Digital Guardian Advanced Threat Protection

Digital Guardian for Advanced Threat Protection is uniquely focused on understanding and preventing threats targeting your data and placing your systems at risk. It takes a data-centric approach to advanced threat detection, incident response and prevention that ensures security travels with the data. Adding DG for Advanced Threat Protection gives you the only security solution that protects sensitive data regardless of the source of attack. CAPABILITIES: Protect the data, regardless of the attack vector

• Detect in real-time behaviors indicative of attacks targeting your systems, users and data via Digital Guardian’s attack sequencing approach.
• Set rules to alert the user to the presence of an attack (via prompts) stop the attack in progress; notify IT in near real time and initiate collection of artifacts for forensic validation.

Cut analyst workload, improve workflow, increase incident handling capacity

• Expedite delivery of critical alerts to speed response time and containment.
• View correlated events and individual alerts for visibility of an attack or malicious activity by highlighting the individual rules which triggered the correlated event.
• Automate collection of artifacts to reduce response time and enhance the ability to stop an attack in progress.
• See all systems that are at risk or infected by using Digital Guardian’s automated binary analysis to track any file determined to be malicious or suspicious.

Maxmize the return on your security investments

• Protect your endpoints from threats discovered at the network layer using DG’s integration with existing malware protection systems (FireEye and Palo Alto).
• Download threat information from third party threat feed sources you define, directly to the DG agent to block agent execution within minutes of identification of known threats.
• Use network security infrastructure to gather and submit suspicious files for detonation before they execute.
• Get additional analysis and guidance on what action to take as a result of direct integration with VirusTotal. For example, automate the submission of a file hash for immediate analysis or industry reputation and if deemed to be a threat, all endpoints can be informed of the threat and set to block and alert should the threat be seen by any system whether on or off your network.

BENEFITS:

1. Real-time visibility. To avoid the risk of missing critical artifacts and to maintain a full narrative of an attack you need real-time visibility. Digital Guardian includes real-time and historic visibility into more than 200+ parameters associated with system activities. This includes: process activity, user-mode and kernel execution events, file system activity, network and registry activity, and user-logon activity. Deep visibility ensures you have all the critical information needed to identify patient zero and drastically reduce your overall response time while validating the impact the attack had on your data.
2. Context. Security teams today are overwhelmed with alerts from ineffective products that lack any context or prioritization of attacks; so they end up missing the real threats targeting their data. Digital Guardian provides host visibility as well as contextual intelligence about attacks targeting your data. Our solution gives you the context required to prioritize your response and answer the crucial who, what, why, and how questions.
3. Data awareness. Advanced threats are intent on compromising your systems in order to gain access to your data. To protect your most critical data you must first understand it. New advanced threat protection products have no concept of data and traditional DLP products lack the understanding of threats. Digital Guardian is the first product to bridge the gap between system security and data protection by delivering a single solution combining threat prevention with context based data protection from a single agent.
4. Flexible deployment. Only Digital Guardian offers complete data protection through an on premise, cloud-based managed service, or a hybrid of both. Our cloud-based managed services are the answer if you have more IP than IT. As an extension of your team, we’ll expertly develop, deploy, and manage all of your policies enterprise-wide as if they were our own.