (SWG), web proxy and caching solutions support ICAP, and can be configured to send traffic destined to specific domains to the Netbox Blue SRM Platform for further action. This mode is ideally suited to environments where the firewall is not being replaced and the Netbox Blue SRM platform is being implemented to work with an existing web proxy that is performing HTTPS inspection. In ICAP mode the Netbox Blue Platform is configured to sit behind the existing firewall and is connected to a SWG with a standards-based ICAP connection. The SWG is then configured to pass traffic to the Netbox Blue Platform, which then performs pattern matching analysis and rules on this data stream. The Netbox Blue platform then makes a determination on Page 6 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration this information and passes allowed traffic back to the SWG, or returns a denied message within the platform interface. Diagram 2 - Netbox Blue's SRM ICAP integration with an existing Secure Web Gateway showing the active compliance and ingestion to Symantec EV Direct Proxy Direct proxy or “Explicit Proxy” is typically used within organisations that do not already have a direct proxy configuration (such as when no web filtering is in place). Web traffic is redirected to the Netbox Blue Platform, usually via a proxy.pac file that can be pushed out to a select group of users via a Group Policy. Furthermore, the .pac file can be configured to send traffic to those sites you're specifically interested in (e.g., *.twitter.com, *.aim.com) to the Netbox, where all other traffic goes out directly through the firewall. Netbox Blue can help customise a suitable proxy automatic configuration file for you as part of the implementation process. Page 7 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Diagram 3 – Netbox Blue’s Direct Proxy showing the active compliance and ingestion to Symantec EV Secure Web Gateway A secure web gateway deployment means the Netbox Blue platform becomes a gateway for one or more networks. In essence, the Netbox Blue platform is now a router, with at least two network interfaces, each of which sits in a different subnet. Traffic will flow through it courtesy of network routing - be that either default/static routing, or Policy Based Routing. This method is more complex to integrate into an existing network and therefore consultation with Netbox Blue engineers should be conducted before any plan is agreed upon. This gives the ability for the organisation to leverage the other technologies Netbox Blue provides such as user identification, web filtering and virus scanning as part of an integrated solution. Page 8 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Diagram 4 - Netbox Blue’s Secure Web Gateway showing the active compliance and ingestion to Symantec EV Page 9 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Netbox Blue Integration with Enterprise Vault Content can be ingested directly into Enterprise Vault using the new SMTP ingestion method provided as part of version 11.0.1 and later. Using the Netbox Blue EV extension, the extensive metadata provided by the Netbox Blue capture solution can be surfaced in EV and accompanying solutions, including Compliance Accelerator, Discovery Accelerator and eDiscovery Platform1. The data flow from capture to ingestion is shown is this diagram: Diagram 5 - Data flow from capture to ingestion Rich Metadata and Intelligent Indexing Once the captured data is ingested into EV, a number of additional attributes are available on each message from the Netbox Blue LSI. By having all of the metadata in their own attributes in EV, it makes the searching and retrieval of data much faster and easier. For example, rather than having to know the profile name of a user, they can be searched by their AD username. This will retrieve not only their corporate email, but also all their interactions with the various social platforms. This covers both incoming and outgoing user generated content. Additionally, having the metadata attributes available, the filter can then easily be narrowed to just one platform, and even a direction. For example a single search could cover all of Bob’s outgoing IM conversations where NBB was mentioned on Google Hangouts. As the search is done on the metadata, it is quick and easy to create the search, and it will return reliable results. Traditional solutions (if there was any capture of social media), would not tie the interactions back to an AD user, nor would it have the metadata available as their own attributes. So a filter by “Google” would pick up all messages that mentioned Google anywhere in the body. 1 At the time of publishing this document eDiscovery Platform support for search SMTP data was still pending. Full support for searching SMTP data will be added to version 8.1.1 of eDiscovery Platform. Page 10 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Some of the metadata captured includes: Search attribute name EVSP.OriginalLocation Display name Reference URL EVSP.CreatedDate First time EVSP.ModifiedDate Edit times EVSP.CreatedBy User EVSP.ModifiedBy Editors NBB.Usernames Organisational Users Thread ID NBB.ThreadID Description List of original web locations, such as links to the user profiles of those who have participated in a Facebook post Local time for the scanned user, when the first contribution to an item of social content was made. For example, the date a search was performed, or, the date of the first post in a discussion. Local times for the scanned user, when each contribution to an item of social content was made. For example, a list of date-times for each post in a discussion, starting with the creation time. The organisation user that read a thread, first posted in a thread, or that performed some search or status update, etc. All users that posted to a thread or participated in a discussion in some way (whether they are organisation users or not). A list of users involved in a social item that belong to the organisation being archived (e.g., Active Directory users). Netbox identifier for an archived item Table 2 - Metadata search attributes sent to Symantec EV The full mapping of available attributes and their meaning is available on the LSI in the online help. The online help is updated as new metadata becomes available. Capturing Content and Enterprise Vault Ingestion The EV extension provides the ability to automatically configure archives and archive types for the different platforms and content providers. The following screen shot shows the Netbox extension installed into Symantec Enterprise Vault. Page 11 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Diagram 6 - Screen shot of the installed Symantec EV extension The Extension is configured using a local web interface, loaded from the extension using the Manage button. The web