The financial services sector is prone to insider abuse and data misuse, including fraud. For global banks and other financial institutions, the cost of a security incident can quickly add up to the millions or even billions of dollars, particularly if the regulators are involved. Security leaders are cognizant that cyber breaches are increasingly attributed to intentional and accidental insider threats – and the rise of remote working has only exacerbated the risk. Staying ahead of the game requires a mix of enterprise-wide visibility, contextual telemetry, and scalability.
This case study demonstrates how one of the world’s leading banks leveraged DTEX’s lightweight InTERCEPT platform to uplift its insider risk capability maturity while being able to demonstrate mandatory regulatory compliance.
Challenge
The bank needed to extend visibility to its remote workforce at scale. Their existing UAM platform could only scale so far, so being able to provide visibility across hundreds of thousands of remote employee laptops was non-negotiable.
Accessing high fidelity telemetry was also paramount, given the excess complexity and high rates of false positives from their existing stack – a mix of point solutions. Being able to understand and action the data was also key. They needed data they could rely on – data they could act on as early in the insider threat kill chain as possible to proactively stop exfiltration occurring in the first place. By being proactive, the bank could prevent exfiltration through a mix of education, culture change and security controls – depending on the context, as defined by the data.
Finally, the bank needed the ability to quickly and easily generate 24/7 audit trails to demonstrate regulatory compliance and avoid hefty fines that can cause reputational harm.
Solution
In the initial phase, the bank deployed DTEX InTERCEPT across its remote workforce. During the process, the bank realized the data being generated from DTEX was more valuable than the data being generated from their existing stack, comprising DLP, FIM, UEBA and UAM technologies. Where DTEX provided context and early warning risk indicators based on intent, left of boom, the point solutions only provided data after the security incident.
With proof that DTEX provided enterprise-wide visibility and valuable data at scale, the bank started a process of consolidation, ditching their point solutions in favor of InTERCEPT as its primary source of insider risk data and leveraging the high-fidelity telemetry to also empower the SOC.
That DTEX provided a complete non-trigger-based audit trail was also a major differentiator. DTEX InTERCEPT is now central to the bank’s regulatory framework, providing meaningful insights into their data handling processes and privacy policies.
Today, not only does the bank satisfy the regulators, but it arguably has the most sophisticated and mature insider risk program on the planet – a mass differentiator and competitive advantage in its own right.
When it comes to insider risk mitigation, context is king. Contact us to learn how InTERCEPT can protect sensitive data, at scale, left of boom – no matter where your employees work.