WORKFORCE CYBER
INTELLIGENCE AND SECURITY

BLOG

A Human-centric Approach to Operational Awareness and Risk Management.

DTEX Named Best-in-Class UEBA Solution in 2021 GigaOm Radar Report

Happy New Year! It certainly is for us here at DTEX.

A few days before Christmas, on December 21st, GigaOm published its 2021 Radar Report for User & Entity Behavior Analytics (UEBA) and recognized DTEX Systems as a fast-moving, innovative leader. Most importantly, DTEX InTERCEPT tallied the highest score of the six vendors evaluated across three categories: Key Criteria, Evaluation Metrics, and Vendor Positioning.

“DTEX was placed in the feature and innovator quadrant as a fast-moving leader due to its distinctive approach to solving the challenges that drive large and distributed organizations to adopt UEBA solutions,” said Chris Ray, security researcher at GigaOm and analyst who authored the report. “InTERCEPT provides a deep level of insight into user and entity behaviors through its unique metadata gathering capabilities, delivering accurate and real-time insider risk intelligence without invading user privacy. The platform is simple to deploy and its dynamic capabilities reduce administrative overhead, while enabling security teams to make better decisions, faster.”

In the Vendor Positioning category, DTEX InTERCEPT received at total of 13 ‘+’ marks of a possible 18, the most of any vendor evaluated, accumulating the only ‘exceptional’ scores awarded in support of large enterprise customers and for its innovative light-weight agent-based deployment model.

The report determines “…The InTERCEPT platform leverages an agent to create and gather data, which is then sent to the InTERCEPT platform (either SaaS or on-prem), where it is ingested and analyzed, and malicious, negligent, and compromised behaviors are identified and can be disrupted and deterred with direct from platform communication and enforcement capabilities. Data that is commonly collected by UEBA platforms (like firewalls, load balancers, and so forth) is skipped in favor of metadata collected directly from the endpoint. DTEX refers to its agents as lightweight forwards because the forwarder has minimal impact on endpoints, consuming 3-5 MB of network bandwidth per day and using less than 1% CPU.”

Next, in the Key Criteria category, which evaluates how a vendor performs in areas that GigaOm considers differentiating and critical when selecting an UEBA solution, DTEX tallied 19 ‘+’ symbols of a possible 24, only matched by Gurucul. DTEX InTERCEPT was recognized for its leading behavior-based risk scoring capabilities, integrated investigation tools, data masking features that ensure user privacy, interoperability with other security platforms, and strong remote workforce protection.

Ray writes this about DTEX InTERCEPT, “A key differentiator for DTEX InTERCEPT is in how the data is collected. A common challenge for security teams is determining the intent of a user (malicious or not). To do this, additional data is needed to create the context around a set of events that can lead to the identification of malicious behaviors. The InTERCEPT platform takes a novel approach to creating the context for the security team. Leveraging the agent, the platform gathers verbose metadata from the endpoint (not typical Windows event channel logs or Linux syslog data), which is then correlated to provide a more detailed view of user and entity behaviors, enabling security teams to make better decisions.”

Ray goes on to recognize DTEX InTERCEPT’s strong integration capabilities, specifically when he outlines DTEX’s innovative partnerships with Splunk and CrowdStrike. “If your organization already uses Splunk or CrowdStrike, a key consideration is the depth of integration offered by DTEX with the two organizations. Because DTEX and Splunk have a formal partnership, DTEX is able to leverage components of the Splunk Enterprise Security platform (including the Risk-Based Assessment (RBA) scoring) to deliver unique insights. This augmentation can give your organization quicker insights into potential security concerns. Additionally, the partnership between DTEX and CrowdStrike integrates UEBA effectively into the CrowdStrike Falcon platform.”

Lastly, In the Evaluation Metrics category, DTEX InTERCEPT ranks at the top of the vendor list as well with 11 of a possible 15 ‘+’ symbols for its strong feature set, ROI, ease of use, cloud-architecture, scalability and flexibility within customer environments.

Within the Vendor Insights section of the Radar, Ray and GigaOm applaud DTEX InTERCEPT’s exceptional feature set for, “providing numerous out-of-the-box solutions for other UEBA problems. For example, it can anonymize usernames or other identifying information in events until either a risk threshold is breached, or you manually intervene to “unlock” the anonymized data to continue the investigation. Additionally, you can assign roles to users so that specific fields are anonymized for one role and not for another; this is a patented technology that also enables GDPR compliance. Other features, like mapping to the MITRE ATT&CK framework and “point and click” integrations for SOARs and SIEMs, are found in InTERCEPT as well.”

Ray and GigaOm also call out DTEX InTERCEPT’s ease of use and flexibility, writing, “Finally, InTERCEPT allows administrators to toggle data collection settings on endpoints dynamically to manage endpoint resources, which works by continually monitoring endpoint and user risk scores. If a user’s risk score reaches a certain threshold, additional monitoring (and data collection) is enabled for a period of time to gather more information while potentially malicious behaviors are occurring.”

In July of 2021, DTEX Systems and the InTERCEPT Platform was also recognized by GigaOm as a Fast Mover and Leader in the GigaOm Radar Report for Data Loss Prevention, 2021. A similar ranking in the Radar Report for User & Entity Behavior Analytics is no coincidence.

In fact, many other analysts, technology influencers, and early-adopter customers are recognizing the convergence of UEBA, DLP, and Insider Threat solutions and the efficiency and efficacy a single platform focused on Workforce Cyber Intelligence & Security can offer a distributed organization and its cyber security and IT teams.

To download a complimentary copy of the full GigaOm Radar Report for UEBA, visit https://www2.dtexsystems.com/UEBA-gigaom-radar-report-2021.