The Digital Guardian Platform provides multi-layered defense-in-depth for targeted cyber attack detection, containment, investigation and prevention. It combines deep system, application and data event level visibility with threat intelligence feeds to identify multiple suspicious activities alerting the potential of a cyber attack, containing those attacks through systems and application blocking and blocking access to sensitive data as well as preventing sensitive data exfiltration through data movement blocking and automatic data encryption.
Digital Guardian can confirm malicious activities across multiple levels of network or system operations without using signature or heuristic techniques relied upon by anti-virus technologies that cyber attacks easily defeat. It determines which network, system, application and data-level activities are suspicious and which are allowed by policies based on system, application and file event analysis, file sensitivity and file movement. Role-based data controls are critical to preventing data loss by anonymous attacker thereby preventing the use of compromised administrative accounts to access encrypted data and maintaining that encryption control if a sensitive file is moved off a compromised workstation or server.
Digital Guardian Integrated Cyber Threat Detection and Defense Components Include:
DG Endpoint Agents enforcing Adaptive Cyber Threat Policies to monitor, detect, contain and prevent malware activities across endpoints including servers, laptops and desktops. Aggregation of risk factors can autonomously elevate alerts and containment controls including the trigger of Advance Malware memory scans and additional forensics capture. DG Endpoint Agents can also monitor and block known bad applications and "unknown" applications preventing the rapid spread of cyber attacks. DG Endpoint Agents detect, prevent and contain malware effectively on and off the network.
APT Detection Module - Advanced malware detection powered by HBGary Digital DNA. Digital DNA is a signature-less approach to detect new or unknown malware with automated behavioral analysis of code in physical memory. The Digital Guardian APT Detection Module manages scans based on schedule or policy violation and facilitates the retrieval of memory forensics to support incident response. Once an investigation determines the characteristics of an attack, containment and blocking polices can quickly be deployed across the enterprise at both the network and endpoint level, offering effective blocking of the attack.
Network and Gateway Solution Integration: Through partnerships with cyber defense vendors such as FireEye and others, Digital Guardian can import consolidated threat feeds, incident alerts and threat intelligence and suspicious activities detected in session level traffic. This information is easily correlated with host agent information collected by Digital Guardian Sensors so that the threat can be quickly and accurately identified and its methods investigated so containment and prevention controls can be easily defined.
Digital Guardian provides a comprehensive and integrated defense-in-depth security model for cyber attacks that uses network and endpoint agents and can detect abnormal events by correlating endpoint and network policy alerts and other suspicious activities to provide an enterprise-wide overview of threatening activity. Cyber attacks are detected in hours, not months, and when an attack is confirmed, Digital Guardian agents can then enforce data-level policy autonomously at different stages of an attack inside or outside the network, disrupting the attack and protecting the company's critical data.