Digital Guardian

Security controls allowing companies to identify, classify and protect business information from theft and misuse are the next step in the development of information systems’ maturity. Digital Guardian is one of the leading tools in the area of enterprise information protection, giving companies visibility and control over business information and, if necessary, allowing their encryption.

The challenge of protecting business information

The majority of traditional security controls is focused, in its largest part, on protecting technologies that store, process and/or handle business information and rarely deal with protecting information itself which actually is the largest value for companies. Although those controls have their proven business value, unfortunately they do not provide enough information about who and in what way has used certain business information and where it has been stored.

If we look at business information as one of the biggest values for a company, then we want answers to following questions:

• Which business information resides in certain information system components (work stations, servers, etc.)?
• Who has access to certain business information and in what way?
• Is sensitive information copied to external removable media devices (CD/DVD, USB removable media device, etc.)
• Is sensitive business information shared without authorization to third parties (e.g. via electronic mail)?
• Who prints sensitive business information and on which printers? 
• Is sensitive business information transferred to external servers for data sharing and the similar. 

Information discovery and classification

In order to allow for protection and control over business information, first it is necessary to correctly identify and classify or tag that information. Digital Guardian supports various ways to detect and classify business information and some of the basic ones are:

• Information detection and classification on the basis of content (Content Inspection) – the way of working in which, via regular terms and other criteria, information content to be identified and monitored is defined. All the files that comply with the defined criteria are identified and tagged with special, transparent tags, allowing monitoring and control of information flows.

• Information detection and classification on the basis of context – the way of working in which information is tagged through adequate criteria or context. This can be, for example file location, file type, file size, etc. All files that comply with the defined criteria will be classified and their monitoring will be possible. 

• Information classification by user (User Classification) – the way of working in which the user himself/herself assigns classification tag to a document, in compliance with internally prescribed rules and procedures. For information classification by the user, Digital Guardian uses a third-party software which enables users to simply click inside the application interface choose a document classification tag that Digital Guardian will recognize and monitor afterwards. 

• Copying information to removable media device (USB, CD/DVD, Firewire, etc.),
• Sending information via electronic mail,
• Printing information,
• Network upload of business information,
• Using Print Screen operation on business data,
• Copying information between different systems,
• Information encryption and archiving, etc.

These are just some of basic examples, although the system allows for the setup of considerably more complex rules and policies. Digital Guardian rules allow for each detected event to have different actions setup, for example:

• Alert – generate alert for system administrator
• Block – block action
• Encrypt – protect information by encryption
• Prompt – warn the user about the recorded event 

Information encryption

Aiming at additionally protecting information from unauthorized use and misuse, Digital Guardian additionally enables information encryption, depending on the way it is being handled. The two functionalities of information encryption used most often are:

• Removable Media Encryption (RME) – in case the system registers the event of copying information to a removable media device and if the information complies with the desired criteria, they are encrypted. The method of encryption and decryption can be adjusted to the users’ needs, but information can be equally decrypted on computers with and without Digital Guardian agent.

• Adaptive Mail Encryption (AME) – similar to the previous example, with the exception that encryption is performed on information sent by electronic mail. Again, it is possible to independently setup the way information will be encrypted and the way they will be decrypted.

 

Reporting and alerting

Digital Guardian, through its central console, allows users to browse and generate reports about all the recorded activities, as well as to generate alerts in case of detecting potentially suspicious events. Through the central console, the user can get full access to the company’s business information record, its location and the way it is managed. The tool also contains a detailed forensic log of all the registered activities that can provide, if necessary, a detailed forensic analysis of potentially malicious events.