NetClean ProActive detects child sexual abuse material on work computers
ProActive works similar to anti-virus software, by finding images and videos that law enforcement have classified as child sexual abuse material. Detection is key. When material is identified, it is possible to find and rescue children.
End point protection using advanced detection methods such as PhotoDNA.
Real content detection – CSAM is detected regardless of source.
High performance and small footprint – No performance degradation.
Scalable on-premise solution made for global distribution.
Designed to detect child sexual abuse material
Thanks to our technology and collaboration with law enforcement, NetClean ProActive detects actual content, instead of blocking an entire URL or specific file name, like traditional filter solutions do.
As a large proportion of material is not stored on the open web, and since file names can easily be changed, detecting the actual image or video is a much more efficient way of tackling the problem.
A centrally managed software system
The NetClean ProActive system consists of two parts;
protection and management.
The end point protection consists of NetClean ProActive Computer Agents; software agents that can be installed on both workstations and servers. Computer agents are installed as a service and run in the background. It searches in real time, the local computer, on network drives and any removable drives. The types of drives that should be searched is configurable. The inspected images are matched with a signature database (a database consisting of digital fingerprints), with minimal impact on performance.
The computer agent can be installed on Windows, Mac or Linux operating systems.
The agents are managed by the NetClean ProActive Management Server, which receives incident reports and holds all settings and configurations. It is important that the NMS runs continuously in order for it to receive incident reports and send notifications. In the event of an incident, ProActive will only send information about the incident to the designated contacts within the company. ProActive does not send information outside of the company.
If an incident occurs, the designated contact within the organisation is notified via a text message or an e-mail. This means that those responsible do not need to continually supervise the system; alerts indicate when an incident has occurred.
ProActive user workflow
Frequently asked questions
Law enforcement tools aside, there are a number of technologies available that are used today to address the problem; such as crawlers, blocking technologies, filter technologies, artificial intelligence, robust hashing technologies and binary hashing technologies. These technologies all have strengths and limitations, depending on the context in which they are used.
More information on the different technologies and how they work is gathered here.
Filter technologies are primarily used to manage security threats such as business intelligence, service disruptions, ransomware, fishing etc. While they can also be used to block websites known to contain child sexual abuse material, they have several weaknesses in the context of blocking child sexual abuse material. Firstly, they are only as effective as the intelligence put into the solutions – the lists of domains or URL:s known to contain harmful material. Keeping these lists up to date requires a lot of work and continuous updates and as the primary focus of these solutions are on other types of threats, child sexual abuse material unfortunately comes far down the list. The other weakness is that they only block known URL:s or domain names, thus missing all other ways of distributing the material (such as P2P, darknet, social media platforms or when someone uses a USB stick to access the material). Therefore, although using web filters is helpful, it is not enough and does not protect the organisation and its assets against child sexual abuse material.
In addition to using filter solutions, businesses can install NetClean ProActive designed to specifically detect child sexual abuse material on work computers. The software works similarly to an antivirus programme, but instead detects when child sexual abuse material is handled on a work computer. To identify the images, hashing technology is used. When law enforcement investigates child sexual abuse cases, they produce a hash, a unique ‘digital fingerprint’, of each image. These hashes are then added to a database, which allows the software to match against images handled on the work computer. This means that NetClean ProActive only detects child sexual abuse material that has been classified by law enforcement. At detection, an alert is sent to designated persons within the organisation (business or public sector organisation) who handle the incident and report to police.
NetClean collaborates with law enforcement authorities who classify images and videos as illegal. In this process, a digital fingerprint is calculated from every image and video, and these digital fingerprints are added to our signature database. The database makes it possible for ProActive to detect the actual illegal content, instead of blocking an entire URL or specific file names. This means that as soon as someone downloads, opens, moves or in any way handles a suspicious file, NetClean ProActive sends a notification, matching against our database also ensures that nothing but child sexual abuse material is detected and reported, which means that ProActive will not detect family pictures from the beach etc.
No, ProActive only match against material classified as child sexual abuse by law enforcement, this ensures that nothing, but child sexual abuse material is detected and reported. ProActive will not detect family pictures from the beach etc.
In case of an incident (when a suspicious image is detected), the designated person(s) receives an Incident Report.
The report can contain;
- type of agent
- computer name
- DNS name
MAC addresses, in which domain and in which country the computer is located
When an incident occurs, the designated person(s) within the organisation is notified via a text message or an e-mail. This means that those responsible do not need to continually supervise the system; alerts indicate when an incident has occurred. It is important that the NMS runs continuously in order to receive incident reports and send notifications. In the event of an incident, ProActive will only send information about it to the designated contacts within the company, no information leaves the company automatically.
(It is important that the NMS runs continuously in order to receive incident reports and send notifications.)