About The Customer
A Fortune 50 company invested heavily into intellectual property to design and manufacture energy generation machinery. Employees used this to build the company’s competitive advantage. The company relied on “trust-based” access under the assumption that all employees were trustworthy. When a privileged user was caught attempting to steal proprietary data, it became obvious a “trust-based” system no longer worked.
The Business Challenge
The company had over 40,000 employees globally who required access to critical IP used in multiple applications including scientific and simulation software. Data types included product design and engineering documents, process flow plans, manufacturing documents, and business plans. Their global infrastructure included over 100,000 Windows and Linux workstations and servers.
Identifying and classifying the sensitive data presented a challenge. The breadth and volume of data made manual processes ineffective or inconsistent; automation at the time of data creation was necessary.
The company had previously relied on access controls to protect data, further restricting access to sensitive material was not possible. Employees needed the information to perform their jobs, and the attempted breach was by a trusted user. Any solution had to provide authorized users with unencumbered access to IP, while monitoring data use to ensure compliance with corporate policies.
Critical Success Factors
- Enable knowledge workers to share sensitive data globally by group and need
- Automatic encryption of sensitive data when shared by email or copied to a removable drive
- Real time alerting for Incident Response Teams and forensic reporting
- Allow users with elevated privilege to perform system maintenance without exposing critical data
- Scalability to deploy across 100,000 endpoints globally
The Solution
Fortra’s Digital Guardian® collaborated with the company to identify systems where IP was created, used, and stored - then used the deep visibility provided by the Digital Guardian agent to both verify and validate their assumptions. Endpoint agents monitored the data and enforced the organization’s policies in real time across local hard drives/USB devices, file servers, and burned to CD/DVD. The visibility further extended to uploads, email, printing, and screenshots.
Having a comprehensive view of data, the customer implemented a hybrid content and context based classification program. Context classification was used for the discovery and automatic classification of files, as data was created, based on source application, server, file path, file type, and user identity, among the 200+ contextual factors available. Content-based classification was used based on keywords, regular expressions, document similarity, and pattern or dictionary matching.
Digital Guardian provided the company with policy-driven, automated data controls to allow collaboration between business units, balanced against the risk posed by a specific activity. These controls range from prompting users for justification, automated encryption, or blocking. All actions around classified data are logged for further analysis and investigation as needed. If critical policies are violated, alerts are automatically escalated to incident response teams for immediate actions.
The Results
Digital Guardian was deployed across 40,000 globally distributed systems, and within months of implementation an insider threat incident was identified and stopped. The company improved business and security processes, while protecting critical IP from compromise. With Digital Guardian, the company continues to build its IP protection program and integrate it into their overall Corporate Information Risk, Governance and Training.
Data Types We Protect
