Digital Guardian Dlp

Digital Guardian Dlp, Hi, I’m Jennifer Valverde and today I will be demonstrating Digital Guardian for Advanced Threat Protection. Digital Guardian delivers actionable insights into over 200 system level parameters to give immediate alerts while maintaining a historical record of events. System parameters monitored include: Digital Guardian Dlp

• process activity

• user and kernel execution events: verdasys digital guardian

• file system activity

• network and registry activity: digital guardian dlp

• and user-login activity Digital Guardian’s deep visibility ensures you have the critical information needed to identify patient zero and drastically reduce your overall response time while validating the impact the attack had on your data. Now let’s go ahead and see what this looks like. On an endpoint with the Digital Guardian Agent installed, save an executable from an e-mail, web browsing session, USB, or even command line. Here I’ll be doing it from email. You do not need to execute this file. In this case it’s within an archive; DG sees all system actions including writes of files within archives. Log in to your DGMC and navigate to ATP Executables Written to Disk Today. Here you will see that executables can be tracked from e-mail, browser, USB, and even movement via command line. Not only do we gain visibility into the entry vector itself but we also have added context such as: Digital Guardian Dlp

Digital Guardian Dlp

• Time

• Computer Name

• User Name

• Application performing the action

verdasys digital guardian

• Directory

digital guardian data loss prevention

• File name In this case we are just showing a small window in time. The timeframe can easily be modified to show new files that have been introduced to my environment over the last day, week or month. Back on the endpoint execute the file you chose to save to the desktop. In this case I am using winrar.exe and I am executing it from the recycle bin via command line. Back in the DGMC navigate to Local Forensic Report. You will immediately see not only Outlook writing the file, but the application Start which has tagged this executable as ATP Classified. Tagging executables gives Digital Guardian the ability to monitor its behavior while taking source into account. This is important when correlating events to determine the entire lifecycle of an attack. Clicking into application details gives you a rich set of forensic data including version, process ID, parent process and more.

digital guardian gartner

The question mark next to the winrar application indicates that Virus Total has not seen this hash. The fact that this executable is unknown is interesting in itself and might be worth taking action. To see all scan results from Virus Total, Palo Alto, and FireEye, click the magnifying glass. This will bring you to the Scan Report, which can also be found under Reports/Scan Reports. If you’d like to dig deeper into the process usage, click on the magnifying glass again. The Process Usage report goes a step further and provides where and when this process was launched, making it easy to identify patient zero. By working through this use case you now have additional visibility into your environment that allows you to answer critical security questions such as:  How and when are new executables entering my environment?  Does a dormant malicious file exist in my environment?  Where is the potential for risk and which endpoints are at greatest risk?  And was data compromised? Visit us at DigitalGuardian.com for more information. guardian dlp