1. What is CWAT?
CWAT is a host-based information security solution that constantly monitors and prevents information extrusion from client PCs.

2. Why is CWAT necessary?
Information leaks from organizational insiders are a constant threat, whether originating from malicious attacks or simple human error. The effects of information loss are wide-reaching, impacting every stakeholder either directly or indirectly. By monitoring PC operations and preventing .the leakage of sensitive information, CWAT protects a valuable asset, and helps organizations comply with government and industry regulations and maintain stakeholder trust.

3. How does CWAT prevent information extrusion?
CWAT monitors all operations on client PCs and blocks specific PC operations based on fully customizable security policies. Incidents of improper PC use are alerted to managers or security personnel in real-time, and comprehensive logs provide organizations with the information they need to identify acts of wrongdoing.

4. How is CWAT managed?
CWAT is managed centrally by accessing the server from anywhere on the connected network using Internet Explorer. From the CWAT console, administrators can manage nodes and users, enforce security policies, view logs of all PC operations and create monthly security reports.

5. Does CWAT monitor in real-time?
Yes. The CWAT client module, OPDC, constantly monitors PC operations and blocks prohibited actions in real-time in accordance with security policies. Violations of security policies are also reported to the monitoring server in real-time, and can be notified to administrators via email.

6. Are PC operations monitored when the PC is disconnected from the server?
Yes. The CWAT client software, OPDC, is installed on all PCs and updates security policy information automatically when connected to the server. When a PC is disconnected from the server, OPDC continues to enforce the most recent security policies. Any alerts that are generated while the PC is disconnected will be reported to the server when the connection is re-established. It is even possible to enforce different security policies to PCs when they are disconnected

1. What is the OM?
The Organization Monitor, or OM, is a web-based management server that provides centralized management and monitoring of PCs and users. Administrators access the OM using their web browser to implement and maintain security policies, view client PC logs, generate monthly security reports, and manage other CWAT settings. The OM user interface can be viewed in English, Spanish, French, Japanese, Korean and Chinese (traditional and simplified).

2. What is the OPDC?
The Operation Defense Controller, or OPDC, is the CWAT client module that is installed on all client PCs. OPDC monitors and automatically blocks prohibited operations on client PCs in accordance with security policies, alerts policy violations to the server, records logs of all PC operations, and monitors the status of client PCs and logged-on users. OPDC Pro also provides encryption management of important information on client PCs.

3. What is the difference between OPDC Pro and OPDC Standard?
OPDC Pro incorporates an encryption feature in addition to all the features of OPDC Standard.

4. What is the EUDC?
The Extended Unknown Terminal Defense Controller, or EUDC, is an optional client module that monitors the internal network for the connection of unauthorized PCs and disconnects them, denying access to internal company resources.

5. What is LE?
Log Exporter, or LE, is an optional tool that can be used to export logs en masse to a CSV file for analysis using other software.

1. How is a CWAT system structured?
The OPDC is installed on all client PCs and connected to the OM server via the internal network. In larger environments, the inner components of the OM server can be divided amongst multiple servers in order to distribute the load borne by the server and to reduce network traffic. In even larger environments, multiple OM servers can be installed and connected together to a single database.
The EUDC option is installed on client PCs alongside the OPDC, but it is not necessary to install it on every client PC. LE is installed on the OM server machine.

2. How many PCs can be managed by a single implementation of CWAT?
A single OM server can manage up to approximately 5000 client PCs, depending on various conditions, but multiple OM servers can be linked together to a single database to accommodate larger networks. The maximum number of client PCs that can be managed by a single database will depend on the database server's specifications. Please contact us for more information.

3. Our company has offices in various locations. Can all of these locations be monitored and controlled centrally?
Yes. As long as each location can connect to the central server (via a VPN, for example), they can all be monitored and controlled centrally.

4. What are the system requirements of CWAT?
Click here to view the CWAT system requirements.

5. Our company's PCs do not connect to a domain. Can we still use CWAT?
Yes. Use of a domain is not a requirement for implementing CWAT.

1. How are PCs and users managed?
PCs are managed by their MAC address and users are managed by their Windows logon IDs. Both PCs and users can be grouped in multiple ways to allow for easy implementation and management of security policies.

• Bus device policies
• Logon Policies
• Disk device policies
• Write to removable media policies
• CWAT CD/DVD Writing Tool policies
• File policies
• Print policies
• Application policies
• Mail policies
• Web policies
• Messenger policies
• Active window policies
• Clipboard policies
• Keystroke policies
• Unauthorized node policies (requires EUDC option)

2. How are security policies targeted?
Security policies can be targeted to either PCs, users or both. It is possible to apply policies to all PCs or users at once, to freely-defined groups of PCs and users, or to individual PCs and users

1. What kind of logging capabilities does CWAT have?
CWAT collects two types of logs - Alert Logs and Audit Logs. Alert logs are primarily logs of actions that violate explicitly defined security policies. These are sent to the monitoring server in real-time, and can also be alerted to administrators via email. Audit logs are logs of all PC operations, and are stored on client PCs initially before being uploaded to the central database periodically.

2. What are the advantages of having two different types of logs?
Dividing logs into two types makes it easier to find the ones you are looking for. Audit logs provide a record of all operations allowing for in-depth forensic investigating, but they simply provide too much information for day-to-day monitoring. Alert logs, however, are only generated for operations explicitly defined by policies, making them quick and easy to navigate, and drawing your attention to the events that matter.

3. Where are Alert logs and Audit logs stored?
Alert logs - When connected to the server, Alert logs are sent to the OM server in real-time and stored there. When disconnected from the server, Alert logs are stored temporarily on the PC and then sent to OM server when a connection is re-established.
Audit logs - Audit logs are stored on client PCs and uploaded to the OM server periodically (usually once per day) to be stored in the database.