09:17 PM
Dark Reading
Dark Reading
Products and Releases

Digital Guardian Releases New User and Entity Behavior Analytics Capability

Delivers advanced analytics and anomaly-based detection to give deeper insight into suspicious activities surrounding sensitive data.

Las Vegas, Nevada – August 7, 2018 Digital Guardian today announced that it has released new User and Entity Behavior Analytics (UEBA) capabilities for its cloud-delivered Data Protection Platform. Supplementing data classification and rule-based policies, the Digital Guardian Data Protection Platform now delivers advanced analytics and anomaly-based detection to give deeper insight into suspicious activities surrounding sensitive data. Digital Guardian’s UEBA capabilities significantly enhance its Data Loss Prevention (DLP) and Endpoint Detection and Response (EDR) applications for more effective identification, mitigation and communication of enterprise data risk.

The Digital Guardian Data Protection Platform extends beyond its statistical means to leverage advanced machine learning techniques to gain an understanding of how both users and entities typically behave within an environment. By first establishing a baseline of normal activity, Digital Guardian can identify anomalies amongst vast data sets to trigger alarms when detecting changes in user and system workflows, application executions, and data accessed or moved. Digital Guardian delivers the added visibility and context to enable faster and more accurate determination of real risk.

“Effective data security begins by understanding the risk associated with how users and systems interact with data,” said Ken Levine, president and chief executive officer, Digital Guardian. “CISOs are in the business of managing risk and our UEBA technology enables them to make more effective business decisions. Digital Guardian is introducing an innovative risk based approach to threat prioritization – we are enabling security teams to not only reduce incident remediation times with high fidelity alarms, but also prioritizing the most important and severe alarms targeting organizations’ sensitive data.”

The UEBA capabilities are visualized through a unique Executive Risk Dashboard, which combines the ability for security analysts and business leaders to view the most suspicious behaviors in their enterprise and rapidly pivot into full details of the anomalies, data loss events and suspicious endpoint activity. This also enables organizations to visualize, assess and understand their risk posture more effectively, allowing executives to have deeper policy discussions and set appropriate controls for safe-guarding sensitive data.

“We are constantly innovating our cloud-delivered Digital Guardian Data Protection Platform, and our new UEBA capabilities provide our customers with more effective risk management and deeper visibility into suspicious activities,” said David Karp, chief product officer, Digital Guardian. “We have rounded out the triumvirate of key capabilities by combining behavioral analytics, data loss prevention, and endpoint detection and response and are uniquely capable of understanding sensitive data and protecting it from all threats – whether they originate with a trusted insider or external adversary.”

“UEBA can be useful for every data protection program as it enables enhanced detection for insider threats and identifies potential anomalous activity in real-time. This can help accelerate investigations and time to resolution,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group. “Integrating UEBA into the Digital Guardian Data Protection Platform can provide a higher level of protection for corporations looking to protect their most sensitive data and critical assets.”

Key Benefits of Combining UEBA Capabilities with the DG Data Protection Platform

Prioritize and Investigate the Most Serious Risks – Digital Guardian UEBA monitors the most comprehensive set of behavioral events about your systems, users and data, and quickly pinpoints anomalies. Digital Guardian can collect and preserve chain-of-custody forensic evidence including capture files, system artifacts, screenshots and keystrokes, allowing incidents to be reconstructed in their full context. Alarms are triggered for the highest fidelity indicators that warrant additional investigation.

Detect and Mitigate Threats Faster – accurately identify and stop insider threats by employees, contractors and privileged users before sensitive data leaves the organization. Real-time user and entity analytics understands which behaviors or actions deviate from baseline activities and represent risk. Digital Guardian’s deep visibility and automated data classification gives context to those actions by highlighting the behaviors targeting the most sensitive assets. Flexible, and automated controls allow benign actions but block risky or unusual behavior.

Reduce Dwell Time – Digital Guardian’s cloud-delivered Data Protection Platform can detect threats and stop data exfiltration from internal and external threats. User and entity behaviors are aggregated to create risk scores to help analysts identify actions that are indicative of real threats. Once confirmed, analysts can blacklist processes across the enterprise from virtually any screen enabling faster and more accurate response for real-time remediation. Policy changes can also be made from the same screen.

Security Analyst-Approved Dashboards and Workspaces for Guided Responses – Digital Guardian’s expert team of threat hunters, incident responders, and information security analysts developed workspaces to guide security professionals to the events that matter when identifying anomalous and suspicious insider activity. Digital Guardian’s Executive Risk Dashboard aggregates risk scores to simplify communicating risks to other executives and board members, while providing granular access to the individual behaviors and events security teams require to identify activity compromising systems and data, then build and enforce policies to protect sensitive information.

To learn more please read the Digital Guardian UEBA Solution Sheet or visit:


Digital Guardian provides the industry’s only threat aware data protection platform that is purpose built to stop data theft from both insider threats and external adversaries. The Digital Guardian platform performs across the corporate network, traditional endpoints, mobile devices and cloud applications and is buttressed by a big data security analytics cloud service, to make it easier to see and block all threats to sensitive information. For almost 15 years, it has enabled data-rich organizations to protect their most valuable assets with a choice of on premises, SaaS or managed service deployment. Digital Guardian’s unique data awareness combined with behavioral threat detection and response, enables you to protect data without slowing the pace of your business. To learn more please visit:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/19/2018
Good Times in Security Come When You Least Expect Them
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  10/23/2018
NC Water Utility Fights Post-Hurricane Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
PUBLISHED: 2018-10-16
Z-BlogPHP (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.