Digital Guardian DLP – Key Notes

Fortra & Digital Guardian Overview

  • Digital Guardian (DG) = Data Loss Prevention (DLP) solution under Fortra.
  • Fortra security coverage: \text{Recon} \rightarrow \text{Objective} with modules for vulnerability mgmt, email security, ZTNA, FIM, data security, etc.
  • DG sits in Fortra’s Data Protection suite alongside:
    • Data Classification Suite (formerly Titus)
    • Secure Collaboration (Boldon James / Vera)

DLP Pillars

  • Endpoint DLP: controls printing, USB, CD burn, Bluetooth, copy-paste.
  • Network DLP:
    • Email: via MTA / NextHop
    • Web: via proxy (iCAP)
  • Cloud DLP: Secure Web Gateway, CASB, ZTNA options.

Deployment Models

  • SaaS: hosted in AWS; Fortra handles infra, scaling, updates.
  • MSP: SaaS + 24×7 operations by DG analysts.
  • On-Prem: all components in customer environment.
  • Hybrid: mgmt + network appliances on-prem; Analytics & Reporting Cloud (ARC) in AWS.

Core Architecture Components

  • Management Console (web): policy creation, RBAC, agent deployment, reporting.
  • DB Server: stores configs & events (recommended separate host).
  • Endpoint Agent: kernel-level; monitors user, system & data events; enforces policy even offline.
  • Network Appliance: inspects traffic (email/web); separate from console.
  • ARC: cloud analytics—user behavior, data flows, incident mgmt.

Key Features

  • Kernel-level visibility → deep context & precise control.
  • Pre-built Content Packs: e.g.
    • Generative AI site list (ChatGPT, Copilot, etc.) to block source-code leaks.
  • Automatic & rule-based Data Classification (regex, keyword, “like”).
  • Flexible actions: allow, block, mask, encrypt; secure collaboration via Vera.
  • Integrations: SIEM, user-activity (e.g. Teramind), chat tools (Slack, Teams, WhatsApp).

Compliance & Policy Templates

  • Out-of-box rules for \text{PCI, HIPAA, GDPR, ITAR, CUI, PII, PHI, Source Code} and Indonesia’s PDP.

Licensing Snapshot

  • Endpoint DLP and Network DLP licensed separately.
  • Network DLP split: Web and Email each require own licence; appliances can be virtual or physical.
  • Proxy/MTA infrastructure supplied by customer; DG supplies inspection appliance.

Demo Highlights (summarised)

  • Auto-classify file by content/ folder rule; tag appears in file metadata.
  • Block/ mask classified content sent via WhatsApp.
  • Real-time dashboard shows agent status, alerts, email/web trends.
  • Policy wizard: choose event (file create, copy, email attach, etc.), set match (regex/like/equal), assign action.

Typical Use-Case Flow

  1. Create policy in Management Console.
  2. Deploy/ configure Endpoint Agents or Network Appliance.
  3. Events forwarded to ARC for analytics & reporting.
  4. Compliance dashboards and incident queue available for SOC.

Customer Discussion Points

  • Artajasa needs Network DLP (on-prem) to protect critical servers without installing agents.
  • Console planned as VM; network appliance as physical device.
  • Endpoint DLP already handled by Trellix; focus now on network monitoring.
  • Next steps: sizing, pricing proposal, then UAT/POC post-internal “unfreezing” process.