SlideShare una empresa de Scribd logo

DG_Architecture_Training.pptx

Descargar como PPTX, PDF
T
TranVu383073

Digital guardian

Tecnología
1 de 29
Threat Aware Data Protection with Digital Guardian Architecture
The Elevator Pitch – Digital Guardian in a nutshell We Have the Deepest Visibility, Most Flexible Controls and Best Analytics Internal Use Only 2  We offer a next generation security platform that combines Data Loss Prevention (DLP), Endpoint Detection & Response (EDR) and User Entity Behavior Analytics (UEBA) to deliver what we call Threat Aware Data Protection. Digital Guardian is the only data centric security provider who fully understands data is the ultimate asset to protect.  The DG Platform provides a singular cloud-based user interface where security professionals can visualize their data like never before. Leveraging our cloud-based big data architecture and machine learning, InfoSec and SOC analysts can build advanced workspaces to interact with their rich data to detect issues before they become real security problems.  TADP takes full advantage of unsurpassed, 360 degree visibility provided across endpoints and the network to protect your data against all threat vectors with flexible controls and granular, yet practical, enforcement.  There is simply no other solution that combines Threat Detection with Data Awareness.
Confidential 3 Digital Guardian  Founded 2003 to protect all data against theft  Began with protecting IP on the endpoint - the most challenging use case  Simplified compliance and cloud data protection with DG appliance  Launched industry’s first Managed Security Program for DLP  Only security company 100% focused on protecting sensitive data from loss or theft  Growing 50% per year – fastest growing vendor in MQ Magic Quadrant Leader Wave Leader
THE TARGET: Confidential 4 BadGuysOnlyHaveto BeSuccessful once, W ehave to be Successful Every Time
Two Main Attack Vectors 5
2 Main Data Types  Customer data (PII, PCI, PHI)  Structured data  Can be recognized on network via content inspection & fingerprinting  Compliance driven use cases (e.g. GDPR)  Healthcare, Consumer Banking, Insurance, Retail, Government (citizen services) – consumer industries  Company Data, IP , Product Plans (CAD), Source Code, Formulas, Trade Secrets, R&D data, Business Processes  Structured & Unstructured data  Requires context from endpoint to recognize; fingerprinting unreliable and complex  Protection oriented use cases  Manufacturing, Pharma, Chemical, Oil & Gas, Top- secret Government, Financial Services Confidential 6 Personal Information Intellectual Property
Understand: What Data to Protect Confidential 7 Content-based File inspection to identify, tag and fingerprint sensitive data for lowest false positives Context-based Identify & tag sensitive data (structured and unstructured) even before you develop policies User-Based Enable users to classify sensitive data based on business requirements Classified Mac Joe Smith 462-81-5406 42 Wallaby Cook Source/Destination Application Network State Operation Drive Type Time of Day Upload/Download User Computer Classification Email Session DWG 200+ Parameters Most comprehensive data discovery & classification on the market today
DGMC Digital Guardian Architecture Tap/SPAN Port DG Network MS Exchange Web Proxy ICAP MTA DG Discovery Share, CIF, NAS Database Cloud Storage DG Cloud DLP DG Endpoint Endpoint Classification Control Forensics MS, OSX, Linux Citrix, VMware, Hyper-V Threat Analysis IOC Creation Attack Forensics Reporting Analytics Customization Case Management Forensics DeviceControl EDR / ATP as Managed Service
Digital Guardian Server (DGMC)  Digital Guardian Management Console (DGMC) • A Web-based management console to administer and monitor the DG system.  DGComm • An IIS Web Application used by the DG Agent to capture user activities (bundles) in the Collection database. (Could be also installed remotely)  Bundle Processor • A service that processes the encrypted data on user activities. The processed information is available in the DG Management Console through a variety of reports.  Job Scheduler • A process for scheduling DG activities, such as Active Directory synchronization, and email alert notifications. You can schedule and monitor jobs using DGMC. Confidential 9 Agentsvia HTTP(S) Port 80 or 443
Database • Digital Guardian uses two databases • Collection Database which is an operational database that stores all DG Agent activity for the current day. • Reporting Database which is a centralized database that stores aggregated data from the Collection database. • Digital Guardian uses the aggregated data to prepare enterprise-wide reports. • Digital Guardian requires the SQL Server database application to maintain a database environment. • The Collection and Reporting databases must be located on the same database application.
Sizing DG Server (DG Sizing Guide) Confidential 11
Bundle handling Architecture Confidential 12
Digital Guardian Agent  Communication: • Communication between the agents and the DG server is asynchronous and is initiated by the agents towards the server and usually occurs at a set frequency by the agent (default is 30 minutes, but this is configurable). Network utilization of an agent is estimated at approximately 300KB per user per day.  Secure communication: • DG Server can either use hTTP or hTTPS to communicate with DG Agents. All agent/server communication is encrypted, regardless of whether hTTP or hTTPS is selected as the communication protocol.  Stealth Mode: • Stealth mode prevents the DG Agent installation directory and drivers from appearing on the user’s hard drive in either Windows Explorer or the command prompt. Stealth mode also hides all DG Agent registry settings, and prevents DG Agent processes from appearing in the user’s Windows Task Manager.  Tamper Resistant Mode: • Tamper resistant mode prevents users from opening or altering DG Agent files. It also immediately restarts any DG Agent processes that have been terminated. This ensures that users cannot shut down the DG Agent.  Offline policy enforcement and logging: • DG policies are applied directly to the agent and do not require any server communication to be enforced. Bundles (user operations) are also stored on the agent and communicated to the server at pre-configured intervals. Confidential 13
