Solar Dozor Review & Alternatives

Solar Dozor is a data loss prevention (DLP) system that operates a user and entity behavior analytics (UEBA) strategy to spot insider threats, account takeovers, and hacker intrusion. The DLP market is well supplied with some very well-known brands. However, solar isn’t one of those companies that is heard about much compared to Symantec, SolarWinds, or ManageEngine. This is because Solar Security is a Russian company.

About Solar Systems

Based in Moscow, Solar Security first released Solar Dozor in 2015. The product began life as version 6.0. This is because it was just a rebranding of an earlier system, called Watch Jet, which had reached version 5.0.4. The current version of Solar Dozor is 7.4, which was released in June 2021.

Solar Security was sold to Rostelecom in May 2018 and became a wholly-owned subsidiary called Rostelecom-Solar.

Rostelecom runs Russia’s leading telephone system. This was the state-owned provider, but it was privatized in 1993. The company is still 45 percent owned by the Russian state. Initially, it was responsible for long-distance and international call carrying. However, the Rostelecom business became an umbrella for all state-owned telecommunications operations, including 20 regional telecoms providers.

The buyout of Solar Security enabled Rostelecom to create a cybersecurity division. Other Rostelecom divisions provide cable TV, mobile telephony, and Broadband Internet.

Solar Dozor isn’t the only product of Rostelecom-Solar. The business also markets a static applications security testing system called Solar APPscreener. The APPscreener system is intended for use by Web application developers. It scours code for errors, and it can be integrated into project management tools and issue trackers in a CI/CD pipeline.

Rostelecom-Solar also runs a security operations center called Solar JSOC. This offers managed security services.

As should be expected, the majority of Rostelecom-Solar’s customers are in Russia. The broad client base of Rostelecom’s landline services makes it easy for the cybersecurity business to market its software within the country. The second-largest market of the company lies with other Russian-speaking nations, such as Belarus.

Not many of the Rostelecom-Solar operators speak English. As a result, many of the websites for their products are automatically translated from Russian. The reliance on an easy-to-access Russian business community through the Rostelecom client list also means that the marketing department of Rostelecom-Solar is not as agile as those of significant cybersecurity providers in the Anglosphere and EU nations. These factors explain why you probably haven’t heard of Solar Dozor.

What does Solar Dozor do?

Solar Dozor performs the classic functions of a data loss prevention system. That means it tracks user activity and controls data access. The system uses user and entity behavior analytics (UEBA) on a site-wide basis, collating the activity patterns of each user account and endpoint or IP address.

The UEBA approach is a hallmark of what is termed “next-generation” cybersecurity products. This strategy removes the need to maintain a signature database for malware or traffic patterns. Another benefit of UEBA is removing the “one size fits all” approach of off-the-shelf software packages. By using AI methods, each implementation tailors to the standards of behavior practiced on each site. Normal behavior can vary from business to business and between user types. UEBA removes the old problem of the cybersecurity software blocking regular activity.

UEBA keeps operating all through the service life of Solar Dozor, so its activity baseline is constantly being fine-tuned. The service watches out for sudden changes in the patterns of activity of an account or endpoint. This could indicate an account takeover or an insider threat, and it triggers full activity tracking that can quickly identify malicious behavior.

All system-generated records are stored for analysis, so once a compromised account is identified, the system can track back through all of the events related to that account and spot when the unusual activity began. In addition, further research can reveal all of the data stores accessed by that account while it was compromised.

Solar Dozor protects personal information (PII), financial data, intellectual property, and trade secrets.

Modules

Solar Dozor has six elements:

• A server
• An endpoint agent
• A mail server connector
• A file crawler
• A traffic agent
• A Web proxy

The Solar Dozor server receives reports from the other five modules.

Solar Dozor Server

This is the central data processing unit of the Solar Dozor system. It received reports from the other modules and used them as input to the UEBA function. At the same time, the service looks for outliers in activity events and marks them as anomalies. This triggers a deeper investigation through records of all of the activities of that user account or endpoint address. Detection of malicious behavior raises an alert.

Solar Dozor Endpoint Agent

The agent is installed on each of the endpoints to be enrolled in the security monitoring program. It coordinates all activities on each device, gathering intel on contents and running processes. Together with records of the user accounts that perform each action, this information gets sent over the network to the Solar Dozor Server.

The endpoint agent also controls actions on data exfiltration points, such as removable storage, print jobs, the clipboard, and instant messaging systems. For example, the service can block the transfer of data that has been classified as sensitive.

Solar Dozor Mail Server Connector

As its name suggests, this module controls data movements through email. It can interact with a list of SMTP-based email systems, including Microsoft Exchange Server and CommuniGate Pro. Security policies that specify the users allowed to move data can be refined down to the type of data they can send and the correspondents they can send that data to. This tool can scan through the bodies of emails and also attachments.

