Digital Guardian releases new User and Entity Behaviour Analytics capability

Get a copy of the upcoming book "Secure Operations Technology"

Digital Guardian announced that it has released new User and Entity Behaviour Analytics (UEBA) capabilities for its cloud-delivered Data Protection Platform.

Supplementing data classification and rule-based policies, the Digital Guardian Data Protection Platform now delivers analytics and anomaly-based detection to give insight into activities surrounding sensitive data.

Digital Guardian’s UEBA capabilities enhance its Data Loss Prevention (DLP) and Endpoint Detection and Response (EDR) applications for identification, mitigation and communication of enterprise data risk.

The Digital Guardian Data Protection Platform extends its statistical means to leverage machine learning techniques to gain an understanding of how both users and entities behave within an environment.

By first establishing a baseline of normal activity, Digital Guardian can identify anomalies amongst data sets to trigger alarms when detecting changes in user and system workflows, application executions, and data accessed or moved. Digital Guardian delivers the visibility and context to enable determination of real risk.

“Effective data security begins by understanding the risk associated with how users and systems interact with data,” said Ken Levine, president and CEO, Digital Guardian.

“CISOs are in the business of managing risk and our UEBA technology enables them to make more effective business decisions. Digital Guardian is introducing an innovative risk based approach to threat prioritisation – we are enabling security teams to not only reduce incident remediation times with high fidelity alarms, but also prioritising the most important and severe alarms targeting organisations’ sensitive data.”

The UEBA capabilities are visualised through an Executive Risk Dashboard, which combines the ability for security analysts and business leaders to view the suspicious behaviours in their enterprise and pivot into details of the anomalies, data loss events and endpoint activity.

This also enables organisations to visualise, assess and understand their risk posture, allowing executives to have deeper policy discussions and set appropriate controls for safe-guarding sensitive data.

“We are constantly innovating our cloud-delivered Digital Guardian Data Protection Platform, and our new UEBA capabilities provide our customers with more effective risk management and deeper visibility into suspicious activities,” said David Karp, chief product officer, Digital Guardian.

“We have rounded out the triumvirate of key capabilities by combining behavioural analytics, data loss prevention, and endpoint detection and response and are uniquely capable of understanding sensitive data and protecting it from all threats – whether they originate with a trusted insider or external adversary.”

“UEBA can be useful for every data protection programme as it enables enhanced detection for insider threats and identifies potential anomalous activity in real-time. This can help accelerate investigations and time to resolution,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group.

“Integrating UEBA into the Digital Guardian Data Protection Platform can provide a higher level of protection for corporations looking to protect their most sensitive data and critical assets.”

Benefits of combining UEBA capabilities with the DG Data Protection Platform

Prioritise and investigate the risks – Digital Guardian UEBA monitors the set of behavioural events about your systems, users and data, and pinpoints anomalies. Digital Guardian can collect and preserve chain-of-custody forensic evidence including capture files, system artifacts, screenshots and keystrokes, allowing incidents to be reconstructed in their full context. Alarms are triggered for the fidelity indicators that warrant additional investigation.

Detect and mitigate threats – identify and stop insider threats by employees, contractors and privileged users before sensitive data leaves the organisation. Real-time user and entity analytics understands which behaviours or actions deviate from baseline activities and represent risk. Digital Guardian’s visibility and automated data classification gives context to those actions by highlighting the behaviours targeting the most sensitive assets. Flexible, and automated controls allow benign actions but block risky or unusual behaviour.

Reduce dwell time – Digital Guardian’s cloud-delivered Data Protection Platform can detect threats and stop data exfiltration from internal and external threats. User and entity behaviours are aggregated to create risk scores to help analysts identify actions that are indicative of real threats. Once confirmed, analysts can blacklist processes across the enterprise from virtually any screen enabling faster and more accurate response for real-time remediation. Policy changes can also be made from the same screen.

Security analyst-approved dashboards and workspaces for guided responses – Digital Guardian’s expert team of threat hunters, incident responders, and information security analysts developed workspaces to guide security professionals to the events that matter when identifying anomalous and suspicious insider activity. Digital Guardian’s Executive Risk Dashboard aggregates risk scores to simplify communicating risks to other executives and board members, while providing access to the individual behaviours and events security teams require to identify activity compromising systems and data, then build and enforce policies to protect sensitive information.