Verdasys Digital Guardian

Enterprise Information Protection

Verdasys Digital Guardian is a comprehensive and proven Enterprise Information Protection platform. Digital Guardian serves as the cornerstone for policy driven, data-centric security by enabling organizations to solve the information risk challenges that exist in today’s highly collaborative and mobile business environment in an effective, flexible and economical fashion. Digital Guardian’s unique and proven architecture makes it possible to implement a data-centric security framework from which business and IT managers can:

  • Discover and classify sensitive data by context and content to gain visibility into how it is used by employees, contractors, partners and outsourcers.
  • Utilize actionable decision support to assess the risk associated with the sharing of sensitive data, enabling managers to make informed business decisions and create effective data security policies
  • Implement automated policy driven information protection; driving accountability down to the user resulting in voluntary compliance and increased risk aware behavior
  • Alert, block and record high risk behavior ultimately preventing costly and damaging data loss incidents

digital guardian

What sets Digital Guardian apart from the rest?

  • Comprehensive information protection coverage, fully functional on or off the corporate network
  • Enterprise-wide visibility into sensitive data location and usage with actionable decision support
  • Centralized policy definition and enforcement that leverages not only identity and activity, but also data classification, context and content analysis
  • Risk appropriate responses to user activities including policy driven warnings, blocking and alerting, as well as automated file, email and full disk encryption
  • Proven technology and results, with 50,000+ user deployments, 1 million agents deployed and 5 years of success

Digital Guardian allows your business to put sensitive information to work while ensuring its usage is governed, controlled and audited.

Protection at the Point of Use

Digital Guardian protects against the misuse, compromise or loss of data across the enterprise through its 5th generation multi-function security agent. Tamper resistant, and operating invisibly on desktops, laptops and servers both on and offline, the Digital Guardian Agent monitors and prevents “hard to detect” hi-risk user actions such as:

  • Burn, Cut/Paste or Copy to media or devices including CD/DVD
  • Cut/Paste or Copy to USB, and wireless devices
  • Capture, print screen and print
  • Email content or attachments including network or web mail applications
  • Transferring data across the network to other systems
  • Accessing and interacting with custom or legacy applications

Because it oversees transactions at the “point of use”, or host, Digital Guardian is uniquely capable of protecting data simultaneously across applications, devices and channels of communication from a single console – anywhere in the world.

Verdasys Digital Guardian is made up of the following Components:

Data Centric Security

A risk based, data centric security approach to protecting information is a paradigm shift away from traditional “network or system” centric security. It is instead a combination of process and technology that focuses on information flow across business processes and human interactions. Its goal is to create and sustain a flexible, ongoing and continually improving security process that recognizes and reacts to changes in the internal and external environment and enables, not disables, business processes.

The traditional network or system based approach to security continues to fail to protect sensitive data. For companies to substantially reduce the risk of information loss, they need to take a risk based, data-centric approach security. In other words, it’s about the data and understanding:

  • What sensitive data exists, and where it is located
  • What user is taking what actions with sensitive data
  • Where is the sensitive data going
  • What controls are needed to mitigate the risk of the users actions

Digital Guardian data protection software offers uniquely flexible models for delivering automated data security controls to users. These risk appropriate warnings can be configured to enforce corporate polices, offer alternative approaches to completing tasks including forcing security system usage like VPNs or automatic encryption of emails or files, reinforce training of compliance rules like HIPAA and PCI and deter improper activities. All of these control implementations occur before the data is put at risk. Once the improper action on sensitive data on the network, on a device or in a web mail is taken – the information is compromised. Warnings, justifications and blocks, to meaningfully prevent data loss must occur before action is taken.

Mobile EIP

EIP Mobile for Blackberry Enterprise Server and Exchange ActiveSync
The business trend towards IT “consumerization” is being driven by cost savings, but increases the risk that sensitive data will be leaked, misused, or exposed as it moves via email to and from devices the business doesn’t manage, or even own. To help global businesses securely support “bring your own device” policies, the Digital Guardian Enterprise Information Protection (EIP) platform extends to protect data moving to and from consumer-based devices with specialized software and capabilities called EIP Mobile. EIP Mobile applies Digital Guardian’s data-centric policy monitoring and enforcement to mobile platforms like iPads, Android, Windows Phone, and Blackberry devices, and ensures end-to-end security and containment of sensitive data throughout the enterprise. For advanced email policy enforcement the EIP Mobile solution monitors and controls data on the Blackberry Enterprise Server (BES) and Exchange ActiveSync (EAS) infrastructure.

