In the past few years, we have seen a massive correlation between data loss incidents and remote working. In fact, the DTEX i3 2022 Insider Risk Investigations Report found 75% of insider threat criminal prosecutions were the result of remote workers.
The challenge has been the lack of visibility in ‘WFH’ environments, and the failure of Endpoint Detection and Response (EDR) tools to identify insider risks.
Insider risk management is about detecting, disrupting and deterring insider risks before they become threats. Insider risk detection requires actionable data to afford early resolution well before data loss occurs. Actionable data is contextual, behavioral data that answers how and why employees interact with technology, files and systems the way they do – regardless of where they work.
Trust but Verify
Every employee that is hired is implicitly trusted with some level of access to organizational systems and data to do their jobs. When they are in the office, it is easy to see what they are doing – physically and on the corporate network. This is not the case in a home office. In 2022, our i3 Team observed a +200% year-over-year increase in data loss incidents associated with employees taking screenshots during confidential Zoom and Microsoft Teams meetings. In a busy office environment, this type of behavior would not go unnoticed.
For visibility, you might be thinking, ‘What about VPN access?’ Anyone who has tried to run a web conferencing service from home knows that turning the VPN off is the only way to make it work from time to time. Then they forget to turn it back on.
DTEX InTERCEPT was designed to solve this exact challenge, providing enterprise-wide visibility and contextual, behavioral data to enable security and risk teams to proactively identify insider risks. It is essentially a flight recorder for your remote employees, allowing you to trust but verify.
The platform has been designed to collect only the necessary data (the actionable data I described above) in a way that maintains the employees’ fundamental right to privacy.
DTEX EDR Integrations
In addition to having hundreds of behaviors built into the platform out of the box, DTEX InTERCEPT can integrate with EDR tools. By collecting alerts from the EDR tool, DTEX provides analysts with the easy button for doing forensic investigations around any alert they generate.
Analysts can pivot from the EDR alert to see and understand everything that happened before, during and after the successful execution of the malware. DTEX InTERCEPT can also predict the escalation of privileges early in the insider threat kill chain to prevent data loss and system sabotage.
The Partner Opportunity
Why is this important to partners? Simply put, you can double your revenue on your customers’ EDR spend at higher margins. EDR vendors are experiencing some churn and reduction in renewals due to the recent mass layoffs. DTEX is a hedge to help you maintain and likely increase your revenue and profitability.
To learn more about DTEX EDR integrations and the partner opportunity, contact DTEX.