Join our panel during Black Hat 2024 – Blurred Lines: Investigating the Convergence of Internal and External Threats



Insider Risk Insights - DTEX Blog

DTEX Delivers Visibility into User Behavior and Phishing Activity

Insider Threat Management and Protection software spider graph solutions page

Over the past few years, phishing attacks have grown increasingly sophisticated. Early phishing methods could best be described as “smash and grabs,” where attackers used brute force and volume in the hopes that they’d get lucky with a few of their thousands of targets—people who may not be overly cautious about which links they click on.

Today’s attacks are far more methodical, with attackers studying human behavior and applying social engineering tactics to targeted individuals with “low and slow” attacks that can fool even the most discerning victims. The shift in focus toward exploiting human behavior inside corporate networks is working: one recent report found that phishing was the second-leading cause for enterprise data breaches, and the attack type that leads to the most financial damage, with the average breach from phishing costing organizations $4.91 million.

The Challenge
Attackers have become very adept at bypassing traditional security tools. One DTEX customer in the energy sector recently came to us after they began getting inundated with invoice-themed malicious phishing emails, which sailed through an established network defense solution and into thousands of employee inboxes. The first sign of a potential issue came when a proxy service flagged that a number of employees had visited malicious URLs. Unfortunately for this organization, the service provided almost zero visibility into the critical areas required to get to the bottom of this, including how the attackers accessed the network, how many users were affected, and the total extent of potential damage.

The Solution: DTEX
The affected organization needed more visibility into the details of the compromise and turned to DTEX, which empowers its customers to easily see, understand and act on contextual intelligence to stop insider threats and prevent data loss with real-time visibility into user behavior. Without this insight, it was impossible to understand what kind of foothold the attackers had inside the networks.

DTEX determined that the malicious actor was able to successfully breach the network and infiltrate employee inboxes using sophisticated techniques commonly used to avoid detection by perimeter defense solutions. DTEX provided visibility into the tactics and techniques used by the attackers, including dynamic email subject lines, URLs, documents and executed payloads, all used to prey on what are typically mundane day-to-day activities for today’s employees: email communication, document review and administrative task management.

Using DTEX, this customer was able to retrace the steps of user behavior that led to the breach, making it possible to find and secure all compromised endpoints quickly instead of pursuing manual, time-consuming remediation efforts or simply hoping for the best.

Traditional perimeter security solutions are simply no match for today’s sophisticated attackers. In any network, it’s the users who will invariably be the last line of defense. If you don’t have visibility into how human behavior is impacting your security posture, it’s only a matter of time before this last line is compromised. If you aren’t comfortable with the level of visibility your organization has into potential insider risks, you can get your free insider risk assessment today or contact us here for more information!