Agent functions – Agent consolidation  Data Classification • Automatic classification with content, context or user based options  DLP – Data Leakage Prevention • Protect the data wherever it goes  Device Control • Control external devices connected to the system • Control data movements to this devices  Application Control (light)  Endpoint Detect & Response • Detect unusual behavior of Users / System / Applications • Run remote commands to collect important files, configurations, log entries, settings from endpoints  Forensic • Get deepest visibility from User / System / Application activities Confidential 14
Demo – Endpoint Agent Confidential 15
DIGITAL GUARDIAN Network Solution
nDLP Modules Confidential 17 Management Email (MTA) Web (ICAP) Discovery ( On Premise & Cloud) Network Monitoring Management Single Management Console All events of interest and artifacts detected Deploys policy , schedule discovery scans, fingerprinting,reporting Email (MTA) Receives outbound email and analyses for content Web (ICAP) Integrates with Web Proxy to analyse web traffic Discovery ( On Premise & Cloud) Scans storage repositories for content and performs remediation actions Network Monitoring Passively monitors network activity for content nDLP devices can run one or more detection modules
Confidential 18 nDLP Email Office 365 Outbound Email for Analysis Analyzed and Authorised nDLP Appliance On Premise Exchange Email Delivery Server Office 365 Web Client Block Outbound Email for Analysis Analyzed and Authorised • Connected via MTA with the Mail Gateway • Scanning outbound Mails on confidential content
19 nDLP Web Web Posts – Email, Social Media Content Good Policy Trigger Block Confidential 19 • Connected via ICAP on a Proxy Server like Squid or any other ICAP capable device Proxy
20 nDLP Discovery File Server Scan Scan Scan Scan Database Server Sharepoint Server Remediate Secure Vault Remediate • Ability to connect to databases and use the fingerprint of the content to discover the real data • In other databases • On Fileservers (e.g Excel files, Powerpoint slides etc • On Sharepoint Servers • In the cloud Confidential
Demo – Network DLP Confidential 21
Threat Aware Data Protection (TADP)
Expand Your Vocabulary  Risk • A probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action  Security Intelligence • The information relevant to protecting an organization from external and inside threats. It embodies the processes, policies and tools designed to gather and analyze that information. Helps identify and manage the threats that pose the greatest risk to the business and require immediate attention.  Adaptive Security • An approach to safeguarding systems and data by recognizing threat-related behaviors rather than the files and code used by virus definitions. The essence of the approach is the ability to adapt and respond to a complex and constantly changing environment. Confidential 23
Expand Your Vocabulary  EDR • Tools primarily focused on detecting and investigating suspicious activities (and traces of such) and other problems on hosts/endpoints. Intended to address the need for continuous monitoring and response to threats.  UEBA • UEBA utilizes machine learning and other advanced analytics for profiling and anomaly detection of users and entity behavior (hosts, devices, etc..). The output are risk scores designed to measure threats and simplify the work of the security professional. Confidential 24
Threat Aware Data Protection  Threat Aware Data Protection (TADP) • Convergence of data protection and threat aware capabilities • Unique in the industry as DG is the only vendor to combine DLP , EDR and UEBA use cases into a single solution  Core T o This Concept Are: • Deep Visibility into the host: Microsoft, Linux, and MacOS • Visualization – advanced visualization, workspaces, views, and workflows • Advanced Data Protection Concepts – incident response and management • Threat Awareness and Intelligence Confidential 25
Visibility System Events Data Events User Events Analysis Real-time Flexible Persona Based Technology Overview Intelligent Assessment Enabling Focused Response Forensic Artifacts Threat Mapping Improved Detection State Context Based Common Information and Asset Repository Big Data Risk Based Rule Based Statistical Historical Analytics Workspaces Alarms HUD Workflow
Adaptive Security 1 1 100 010011 10 1 0011 100 011 100 1 1 1 100 010011 100 10010001 1 1 100 010011 011 100 10010001 011 100 10010001 10010001 1 1 100 010011 1 1 100 010011 100 1 0011 100 011 100 1 1 1 100 010011 1 1 100 010011 100 10010001 1 1 100 010011 100 11 1 0011 100 011 100 110101 1 100 011 100 10010001 Rapid analysis of system, data and user events Streaming Analysis 11 001 100 010011 100 10010001 100110 11 1 110 10 110 00 1001 100110 100 010011 11 100 1 110 10 010011 001 100 110 001 100 010011 100 10010001 100110 11 1 110 10 110 Generate actionable alarms Identify spikes in activity Analyze behavior of an individual system, user or process Alert on policy violations Reduce risk through real-time analysis spanning the entire organization 1001 100110 01011
Demo Analytics & Reporting Cloud Confidential 28
Questions send to DG EMEA SE’s

