Meet Ai3, the DTEX Risk Assistant. Fast-track effective insider risk management with guided investigations.



Insider Risk Insights - DTEX Blog

Dtex Platform Updates: Delivering Scalable, Cloud-Ready Insider Threat Detection

Today marks an exciting day here at Dtex, as we introduce a series of product updates aimed at making our Advanced User Behavior Intelligence platform even more comprehensive, flexible, and scalable. Enhancements include an advanced integration with Amazon Web Services (AWS), new enterprise-level automation features, and expanded endpoint monitoring capabilities – enabling our customers with even the most modern security infrastructure to protect against insider threats, at full scale, without impacting performance or compliance.

Our top priority in developing these updates was to focus on what we believe is a core element of the most successful enterprise security approaches: scalable innovation. To us, that means delivering consistent innovation in user behavior intelligence coupled with an approach that scales. One that can grow as our customers’ needs evolve, and as they increase the number of users – and endpoints – that require visibility and monitoring.

It also means ensuring that the Dtex platform evolves at the same rapid pace that the security landscape is evolving. As more of our customers adopt security approaches that rely heavily on Big Data to detect threats in real time, we’ve seen a shift away from on-premise security infrastructure deployments in favor of public or private cloud-based deployments – and expect this trend only to continue. This transition has uncovered a critical need for security solutions that can work seamlessly within these more agile, flexible cloud-based environments.

In an effort to meet this need, we’ve enabled organizations with private cloud environments running on Amazon Web Services (AWS) to deploy Dtex from directly within an AWS account using a prescribed deployment template that we customize and provide. We’ve included support for Auto Scaling to help customers maintain application availability and allow them to dynamically scale their Amazon EC2 capacity up or down, according to conditions they define. And after rigorous testing, we’ve demonstrated the ability to support even the largest, most established institutions with comprehensive endpoint visibility and monitoring at full scale.

We’ve also made enhancements in both the range and granularity of our endpoint visibility and management capabilities. For customers with Mac environments, we recognize the challenges resulting from the upgrade to High Sierra MacOS and the requirement that users provide consent to install third-party kernel extensions (KEXTs), as many endpoint agents rely on KEXT for threat protection. By opting to remove all KEXTs from our Mac endpoint collector, we have eliminated the need to enable and disable KEXTs at the user level, thereby ensuring these organizations maintain complete control over their endpoint security stacks.

In addition to Mac and Windows desktops or laptops, we’ve expanded our endpoint visibility to also span a number of common server environments – including Citrix XenApp, Citrix XenDesktop, and Microsoft Terminal and File Servers. For the significant population of enterprises using Citrix or Terminal Servers to manage employee access to applications and data, we’re enabling full visibility into user behavior happening on these servers, including privileged users. With the ability to more closely monitor privileged user behavior that occurs on these servers, Dtex can tie that behavior to other user endpoint activities to understand privileged user abuse. And with the prevalence of the misuse or abuse of privileged credentials plaguing the enterprise (and the devastation that can occur as a result), it’s more critical than ever to eliminate this blind spot.

Many of our customers have also asked us about watching the watchers, the classic case of who is watching the analysts who are hunting and triaging insider threats. Dtex has taken a step forward in this scenario by providing a secure audit capability which allows a few credentialed users to monitor the activity of all the analysts on the Dtex server. Provided the customers use SSO or AD to segregate roles and responsibilities of different users using the Dtex Server and the management UI, only a few individuals will have access to the audit information.

For our customers faced with ever-changing security and compliance requirements, we’ve also developed new automation features to support the process of re-hydration. We recognized that organizations, particularly those in regulated industries, such as large financial institutions – are now looking to re-hydrate their servers on a regular and consistent basis (every 30 to 60 days), ensuring all are patched and up-to-date while also eliminating vulnerabilities and making servers more secure in the process. This requires that server operating systems be completely wiped and re-installed with no downtime or data loss, which ensures that all previously accessible data is quickly and smoothly transitioned over to new systems. So, to enable Dtex Analytics Server rehydration, we set out to automate this entire process – including seamless backup, restoration, and migration of all user behavior data at the time of rehydration.

What’s perhaps most exciting is seeing these enhancements already meeting critical and essential customer needs, such as those at leading global financial institutions. As many implement more cutting-edge approaches to cyber security, there’s a growing imperative that all vendors and technologies meet highly specific performance standards. With Dtex, real-time visibility into user behavior means analysts can receive real-time security alerts – allowing them to take swift, immediate action in addressing and mitigating potential insider threats. We’re also seeing a zero-tolerance policy when it comes to any negative impact on the endpoint, and since Dtex’s lightweight endpoint collector averages just 0.2% CPU usage for a normal user, it is one of the very few endpoint-based options that meets this requirement.

Access to rich user behavior data is also allowing these customers to quickly identify and operationalize additional use cases. From the monitoring of particularly sensitive documents to the utilization of application licenses, they’re finding that user behavior intelligence can be applied to make things run better, faster, and more efficiently, not just more securely.

And most importantly, they’re discovering first-hand that security does not need to come at the cost of performance, scalability, and innovation.

For more information, visit To see these updates in action, get in touch with us at