Scalable Mobile Email Security
Digital Guardian’s EIP Mobile solution is capable of controlling emails and attachments from being sent directly from Blackberry or ActiveSync-compatible devices.  A Digital Guardian server agent residing on the BES or ActiveSync server monitors every email event, and enforces the user’s policy for accessing and sending sensitive data in real time.  When a policy rule is triggered, Digital Guardian can automatically interact with the user with instant email prompts to warn, educate, or make them aware of a specific enforcement response.  In addition, Digital Guardian forensically logs all email events generated by supported mobile users, and can send alerts to security administrators when risky behavior or policy violations are detected.  Digital Guardian’s EIP Mobile solution provides a seamless end user experience that is transparent to authorized uses of data, while providing business owners and security managers granular insight and control over the transfer of sensitive information within and beyond the corporate domain through the Digital Guardian Management Console.

Mobile Mail Encryption
Digital Guardian’s EIP Mobile solution supports a wide spectrum of email security use cases on mobile devices for data movement inside and outside the corporate network using policy-based encryption controls that enforce data access controls with AES 256-bit encryption.  A Digital Guardian workstation or server agent can encrypt files from the moment they are created or accessed based on the their sensitivity; agents on BES and ActiveSync servers automate the encryption and decryption of messages and file attachments going to and from authorized mobile users.  Digital Guardian’s mobile security model also extends beyond corporate users by supporting “portable” encryption that automatically wraps a sensitive email in a ZIP-encrypted archive as it leaves the BES or ActiveSync server.  The password can be supplied by the sender or auto-generated, and accessible by the authorized recipient via a separate message automatically sent by Digital Guardian, or communicated by the sender out-of-band.

Network EIP

With patented Deep Session Inspection™,  Digital Guardian Network EIP is the only network solution with the power to deliver comprehensive prevention over all ports and all channels with complete visibility and control to stop data leakage and cyber attacks on high bandwidth networks. Digital Guardian Network EIP allows you to gain control of your network with enabling features, such as:

  • Control both proxied and direct-to-internet traffic
  • Inspect all network traffic for sensitive content including attachments and  compressed files
  • Stop unauthorized traffic based on content, application, and/or protocol
  • Quarantine sensitive or unencrypted e-mails before they leave the network
  • Monitor all channels including e-mail, web, webmail, instant messaging, file transfers, telnet, and peer-to-peer
  • Monitor external traffic and/or on internal traffic segments to view all network traffic across an organization

Architecture

Digital Guardian
Verdasys Digital Guardian is a unique comprehensive and proven host based data security solution for protecting and tracking the flow of critical data across your extended enterprise. Whether on PCs, laptops, or servers (inside or outside the organization). Digital Guardian is fully internationalized and designed for large enterprise deployments. With customers deployed in Japan, China, India, Austria and North America, and deployments sites of greater than 50,000 end points protected: Digital Guardian is the leading global data security solution available.

Digital Guardian Multi-Function Agent
The Digital Guardian Agent is the only multi-function agent available that delivers policy driven data discovery, classification, monitoring, and control. Beyond these capabilities, The Digital Guardian Agent also includes fully integrated policy driven file and email encryption. The Digital Guardian Agent is tamper proof and can be made invisible on the host system.

Digital Guardian Server
The Digital Guardian Server is a Web-based application server and console that is the command center for the Digital Guardian Platform. The Digital Guardian Server:

  • Manages and monitors all Digital Guardian Agents
  • Captures, aggregates and stores all user activities related to sensitive data
  • Enables flexible data classification frameworks and rules to be created
  • Manages data security policy and distributes them to all Digital Guardian Agents for enforcement
  • Triggers administrative alerts and email notifications when security policies are violated
  • Includes an easy to use reporting engine for high-level, detailed and custom report creation

Flexible and Scalable Server Architecture
Digital Guardian can be deployed both as a single-tier (Server and SQL database sharing the same hardware) and multi-tier architecture (separate hardware for Server and SQL database) depending on an organization’s size, performance and communications needs. In addition, Digital Guardian Services can be distributed across multiple servers in an organization depending on network topology and business organization. Since all management functions are provided by the Web-based management console, multiple servers can easily be maintained from a single location within the corporate LAN. Initial deployments of Digital Guardian that start with a single-tier server can later easily be converted into multi-tier configurations.

