Previous to mid 2014, a company dominated the hosted data loss prevention (DLP) space and I had the opportunity to deal with them several times.
That company was Verdasys and they were run by CEO Jim Ricotta. Fast forward to late 2014 though, and the times changed at the company. I met with the new EMEA vice president Eric Driehuis, at a company now calling itself “Digital Guardian”.
It takes a lot of courage to change the name. Driehuis explained that this was because the pronounciation of Verdasys in different countries was a challenge for the company, and more people knew the product Digital Guardian than the company name and after some research, the decision was made to change the name of the company to be in line with the company name.
“In our whole rebranding approach, it was not just the name change; it is the messaging that comes with it,” he said. “Our website has had a massive change, and one thing that is the same is the message that of all these different technology vendors, we do things drastically differently.
“Instead of being a ‘me too’ company, we said let’s be ‘me different’, and we did that with a new logo and colour scheme, and it stands out and it took a few people a while to get used to but it has definitely caught on.”
He said that the message is now “security’s changed”, and it wanted to change the way people think about the space.
He said: “The way we think about it is we look at the data, and we want people to take away that we take care of your company’s most sensitive data. We stop data theft, but some call it DLP still and one pharmaceutical said they tried with some of our competitors and both times it failed, so it is a contaminated word. So we do not use the term DLP. We say that there are two things that are important – data protection and endpoint. That is a key differentiator, and we chose the endpoint as that is the point of risk and the point where you touch and manipulate data, and that is why we believe you should be at the point of risk. “
Driehuis explained that now that security has changed, it is changing the way the world looks at protecting data but also, it wants to be an agent of change. “We sell an agent so our agent technology sits on the endpoint and sits at the kernel level, so it is as close to the operating system that it can see everything that happens on the endpoint because it sees everyrthing the user has,” he said.
“It sees what responsibilities and authorities you have, which data you are allowed to touch through which applications and where you focus, what the destination is and we see all the data and events and that is technology that if you put it to use, companies can truly benefit from that.”
I asked him about the contaminated term of DLP, a term that James Lyne called “disastrous ludicrous project”. Driehuis was amused by that, and admitted that it is a problem that is not solved independently or as a service, and why other vendors calling this an integrated suite – where users peel off two layers and find that it is the same stuff that they have already bought.
“This is why we are different and our new CEO Ken Levein (formerly of Nitro Security and McAfee) has brought with him his team and he knows what it can do for him,” he said.
“In essence these guys saw great technology and feel that we started as a company doing the hard part first, with the data protection on endpoint and with an agent that does what we do. We believe that it takes time to do it right and we have ten years under our belt doing it, now we have a nice ‘customer wall’, a good r
ecord on good patent holders, people who have IP and we are number one rated by Gartner in IP protection.”
Driehuis said that Digital Guardian does not “slice and dice” everyrthing, and its initative is to tackle 80 per cent of the problem by finding the crown jewels and protecting them. “We would rather focus on the sensitive data, and that is one of the reasons we do things slightly differently,” he said.
He said that there is more desire for DLP solutions, especially from top end organisations, as sensitive data needs to be shared around in the course of doing business, but it needs to be done in a secure way and in a way that ensures that it doesn’t get into the wrong hands.
I asked him that with so much focus on the inbound, is there not enough on outbound? “We call that data egress, but others call it insider threat as a person either unintentionally or maliciously steals data,” he said.
“We started out doing this from an insider threat point ot view. We see all the events at the kernel level as we understand the context, the content and the user – those three give you a behavioural code and if you see all things that happened, would you also not see malware come in as it has a different behavioural pattern?
“If you see a lateral spread connecting to an IP address we can determine that to probably be malware, and that is one of the things we started with. The cyber threat (external threat),is something we are investing a lot of time and money in; it is it the outside hacker trying to get in who have certain behaviours and that is where we are investing in.”
Eric Driehuis, VP EMEA of Digital Guardian, was talking to Dan Raywood