Recomendados

Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
Network Intelligence India
 
Risk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksRisk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware Attacks
Marco Morana
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
Hussein Al-Sanabani
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
 

Recomendados

Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
Network Intelligence India
 
Risk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware AttacksRisk Analysis Of Banking Malware Attacks
Risk Analysis Of Banking Malware Attacks
Marco Morana
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
Hussein Al-Sanabani
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
Education
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
OECLIB Odisha Electronics Control Library
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
 
Cours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesCours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures Critiques
Franck Franchin
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
SHRIYARAI4
 
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Edureka!
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
IDS,SNORT ET SÉCURITÉ RESEAU
IDS,SNORT ET SÉCURITÉ RESEAUIDS,SNORT ET SÉCURITÉ RESEAU
IDS,SNORT ET SÉCURITÉ RESEAU
CHAOUACHI marwen
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
Happiest Minds Technologies
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
TITUS - Top Reasons For Data Classification
TITUS - Top Reasons For Data ClassificationTITUS - Top Reasons For Data Classification
TITUS - Top Reasons For Data Classification
John Timmerman
 
Slide rattrapage ESD Module Forensic
Slide rattrapage ESD Module ForensicSlide rattrapage ESD Module Forensic
Slide rattrapage ESD Module Forensic
ESD Cybersecurity Academy
 
GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014
Ravindran Vasu
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Konverge Technologies Pvt. Ltd.
 

