Digital Guardian: Product Overview and Insight

Digital Guardian’s DLP technology now extends into a broader awareness of threats, combined with the forensic artifact collection required to fully assess the risk to customers’ sensitive data.

Digital.Guardian.PO-2

eWEEK has started a new IT products and services section that encompasses most of the categories that we cover on our site. In it, we will spotlight the leaders in each sector, which include enterprise software, hardware, security, on-premises-based systems and cloud services. We also will add promising new companies as they come into the market.

Company Name: Digital Guardian (data loss prevention). [Editor's note: This was updated on July 5, 2018, to include much more detail about DG's products and services.]

Company description: Founded in 2003 as Verdasys and rebranded in 2014, Digital Guardian is a privately held company headquartered in Waltham, Mass.

Evolving past its original products in traditional data loss prevention (DLP), Digital Guardian’s technology now extends into a much broader awareness of threats, combined with the forensic artifact collection required to fully assess the risk to customers’ sensitive data. By combining DLP with endpoint detection and response (EDR), Digital Guardian’s deep data visibility provides CISOs, information security analysts, incident responders, and threat hunters with the context required to identify, prioritize, and remediate threats to sensitive data faster and more efficiently.

Digital Guardian relies on comprehensive visibility, real time analytics, and flexible controls to see, understand, and prevent data loss or theft from insider and outsider threats.

Ken Levine has been Digital Guardian’s president and CEO since 2014. He previously served as SVP and General Manager at McAfee, where he was responsible for strategic direction of the Security Management Business Unit. He joined McAfee through their 2011 acquisition of NitroSecurity, a developer of security information and event management (SIEM) tools, where he was CEO and chairman.

Levine also was a key member of the startup team at Cabletron Systems, where he spent 15 years as Executive Vice President of Sales, growing annual revenue from under $1 million to nearly $2 billion.

Markets:  Digital Guardian’s key markets include North America, Europe and APAC. Digital Guardian serves customers in a broad range of industries, including intellectual property-heavy industries such as manufacturing and pharmaceutical, but the company also serves heavily regulated industries, such as financial services and health care.

International Operations:  Waltham, Mass.; London; Tokyo; Hyderabad, India

Product and Services: Digital Guardian’s Data Protection Platform integrates data loss prevention with endpoint detection and response technology into one agent and one console, allowing security professionals to monitor endpoint and network events at the system, user, and data level, be alerted if a malicious process is detected, and have confidence that sensitive data, under strict access controls, is protected.

Product Description: The DG Data Protection Platform detects threats and stops data exfiltration from both well-meaning and malicious insiders as well as external adversaries. By converging data loss prevention (DLP) and endpoint detection and response (EDR), security teams have one less endpoint agent to manage and one less console to monitor. The platform puts the most sensitive information assets at the center of all data protection, activity monitoring, as well as threat prevention, detection, and response activities.

The DG Data Protection Platform has four main components:

DG Analytics and Reporting Cloud (ARC)­:  Uses streaming data from Digital Guardian endpoint agents and network sensors to provide the deepest visibility into system, user, and data events. That visibility powers security analyst-approved dashboards and workspaces to enable data loss prevention and endpoint detection and response ­– all within the same console.

DG Endpoint Agent: Captures and records all system, user, and data events on or off the network. Security teams can configure the agent to automatically block suspicious insider activity or external attacks – malware and malware-free ­– before sensitive data is lost. With its broad DLP coverage, the agent protects data regardless of the operating system in use.

DG Network Appliance: This network appliance is designed to protect data at rest and data in motion with minimal overhead. It classifies, monitors, and controls sensitive data across networks, storage repositories, databases, and cloud applications like Office 365. The DG Network Appliance relies on the company’s Database Record Matching fingerprinting technology that is the most accurate for identifying and controlling personal information – thereby minimizing false positives and false negatives.

DG Management Console:  The web-based console for setting up the platform, configuring and deploying agents, and creating and managing policies, alerts, and reports.

Key Features:

DG Data Discovery: Provides visibility and auditing of sensitive data at rest across the enterprise and into the cloud. The appliance uses automatic, configurable scanning of local, network shares, and cloud storage using discovery-specific inspection policies to find sensitive data – wherever it is located. Pre-configured templates speed discovery of PHI, PCI, and PII data while customized templates deliver flexibility for other data types and emerging regulations. Upon discovery scan completion, administrators and managers receive a detailed list and location of the files that violate specific policies. If certain file(s) violated a policy and based on assigned action (delete, encrypt, quarantine) a file marker will be automatically left with policy violations details.

DG Data Classification:  Automatically locates and identifies sensitive data, then applies labels to classify and determine how the data is handled. Complementary data classification solutions available range from automated content- and context-based classification to manual, user-classification. Automated classification drives repeatability and predictability. It also speeds implementation time by enabling managers to classify before formal policy creation. Manual classification includes the end-user in the security program by incorporating the intimate knowledge of the data owners.

