Developing a Modern Path Forward for Insider Threat Detection in Federal Organizations

Developing a Modern Path Forward for Insider Threat Detection in Federal Organizations

https://www.dtexsystems.com/wp-content/uploads/2019/07/federal-blog-header.jpg

Today, we were very pleased to announce that Dtex has officially received a US Department of Defense Authority to Operate. Receiving this ATO means that our solution has been approved against the DoD’s stringent security standards. It also means that we can now begin bringing our modern approach to user monitoring and insider threat detection to federal organizations across the DoD. 

 The federal government has a particularly strong need to protect data -- the information that they handle is, after all, a matter of national importance. This is why it is especially crucial that federal organization see how their users are interacting with data at both a macro and a mirco level. It’s not enough to monitor every move a user makes. All organizations -- including federal orgs -- need to be able to quickly contextualize user behavior in an overall risk landscape. In order to do this, visibility needs to go beyond reverse-engineering log file data, keylogging or screen capture, or rule-based alerting. While all of those tools can play a role in a greater security posture, federal organizations need a foundation of more sustainable visibility. 

We believe that a modern approach to insider threat detection, management, and investigation makes this possible. This is why Dtex was built from the ground up to provide meaningful, lightweight, organization-wide insights into user activity and potential threats. Dtex’s strategy of collecting specific user activity metadata from the endpoint and then using machine learning to baseline and analyze that data gives federal organizations a bird’s eye view of the big picture. 

This provides the ability to strike a delicate balance: knowledge without heavy performance impacts inflicted by heavier solutions based in screenshots, recording, or keylogging. Dtex’s tailored metadata-based approach offers insightful visibility that is real-time and easily scalable. Not only is this approach generally more sustainable than solutions built around heavier, more invasive methods, but it also offers federal organizations a cheaper, easier, and more effective route to CNSSD 504 compliance. 

Currently, Dtex has a two-year project underway with DISA for insider threat detection, including a strong focus on credential misuse. The visibility that Dtex provides and its machine learning and risk scoring make it uniquely poised to solve these problems in the federal space. 

What’s more, the data that Dtex collects is invaluable when it comes to federal organizations attempting to achieve MITRE ATT&CK Matrix coverage or organizations that are utilizing the NSA Cyber Threat Framework. 

After detecting and investigating insider threats at many enterprise organizations and kicking of an ambitious and exciting project at DISA, we are excited to explore the new opportunities that the ATO opens up for us in the federal space. Above all, we look forward to helping federal organizations forge a modern and innovative path forward in their insider threat strategies.

For more detailed information about how Dtex helps federal organizations, download our whitepaper here.