Más contenido relacionado

La actualidad más candente

Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Edureka!
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
TITUS - Top Reasons For Data Classification
TITUS - Top Reasons For Data ClassificationTITUS - Top Reasons For Data Classification
TITUS - Top Reasons For Data Classification
John Timmerman
 

La actualidad más candente (20)

Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
 
Application Security
Application SecurityApplication Security
Application Security
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Cours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesCours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures Critiques
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
 
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
IDS,SNORT ET SÉCURITÉ RESEAU
IDS,SNORT ET SÉCURITÉ RESEAUIDS,SNORT ET SÉCURITÉ RESEAU
IDS,SNORT ET SÉCURITÉ RESEAU
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
TITUS - Top Reasons For Data Classification
TITUS - Top Reasons For Data ClassificationTITUS - Top Reasons For Data Classification
TITUS - Top Reasons For Data Classification
 
Slide rattrapage ESD Module Forensic
Slide rattrapage ESD Module ForensicSlide rattrapage ESD Module Forensic
Slide rattrapage ESD Module Forensic
 

Similar a DG_Architecture_Training.pptx

GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014
Ravindran Vasu
 
Digital Guardian and CDM
Digital Guardian and CDMDigital Guardian and CDM
Digital Guardian and CDM
Greg Cranley
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation
 

Similar a DG_Architecture_Training.pptx (20)

GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
 
Digital Guardian and CDM
Digital Guardian and CDMDigital Guardian and CDM
Digital Guardian and CDM
 
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview Solutions
 
Brochure forcepoint dlp_en
Brochure forcepoint dlp_enBrochure forcepoint dlp_en
Brochure forcepoint dlp_en
 
Dstca
DstcaDstca
Dstca
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
1784 1788
1784 17881784 1788
1784 1788
 
1784 1788
1784 17881784 1788
1784 1788
 
ClouDoc brochure_eng_20160708
ClouDoc brochure_eng_20160708ClouDoc brochure_eng_20160708
ClouDoc brochure_eng_20160708
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

