In our previous IRM vs. Insider Threat Surveillance blog post we discussed the importance of behavioral analytics as an input signal in determining insider-born risks. Why? Because without indicators of human intent to provide context to data from cyber-sensors that are capturing machine and application signals, there is no intelligence as to why or for what reason these risks are emerging. SOC personnel are inundated with alerts, they need something to separate the real from the false.
Detecting real insider threats requires processing, correlating, and triaging information from a variety of security solutions. Too much data—whether inaccurate, inconsistent, incomplete, or duplicate—makes this task more difficult. Too little data adds to their workload and makes finding threats quickly impossible. But security reporting is not just for security analysts.
Security and executive leadership require up-to-date and accurate reporting on the organization’s security profile and emerging threats. Incident response personnel need forensic data to block and recover from attacks. Compliance professionals need information to satisfy audits.
Insider Threat Surveillance solutions like Proofpoint ITM focus on raw evidential data in the form of video logs and event logs. In turn, these are processed as .CSV files using reporting solutions like Microsoft Excel. While these can be useful for SOC analysts, they provide little reporting value to management.
Unlike surveillance solutions, the DTEX InTERCEPT Platform provides actionable intelligence in an accessible, interactive format that delivers full forensic data and user investigation intelligence in only a few clicks. No additional analyst work required. It includes a full array of automated reports and dashboards containing intuitive and pivotable visualizations that are easy to understand and actionable for the analyst, incident response manager, and organizational leadership.
Specific CISO reports designed for consistent risk posture evaluation and improvement strategies. DTEX includes a rich array of customizable reporting options with a comprehensive set of visualizations and dashboarding capabilities for the advanced analyst and investigations teams.
Most importantly, DTEX provides full reporting without violating employee privacy with our patented pseudonymization technique. Raw data fields, including username, email, IP address, domain name and device name, are tokenized. When evidence indicates a threat, select privileged DTEX users can de-anonymize user identities for investigations. DTEX alerts security to suspicious activity early in the kill chain before data can be exfiltrated, while protecting user privacy until unmasking is warranted.
Protecting against insider threats doesn’t require intrusive surveillance of employees. To learn more about the differences between Insider Risk Management and Insider Threat Surveillance solutions, download our full e-book.
In our next IRM vs. Insider Surveillance blog post we will explore the issue of Time to Value between intelligence solutions and surveillance tools.