DG Network DLP: Reduces risk of data loss by monitoring and controlling all communications channels – including email, Web, File Transfer Protocol, Secure Sockets Layer, and applications such as webmail, blogs, and other social media. The network DLP appliance inspects all network traffic, then enforces policies to ensure protection. Policy actions include: allow, prompt, block, encrypt, reroute, and quarantine. Digital Guardian Network DLP can be deployed, configured, and protecting data in just a few hours and requires minimal ongoing support. It comes with pre-configured policies for PII, PHI, and PCI, along with the flexibility to create customized policies.

DG Endpoint DLP: Captures and records all system, user, and data events on or off the network. Security teams can configure the agent to automatically block suspicious insider activity or outsider attacks – malware and malware-free – before sensitive data is lost. The DG Endpoint DLP can automatically block, request action justification, or encrypt sensitive data in or attached to email, files moved to removable drives, cloud storage, or web. Administrators can assign access permissions and encryption methods to removable devices or media. Administrators can also limit the types of files which can be transferred onto removable devices/media, and the amount of data which may be transferred by time interval. Digital Guardian delivers full DLP capabilities to Windows, Linux, and Mac endpoints.

DG Cloud Data Protection: Integrates with leading cloud storage providers to scan repositories, enabling encryption, quarantine, or other automated remediation of sensitive data before the file is shared in the cloud. Data that is already stored in the cloud can be scanned and audited at any time.

DG Endpoint Detection & Response:  Detects, investigates, and mitigates suspicious activities and behaviors at the endpoint to safeguard sensitive data from external attackers. Digital Guardian's behavior-based rules can automatically detect and block multiple sources of attacks – ransomware, malware, malware-free attacks, and other suspicious data movements. It stops threats even if there are no IOC signatures. Once an attack is detected, Digital Guardian starts blocking at the attack’s initial entrance vector (e.g., phishing) and keeps blocking across the entire attack lifecycle, including the exploit installation/execution and the command and control phases.

DG Managed Security Program:  Digital Guardian’s Managed Security Program (MSP) delivers data protection as a managed service. Its security experts will host, administer and run your data security platform and help you contain insider and outsider threats before sensitive data gets out of your organization In addition to these tasks, Digital Guardian’s experts proactively hunt, detect, and respond to attacks in real-time to contain ransomware and other advanced threats before an organization’s sensitive data is breached

Insight and Analysis:  

Pro: Digital Guardian Endpoint Data Loss Prevention (DLP) protects sensitive data on all your endpoints. It protects intellectual property and personal information. This is a full-fledged DLP agent that captures and records all system, user and data events on or off the network. It has a granular control of all data movement that can be configured to automatically block, justify or encrypt sensitive data in or attached to email, files moved to removable drives, cloud storage, or web–malware and malware-free–before sensitive data is lost. It has a built-in advanced data classification that creates and modifies classification and usage policies through content inspection, context-awareness and user classification. It provides design policies with controls that won't block actions that comply with corporate policy so employees remain productive while the data stays safe.

Con: See this Gartner Peer Analysis commentary from April 2018. Summary of key comments from one user in the $500M to $1B revenue range (from Gartner Peer Analysis):  “Our company decided to implement the DG DLP and use the MSP to managing support to about 2000 end points. First of all the DGMC- Digital Guardian management console is at the MSP. We were told that we could update DLP agents with the DGMC. Come to find out yes this is true, but they do not recommend using the DGMC as it is unreliable to large amount of agents. BY large even 10 computers may not work properly for upgrades. They recommend a secondary solution such as MS_SCCM. SCCM for us would be another $250k.

"The reason upgrades is important is they seem to have bugs at the end point about every week to which you need to get a hotfix. Meanwhile users may be out of service with an application until you either remove the agent or get the fix. Once you get the fix you have to have a method such as SCCM to apply update out to all endpoints ...”

List of current customers:  Jabil; New England Federal Credit Union; St. Charles Health System; ANDRITZ

Delivery:  SaaS, Managed Security Program, On Premises

Pricing:  Annual costs for perpetual customers: $15 to $25/seat/year range; managed services customers: $35 to $45/seat/year. The range is due to the installation size (volume discounts apply) and complexity (# of use cases, policies, etc.).

Other key players in this market:   Symantec, McAfee, Forcepoint, Carbon Black, CrowdStrike, Cylance.

Contact information for potential customers:  

Resources:

IT Central Station

eWEEK.com

Gartner Peer Insights

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor of Features & Analysis at eWEEK, responsible in large part for the publication's coverage areas. In his 13 years and more than 4,000 articles at eWEEK, he...