DG_Architecture_Training.pptx

  • 1. Threat Aware Data Protection with Digital Guardian Architecture
  • 2. The Elevator Pitch – Digital Guardian in a nutshell We Have the Deepest Visibility, Most Flexible Controls and Best Analytics Internal Use Only 2  We offer a next generation security platform that combines Data Loss Prevention (DLP), Endpoint Detection & Response (EDR) and User Entity Behavior Analytics (UEBA) to deliver what we call Threat Aware Data Protection. Digital Guardian is the only data centric security provider who fully understands data is the ultimate asset to protect.  The DG Platform provides a singular cloud-based user interface where security professionals can visualize their data like never before. Leveraging our cloud-based big data architecture and machine learning, InfoSec and SOC analysts can build advanced workspaces to interact with their rich data to detect issues before they become real security problems.  TADP takes full advantage of unsurpassed, 360 degree visibility provided across endpoints and the network to protect your data against all threat vectors with flexible controls and granular, yet practical, enforcement.  There is simply no other solution that combines Threat Detection with Data Awareness.
  • 3. Confidential 3 Digital Guardian  Founded 2003 to protect all data against theft  Began with protecting IP on the endpoint - the most challenging use case  Simplified compliance and cloud data protection with DG appliance  Launched industry’s first Managed Security Program for DLP  Only security company 100% focused on protecting sensitive data from loss or theft  Growing 50% per year – fastest growing vendor in MQ Magic Quadrant Leader Wave Leader
  • 4. THE TARGET: Confidential 4 BadGuysOnlyHaveto BeSuccessful once, W ehave to be Successful Every Time
  • 5. Two Main Attack Vectors 5
  • 6. 2 Main Data Types  Customer data (PII, PCI, PHI)  Structured data  Can be recognized on network via content inspection & fingerprinting  Compliance driven use cases (e.g. GDPR)  Healthcare, Consumer Banking, Insurance, Retail, Government (citizen services) – consumer industries  Company Data, IP , Product Plans (CAD), Source Code, Formulas, Trade Secrets, R&D data, Business Processes  Structured & Unstructured data  Requires context from endpoint to recognize; fingerprinting unreliable and complex  Protection oriented use cases  Manufacturing, Pharma, Chemical, Oil & Gas, Top- secret Government, Financial Services Confidential 6 Personal Information Intellectual Property
  • 7. Understand: What Data to Protect Confidential 7 Content-based File inspection to identify, tag and fingerprint sensitive data for lowest false positives Context-based Identify & tag sensitive data (structured and unstructured) even before you develop policies User-Based Enable users to classify sensitive data based on business requirements Classified Mac Joe Smith 462-81-5406 42 Wallaby Cook Source/Destination Application Network State Operation Drive Type Time of Day Upload/Download User Computer Classification Email Session DWG 200+ Parameters Most comprehensive data discovery & classification on the market today
  • 8. DGMC Digital Guardian Architecture Tap/SPAN Port DG Network MS Exchange Web Proxy ICAP MTA DG Discovery Share, CIF, NAS Database Cloud Storage DG Cloud DLP DG Endpoint Endpoint Classification Control Forensics MS, OSX, Linux Citrix, VMware, Hyper-V Threat Analysis IOC Creation Attack Forensics Reporting Analytics Customization Case Management Forensics DeviceControl EDR / ATP as Managed Service
  • 9. Digital Guardian Server (DGMC)  Digital Guardian Management Console (DGMC) • A Web-based management console to administer and monitor the DG system.  DGComm • An IIS Web Application used by the DG Agent to capture user activities (bundles) in the Collection database. (Could be also installed remotely)  Bundle Processor • A service that processes the encrypted data on user activities. The processed information is available in the DG Management Console through a variety of reports.  Job Scheduler • A process for scheduling DG activities, such as Active Directory synchronization, and email alert notifications. You can schedule and monitor jobs using DGMC. Confidential 9 Agentsvia HTTP(S) Port 80 or 443
  • 10. Database • Digital Guardian uses two databases • Collection Database which is an operational database that stores all DG Agent activity for the current day. • Reporting Database which is a centralized database that stores aggregated data from the Collection database. • Digital Guardian uses the aggregated data to prepare enterprise-wide reports. • Digital Guardian requires the SQL Server database application to maintain a database environment. • The Collection and Reporting databases must be located on the same database application.
  • 11. Sizing DG Server (DG Sizing Guide) Confidential 11
  • 13. Digital Guardian Agent  Communication: • Communication between the agents and the DG server is asynchronous and is initiated by the agents towards the server and usually occurs at a set frequency by the agent (default is 30 minutes, but this is configurable). Network utilization of an agent is estimated at approximately 300KB per user per day.  Secure communication: • DG Server can either use hTTP or hTTPS to communicate with DG Agents. All agent/server communication is encrypted, regardless of whether hTTP or hTTPS is selected as the communication protocol.  Stealth Mode: • Stealth mode prevents the DG Agent installation directory and drivers from appearing on the user’s hard drive in either Windows Explorer or the command prompt. Stealth mode also hides all DG Agent registry settings, and prevents DG Agent processes from appearing in the user’s Windows Task Manager.  Tamper Resistant Mode: • Tamper resistant mode prevents users from opening or altering DG Agent files. It also immediately restarts any DG Agent processes that have been terminated. This ensures that users cannot shut down the DG Agent.  Offline policy enforcement and logging: • DG policies are applied directly to the agent and do not require any server communication to be enforced. Bundles (user operations) are also stored on the agent and communicated to the server at pre-configured intervals. Confidential 13
