A major telecom company based in the Asia-Pacific region had launched a large-scale publicly funded project to upgrade its telecommunications infrastructure. With the launch of any major public project, mitigating unnecessary scandals or negative publicity that could cause a backlash and shake the public’s confidence in the project is a major key. Cybersecurity attacks can spiral into front-page news with a multi-day, if not a multi-week, lifecycle. Insider threats comprise a significant portion of cybersecurity risks, and this telecommunication company’s board and senior leadership wanted to ensure that it had a strong cybersecurity program in place to address that threat.
The company has 5,000 employees who are widely distributed and 8,500 endpoints that need to be defended. With that many employees generating the data required to run a modern telecom company, it is difficult to pinpoint the data relevant to mitigating the risk of insider threats. Too many false positives have security personnel chasing irrelevant noise, leading to alert fatigue and squandering resources with an already overburdened security team.
The deployment of a leading SIEM tool failed for precisely that reason. It was collecting a high quantity of data, but not the right quality of data. In the onslaught of information overload, it was impossible to detect threats or prioritize post-incident investigations.
The telecom company’s insider security threat team realized that the key to success would be capturing high-fidelity user data from the endpoints.
The company’s insider threat team quickly determined that DTEX was the only solution that offered a high-fidelity signal specifically targeted to user data. Because DTEX is light and scalable, as opposed to clunky SIEM deployments, it was easy to deploy and scale across the entire distributed landscape of the telecom provider. Additionally, it is flexible enough to grow if the telecom provider needs to expand.
A complete and easy-to-understand audit trail can enable investigators to quickly uncover user activity, such as who has frequently accessed the server, where critical files are stored, and what unauthorized users have been accessing confidential files. Additionally, as more information moves into the cloud, DTEX collects clipboard and remote print activities that malicious insiders may use to cloak illicit activities.
Top Use Case: Data Lineage
A previous project to identify and tag all organizational data helped the company identify its most important data assets. The DTEX solution enabled the company to collect metadata on all those important files, visualizing how confidential data moves through the organization. With the ability to see how people interact with confidential data, the telecom company can prioritize its security measures around which high-value data is most vulnerable.
DTEX helped this telecom company deploy an insider threat security program solution that helps the security team focus its energy on where it’s needed most.