Solar Dozor File Crawler

This module operates centrally but communicates with endpoint agents to scan for data stores, identifying instances of sensitive data. The file crawler notes those locations, effectively tagging the sensitive data to enable access and usage tracking. Each access event is logged and fed through to the Solar Dozor Server to provide part of the pool of intelligence.

Solar Dozor Traffic Agent

This packet sniffer scans through passing traffic, performing deep packet inspection to document source, destination, and protocol. Although the payload contents are usually encrypted, information about traffic volumes for specific endpoints can be enlightening if that endpoint is known to hold protected data.

Reports from the Traffic Agent get sent to the Solar Dozor Server for correlation with endpoint logs. This enables the system to hone in on the relationship between data access, software activation, and protocol traffic.

Solar Dozor Web Proxy

The Web proxy focuses on incoming and outgoing internet traffic. This system would sit behind a load balancer, so it would need to be installed on each host of a Web server. It logs all activity according to the responsible user account and originating endpoint address for traffic.  As well as examining traffic, this unit can block data movements.

Implementation

Solar Dozor is implemented as on-premises software. All elements are available to be hosted on Linux or Windows/Windows Server. There is no mention of macOS in the system spec.

The Solar Dozor system can interact with other security and monitoring systems and exchange data. The central server will also archive all of the data pool that it works on for compliance auditing.

The types of systems that Solar Dozor can work with include:

• Security Information and Event Management (SIEM)
• Business Intelligence (BI)
• Mobile Device Management (MDM)
• System and Network Management

Linking these systems together provides greater visibility for all data activities.

Pricing

As Rostelecom-Solar doesn’t prioritize an external market, the company’s marketing department doesn’t compete well with major Western systems in sales techniques. This extends to the availability of a free trial or a demo system – neither exists.

The company doesn’t publish its price list or even present a channel for direct contact with the Sales Department. Instead, the buyer journey begins by contacting the company’s general inquiry service, either through a Web form or email.

Strengths and Weaknesses

The qualities of Solar Dozor are impressive. However, the details of how the system implements its security controls are not very well explained on the Rostelecom-Solar website. There is also no specific mention of any data privacy standards that the service conforms to. In the absence of positive declarations, it must be assumed that the system, being geared towards Russian-based clients, is not planned for conformance with standards such as GDPR, HIPAA., or PCI DSS.

Here is our assessment of the Solar Dozor DLP.

Alternatives to Solar Dozor

Russian businesses that aren’t well catered for by the worldwide cybersecurity software market will probably be pleased with the Solar Dozor DLP service. But, unfortunately, many big brands don’t have Russian-speaking staff for sales or support, which means that Russian enterprises don’t have much choice regarding the vitally important purchase of system security software.

The rest of the world has more options, and there are some excellent DLP systems available.

We have identified a good set of data loss prevention options with this set of criteria in mind.

Here is our list of the five best alternatives to Solar Dozor:

1. ManageEngine Endpoint DLP Plus (FREE TRIAL) A data loss prevention package that performs sensitive data discovery and classification. File protection is implemented with containerization and all data exfiltration points are scanned for unauthorized data transfers. This system also logs data-linked activity for compliance reporting. The package runs on Windows Server and you can get the Free edition to control data on 25 endpoints. The paid edition, called Professional, is available for a 30-day free trial.
2. Endpoint Protector This data loss prevention system includes a discovery and classification system for PII, credit card data, PHI, and intellectual property. It offers endpoint agents for Windows, macOS, and Linux, while the central server has several deployment options. Other services include file activity tracking and data movement control. This service is offered as a SaaS platform or as a service on AWS, GCP, and Azure. It is also possible to install it on site as a virtual appliance.
3. Digital Guardian DLP This is a cloud-based service that installs agents on-site for data collection and control implementation. It includes data discovery and classification service that scans for PII and intellectual property. Data exfiltration controls extend to peripheral devices, printers, faxes, file transfer systems, messaging services, and emails. Endpoint agents are available for Windows, macOS, and Linux.
4. Teramind DLP This SaaS platform enforces compliance with GDPR, PCI DSS, HIPAA, and ISO 27001. The service can identify data-stores on any site plus cloud platforms and unify data control in all of these locations. Scans can deploy OCR to spot sensitive data instances in digital documents and images. This tool provides user tracking to detect insider threats and account takeover, and it also controls data movements.
5. McAfee Total Protection for DLP This is a service from one of the best-known brands in cybersecurity. It includes data discovery and classification service that feeds through to a combined DLP and SIEM service. This tool has endpoint agents for Windows and macOS but not for Linux. The server software installs on Windows Server, or it can run as a virtual appliance.