Reporting

Digital Guardian’s flexible and configurable reporting engine provides the power needed to deliver actionable reports for security, business, operations and audit managers. Digital Guardian reporting delivers:

  • Aggregated, high level views of sensitive data usage and flow across the extended enterprise
  • Drill down capabilities that enable users to quickly move through large amounts of data zeroing in on relevant information at the user, machine or individual file level.
  • Both summarization and detailed views of application usage
  • Custom query capabilities allowing for detailed auditing across the enterprise
  • Automatically generated graphical analysis and history of all warnings and alerts
  • Trend analysis of risks and threats involving data usage
  • Advanced context based analytics, including location and hierarchical visualizations

Discovery and Classification

As sensitive data continues to be created and move at a record pace across large global organizations, security managers are challenged to find, classify and track this sensitive data. When you add the low cost of portable data storage, it is no wonder that large amounts of sensitive information are proliferating across local drives, remote devices and file servers completely unmanaged. Security departments are struggling to meet corporate mandates requiring them to find and catalog this information to protect company brand and competitive advantage as well as to meet compliance requirements with regulations including; SOX, GLBA, HIPAA, PCI and more.

Digital Guardian’s comprehensive discovery, monitoring and control capabilities provide enterprise clients with a fully integrated service to search for, identify, classify and report on the presence of sensitive information residing on servers, desktops and laptops across the enterprise. Digital Guardian, through its integrated framework including multi-function agents and a remote discovery platform, offers a comprehensive and manageable data discovery capability that includes:

  • Scanning across all systems with Digital Guardian Agents
  • Scanning across ‘agent-less’ file systems including; Windows/CIFS, Novell, UNIX/NFS file systems.
  • Programmable initial scanning and re-scanning that is easily managed from a central server
  • Real-time discovery on agent protected systems and scheduled scans on all systems
  • Flexibly defined scanning by location, machine, group and individual
  • Similarity, keyword, dictionary and pattern based scan analysis
  • Data discovery analysis of 300 file types in over 90 languages
  • Clear and concise reports based on collected and aggregated scanning results
  • Reports on data discovery, classification and usage

Through the powerful technology of Digital Guardian, the content of files is examined for critical keywords and patterns across more than 300 file types. Flexible and customizable entity and keyword matching, as well as multi-lingual capabilities allow for accurate results. Digital Guardian technology utilizes existing pre-built patterns, checksums, validated number ranges and other criteria to reduce the amount of false returns, ultimately assuring that highly sensitive data is accurately identified and protected. These capabilities are available in both the Digital Guardian agent as well as the Discovery Platform Agent.

Digital Guardian Modules

The Verdasys Digital Guardian platform includes fully integrated add-on modules that extend the core discovery, monitoring and control capabilities of the solution. Add-on modules can be deployed with the core solution or easily added after a deployment is up and running. Digital Guardian add-on modules include: Adaptive Content Inspection, Adaptive E-Mail and File Encryption and Application Logging and Masking.

Adaptive Content Inspection
Discover, classify, monitor and enforce security policies based on data content in over 300 file formats and 90 languages across servers, Citrix gateways, desktops and laptops.

Adaptive E-Mail Encryption

Policy and classification driven automatic encryption of email content and attachments, invisible to users and includes automatic key management. Enforce security policy on network and web mail systems on or offline.

Adaptive File Encryption
Policy and classification driven automatic encryption of sensitive files located on or copied to local drives, network storage, external devices or burned to CD/DVD.

Removable Media Encryption
Policy and classification driven automatic encryption of sensitive files located on or copied to iPhones, BlackBerrys, and other remote devices through Bluetooth, FTP, e-mail or other means..

Application Logging and Masking
Enforce field level access control through data masking, and audit logging for legacy (3270 terminal emulators), client server and web based applications.

Further Verdasys Digital Guardian Information

If you would like to learn more about Digital Guardian and any of its components, please contact our Verdasys experts who will be happy to help. A selection of detailed Digital Guardian information data sheets can be found below.