  • 14. Agent functions – Agent consolidation  Data Classification • Automatic classification with content, context or user based options  DLP – Data Leakage Prevention • Protect the data wherever it goes  Device Control • Control external devices connected to the system • Control data movements to this devices  Application Control (light)  Endpoint Detect & Response • Detect unusual behavior of Users / System / Applications • Run remote commands to collect important files, configurations, log entries, settings from endpoints  Forensic • Get deepest visibility from User / System / Application activities Confidential 14
  • 15. Demo – Endpoint Agent Confidential 15
  • 17. nDLP Modules Confidential 17 Management Email (MTA) Web (ICAP) Discovery ( On Premise & Cloud) Network Monitoring Management Single Management Console All events of interest and artifacts detected Deploys policy , schedule discovery scans, fingerprinting,reporting Email (MTA) Receives outbound email and analyses for content Web (ICAP) Integrates with Web Proxy to analyse web traffic Discovery ( On Premise & Cloud) Scans storage repositories for content and performs remediation actions Network Monitoring Passively monitors network activity for content nDLP devices can run one or more detection modules
  • 18. Confidential 18 nDLP Email Office 365 Outbound Email for Analysis Analyzed and Authorised nDLP Appliance On Premise Exchange Email Delivery Server Office 365 Web Client Block Outbound Email for Analysis Analyzed and Authorised • Connected via MTA with the Mail Gateway • Scanning outbound Mails on confidential content
  • 19. 19 nDLP Web Web Posts – Email, Social Media Content Good Policy Trigger Block Confidential 19 • Connected via ICAP on a Proxy Server like Squid or any other ICAP capable device Proxy
  • 20. 20 nDLP Discovery File Server Scan Scan Scan Scan Database Server Sharepoint Server Remediate Secure Vault Remediate • Ability to connect to databases and use the fingerprint of the content to discover the real data • In other databases • On Fileservers (e.g Excel files, Powerpoint slides etc • On Sharepoint Servers • In the cloud Confidential
  • 21. Demo – Network DLP Confidential 21
  • 22. Threat Aware Data Protection (TADP)
  • 23. Expand Your Vocabulary  Risk • A probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action  Security Intelligence • The information relevant to protecting an organization from external and inside threats. It embodies the processes, policies and tools designed to gather and analyze that information. Helps identify and manage the threats that pose the greatest risk to the business and require immediate attention.  Adaptive Security • An approach to safeguarding systems and data by recognizing threat-related behaviors rather than the files and code used by virus definitions. The essence of the approach is the ability to adapt and respond to a complex and constantly changing environment. Confidential 23
  • 24. Expand Your Vocabulary  EDR • Tools primarily focused on detecting and investigating suspicious activities (and traces of such) and other problems on hosts/endpoints. Intended to address the need for continuous monitoring and response to threats.  UEBA • UEBA utilizes machine learning and other advanced analytics for profiling and anomaly detection of users and entity behavior (hosts, devices, etc..). The output are risk scores designed to measure threats and simplify the work of the security professional. Confidential 24
  • 25. Threat Aware Data Protection  Threat Aware Data Protection (TADP) • Convergence of data protection and threat aware capabilities • Unique in the industry as DG is the only vendor to combine DLP , EDR and UEBA use cases into a single solution  Core T o This Concept Are: • Deep Visibility into the host: Microsoft, Linux, and MacOS • Visualization – advanced visualization, workspaces, views, and workflows • Advanced Data Protection Concepts – incident response and management • Threat Awareness and Intelligence Confidential 25
  • 26. Visibility System Events Data Events User Events Analysis Real-time Flexible Persona Based Technology Overview Intelligent Assessment Enabling Focused Response Forensic Artifacts Threat Mapping Improved Detection State Context Based Common Information and Asset Repository Big Data Risk Based Rule Based Statistical Historical Analytics Workspaces Alarms HUD Workflow
  • 27. Adaptive Security 1 1 100 010011 10 1 0011 100 011 100 1 1 1 100 010011 100 10010001 1 1 100 010011 011 100 10010001 011 100 10010001 10010001 1 1 100 010011 1 1 100 010011 100 1 0011 100 011 100 1 1 1 100 010011 1 1 100 010011 100 10010001 1 1 100 010011 100 11 1 0011 100 011 100 110101 1 100 011 100 10010001 Rapid analysis of system, data and user events Streaming Analysis 11 001 100 010011 100 10010001 100110 11 1 110 10 110 00 1001 100110 100 010011 11 100 1 110 10 010011 001 100 110 001 100 010011 100 10010001 100110 11 1 110 10 110 Generate actionable alarms Identify spikes in activity Analyze behavior of an individual system, user or process Alert on policy violations Reduce risk through real-time analysis spanning the entire organization 1001 100110 01011
  • 28. Demo Analytics & Reporting Cloud Confidential 28
  • 29. Questions send to DG EMEA SE’s