configuration, shown below, connects the EV Extension to the Netbox Blue LSI. Diagram 7 - Screen shot of the local extension configuration screen Page 12 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Once connected to the LSI, the capture options and the archives used for each content type are configured on the LSI web interface. These configuration options include the SMTP ingestion address of the EV server (note: this is the direct SMTP ingestion address of the server, not a journal mailbox), the content to be captured (based on group membership, platform, inbound/outbound, time of day and even content patterns) and setting the policies for which communication platform(s) should go to which archive. The retention category can also be configured based on the platform. A suggested configuration can be provided, and this will automatically create all of the archive types and archives in EV, greatly simplifying the deployment process. The available archive categories are extracted directly from the EV instance, allowing for complete flexibility in the available options. An example configuration is shown below. Page 13 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Diagram 8 - Screen shot of the Netbox Blue SRM configuration user interface for Enterprise Vault integration Once the EV Extension is installed and connected to the Netbox Blue LSI and enabled, the archive types and archives will automatically be created and configured. This process is completely automated. Captured data is then submitted to EV on a scheduled basis (once a day in the example above but it can be as frequently as every 30 minutes). Page 14 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Enterprise Vault Search The process to search by each of these attributes depends on the tool selected. Below is a simple search in Enterprise Vault Search, showing the additional metadata in the last column. Diagram 9 - Screen shot of a search in Symantec EV, showing some of the additional metadata Compliance Accelerator The additional metadata can also be accessed in Compliance Accelerator. The screen shot below shows the type of the message highlighted as “social”, shown in the History tab that exposes these additional attributes. Page 15 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Diagram 10 - Screen shot of a search in Compliance Accelerator, showing some of the additional metadata Discovery Accelerator The filter creation in Discovery Accelerator is shown in the following image. This is filtering by a specific AD user (irrespective of social media profile used), and filtering to just searches that have been made. Discovery Accelerator makes searching by additional attributes very easy in the search creation user interface. Page 16 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Diagram 11 - Screen shot of Symantec Discovery Accelerator showing searching by the additional metadata Licensing The Netbox Blue Service requires a subscription license for each user that is being supported by the services. This license is charged based on the platforms being captured and the range of services required. Please contact Netbox Blue for more details: http://netboxblue.com/webform/implementation-checklist. Conclusion Netbox Blue provides flexible solutions to help organizations control and capture activities by employees on public and corporate IM networks and corporate collaboration networks as well as social media networks such as Facebook, Twitter, and LinkedIn. Captured content can be automatically archived into Enterprise Vault. The archived content can then be searched by Compliance Accelerator, Discovery Accelerator and eDiscovery Platform. This allows organizations to provide a more complete picture of their environment when the need for eDiscovery arises by not only being able to search mail and file archives, but also have the ability to search against instant messages and social media networks. Page 17 Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration APPENDIX A - Deploying the Netbox Blue SRM software platform This document outlines the prerequisites and basic steps to install the Netbox image into VMware. This will get the core OS installed. A license key and download link will be provided upon request. This same process is followed for all instances of the Netbox appliance, the registration key then activates and installs the relevant components for your installation. Minimum System (for testing) The guest OS must have at least the following (this is suitable for a testing environment): RAM: 4GB Storage: 20GB SCSI drive Network: 2x Ethernet connections (VMXNET 3) VMware version: ESX/ESXi v5.0 or later (with 64-bit guest support) Recommended System (for production) This system is the recommended system for the Netbox Blue software (note: this will vary depending on the number of users of the system, following is for around 100 users.): RAM: 8Gb Storage: 100GB SCSI drive Network: 2x Ethernet adaptors (VMXNET 3) Unsupported Configurations Items that are not supported and/or will not work with the Netbox Blue software. IDE drives Supported Extras (additional users) Additional resources will be required for more users. The following items may be added to the VMware system and will be supported by the Netbox Blue software. Note that some items may require activation by Netbox Blue or an update initiated via the user interface. Additional memory, the maximum memory supported is 64GB Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Additional storage, up to 2TB is supported o An additional 2TB disk is supported for the Content Acceleration Platform Additional Ethernet adapters Additional CPU's, up to 8 As a rule of thumb, for every 100 users, an additional 2GB of RAM and 50GB of storage should be allocated. An extra CPU core should also be added per 200 users. Important Notes on Creating the Guest Environment Following are the options for creating the recommended guest environment for the Netbox Blue software: Create a new VM Start with a typical configuration, for Linux, Red Hat Enterprise Linux 5 (64-bit) Add 2 NIC's (the first is the LAN connection, the second the Internet connection), these should be “VMXNET 3” Create a disk with the required amount of storage (this should be at least 20GB, but typically much larger) Adjust the RAM to what is desired Add additional processors if desired The ISO image may also be connected to the “New CD/DVD” device, ensure “Connect at power on” is selected Powering the System On and Off As VMware Tools are automatically installed once the system is activated, the system can be powered down gracefully using the standard VMware options. Installing the Netbox Software To install the Netbox software, connect the ISO image to the virtual CD-ROM drive after creating the VM. The VM should then boot from the CD and start the install process. Note: There may be errors and alerts during the boot process. This is normal as drivers and services for all configurations are tested during the boot sequence. Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Once installation is complete, the CD-ROM drive is not required, and can be removed from the VM configuration if desired Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration APPENDIX B – Extensive Metadata Capture Netbox Blue's Social Risk Management (SRM) solution has the ability to capture social and IM messages and send them to Symantec Enterprise Vault in a native format. Capturing extensive metadata allows for much faster eDiscovery and retrieval at the time you need it – in the case of an incident. The available metadata and auxiliary data the solution can capture for each "message" includes: Message ID: A unique identifier for the specific message, be that a post, IM or a search. Message ID's are the same for the same post both incoming and outgoing. This provides the ability to correlate when a message was sent, and when it was read. Thread ID: An identifier for a conversation stream. This provides a way to quickly identify what a specific message by viewing it in the full context of the communication. With out it a single line IM would likely have little meaning. Parent ID: In the case of a comment for example on a post, this provides a reference as to what message this was in response to, allowing the look and feel of the original conversation to be reconstructed. IP Address: The IP address of the user sending or receiving the content when this was captured. This helps to identify the device a specific post was made from or consumed on. Received Time: The time with the message was captured by the solution, but before it has been pushed to the archive queue. Depending on deployment, this is normally a few seconds before Queued Time. Queued Time: This is the time the message was made available in the archive queue. Depending on the archive provider this may be pushed in near real time, or queued up and sent as a batch on a regular interval. Sent Time: The time the platform reports when the message was sent in the case of incoming messages. This is the time it was captured in the case of outgoing messages. Source: How the message was captured, it could be from a plug-in app in the platform, real time via ICAP or via our secure web gateway. User ID: This is the Active Directory (or other directory server if configured) identifier of the user making a specific post or read. This allows tracking of the source of a message to an individual in the organization, not just to a social account. It becomes even more relevant when there are many users Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration interacting with an organization’s public social media assets, as everyone typically would log in with the same social account. Without this metadata, identifying the individual who actually made a post is not possible. User Email: Linking back to the User ID, the users internal email address is also recorded. This simplifies searches across all platforms in the archive as when searching for an email address, not only will emails be returned, but also all social and IM interactions in a single view. Application: The application to which a specific message relates to, this could be Twitter, LinkedIn, Google etc. Services: Messages are grouped into a number of services across all of the applications. This again allows for easy searching, for example fining all chat messages for a user, or searches that were done. Actions: For each Service, there is an action that can be taken, the most common ones are send and receive, but things such as accept friend request, safe draft and the like can also be captured. Recipients: All of the recipients of a message, where applicable, are captured. These are the recipients on the social platform. The metadata captured of each of these can include: Social Media display name Profile URL Email address (used on the social platform) Sender: The same metadata on the Senders an the Recipients is also captured. Bodies: The full body of the post is captured, if it is not just plain text, the HTML representation (or other format if applicable) is also captured. Subject: For items where there is a subject, such as web mail, this is captured. Events: If Netbox Blue's governance enforcement module is activated, and a policy is triggered, this is recorded. This includes additional metadata such as the policy that was matched, if the message was blocked or held for moderation, and if an alert was sent. Tags: Any additional metadata that does not have a specific field and specific to a platform or service, this can include things such as geolocation information, dates etc. Groups: For platforms that support the creation of groups (for example Yammer), the information about the group is captured, which can include: Enterprise Vault Whitepaper – Netbox Blue and Enterprise Vault Integration Status: Such as public of private URL: The public URL to access this group ID: A unique identifier for the group Name: The name of the group that is displayed to the user. Attachments: Attachments can also be captured, including images, videos and documents. Where possible additional data is also captured including: Name: The original name of the attachment Size URL: If a public URL is available, this is included Content Type: The MIME type of the attachment, such as "image/jpeg" Content ID: If required, to link it back to the body of the message, such as an image in an email coming in via webmail. About Symantec: Symantec is a global leader in providing security, storage, and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. Headquartered in Mountain View, Calif., Symantec has operations in 40 countries. More information is available at www.symantec.com. About Netbox Blue: Since 1999 Netbox Blue has been a leading provider of network security and content filtering solutions. Netbox Blue is also now a leading provider of Social Risk Management solutions. This patented technology was launched in 2008 and since then Netbox Blue has built a global reputation for innovation and reliability. Netbox Blue was recognized by Gartner as a ‘Cool Vendor’, with specific relevance to the Archive and eDiscovery market. Headquartered in Australia, Netbox Blue can be contacted at [email protected] or via www.netboxblue.com Copyright © 2015 Symantec Corporation. All rights reserved. Veritas and the Veritas Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. Symantec Corporation For specific country offices and contact numbers, please visit our Web site: www.symantec.com World Headquarters 350 Ellis Street Mountain View, CA 94043 USA +1 (650) 527 8000 +1 (800) 721 3934 This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.