WALTHAM, Mass., June 4th, 2015 – Digital Guardian, the only endpoint security platform purpose built to stop data theft, has released the Digital Guardian App for Splunk. The Digital Guardian App for Splunk harnesses the power of Splunk® Enterprise’s big data analytics capabilities to more rapidly detect and respond to insider attacks and advanced threats targeting sensitive data.
Digital Guardian solutions provide granular security event data on endpoints and servers (Windows, Mac OS X and Linux) for user behaviour and process activity, including information describing which users and processes are accessing and attempting to exfiltrate sensitive data, a key indicator of malicious activity.
Digital Guardian has also developed a Splunk Add-on to natively collect and export the full richness of Digital Guardian data into the Splunk App for Enterprise Security. This add-on is specific to Digital Guardian solutions, with dashboards on Data Classification, Data Egress, Advanced Threat Detection, Alerts, Events, Process Activity, and Operations.
With Splunk Enterprise, organisations can collect their data, enrich it and perform real-time analytics, so users can obtain full visibility across all departments and benefit from high-fidelity alerts. Splunk solutions can correlate Indicators of Compromise (IOCs) detected on the network and enable joint customers with Digital Guardian endpoint events to filter out false positives, immediately understand which endpoints have been infected by threats, and prioritise which alerts need immediate attention. Armed with this visibility, users can deploy Digital Guardian’s real-time endpoint mitigation rules to block threats and quarantine systems before malicious code can propagate and sensitive data can be exfiltrated. The Splunk platform now gives Digital Guardian the ability to improve incident response and mitigation times for customers.
Download the Digital Guardian App for Splunk and Technology Add-on (TA) for Digital Guardian in Splunkbase, the Splunk app store.
Executive Perspective
“Digital Guardian’s data goes beyond endpoint forensics to bring together what users and processes are doing with their most sensitive data on the endpoint,” stated Jon Oltsik, senior principal analyst at the Enterprise Strategy Group. “Digital Guardian’s heritage in data protection can help organisations align data security and security analytics, enhancing the cybersecurity purview of systems like the Splunk platform.”
“Analysing machine data from security events on endpoint computers is an important part of the threat detection and response process, and security teams strengthen their security posture by using Splunk solutions to analyse this data collectively with all other data across the organisation,” said Haiyan Song, senior vice president of security markets, Splunk. “The alliance between Splunk and Digital Guardian helps our joint customers obtain a greater level of Security Intelligence across organisations.”
“We understand that customers can be inundated with alerts from multiple security systems. Digital Guardian believes the best way to reduce the threat surface for our customers is to provide them with actionable information about which threats are accessing their most sensitive data,” Doug Bailey, chief strategy officer at Digital Guardian. “With Digital Guardian’s security event data now in Splunk Enterprise it makes attacks to sensitive data visible so customers can focus their efforts on stopping breaches.”
