Next-Gen Antivirus (NGAV) technology has greatly improved many organizations’ abilities to detect, identify, and stop malware from infecting their endpoints, servers, and networks. Its efficacy over legacy solutions is undebatable. So why are we continuing to hear about the frequency and severity in data breaches increasing? It’s simple really—humans. Users remain the elusive ‘missing link’ whose behavior has the most impact on an organization’s risk posture.
In a recent webinar, we heard from Stephen Seljan, Security Operations Manager at Equinix, who shared how Equinix is supercharging its NGAV tool with Behavioral DLP and human activity forensic capabilities that maintain user privacy with the help of DTEX InTERCEPT.
Below, we’ve summarized the key points highlighted within the webinar for those not able to listen for the full hour. Hopefully, learning about the seven ways Equinix is utilizing Workforce Cyber Intelligence and Security alongside NGAV will help other organizations emulate what the company has done successfully to improve their own security posture.
- Root Cause Analysis
Back in February, Equinix had a user whose Office 365 account was compromised with a known MFA bypass vulnerability. This led the company to ask several questions: Was this a drive by? Was this scanning? How did this happen?With DTEX, Equinix’s SecOps team was empowered to go back through this particular user’s history in detail to see that he unknowingly fell victim to a targeted phishing attack. With the ability to duplicate everything that happened, the company was able to determine how the attack occurred in addition to identifying other weaknesses introducing areas of vulnerability. This level of visibility and root cause analysis proved crucial in explaining this first attack and preventing future attacks.
- Data Exfiltration
All companies continuously strive to prevent data exfiltration. Equinix has worked with DTEX to help solve this challenge by looking at the amount of data and specific files an individual transfers. For instance, with the capability to see file names and distinguish whether files are sensitive, SecOps and Endpoint Security teams have the granular telemetry needed to identify sensitive file paths, so IT teams can be notified if any employee accesses those directories. With this visibility, IT teams can confirm whether the individuals accessing the data should indeed have access to that data and if that data has been renamed or encrypted, helping to prevent the exfiltration of sensitive files.
- Work-From-Home (WFH) Engagement Monitoring
The shift to remote work has made it increasingly difficult for businesses to tell what employees are doing. With DTEX, Equinix can anonymously compare the processes of team members alongside one another to evaluate productivity. This helps the organization to balance workloads more effectively, spot any activities that shouldn’t be occurring, and support team members to increase productivity.
- Malicious Insider Detection
Equinix, along with other organizations, is constantly working to deter the activity of malicious insiders. DTEX’s workforce cyber intelligence and security solution enables the company to anonymously identify what users are engaging in these types of behaviors. So, for example, if a user creates a fake email to send anonymous notes, the organization would be able to see that the anonymous user was engaging with that address through their device. From there, they would be able to identify the individual and address the malicious activity head-on.
- Shadow IT/ Unwanted Applications
Unwanted applications are a huge problem today, especially given the shift to remote work and the friction between IT teams and other members of the organization. In the case of unwanted apps, Equinix can look at the most used and least used apps in its environment. With this intel, the company can pinpoint what the least used apps are and evaluate whether they’re necessary. This has enabled the company to spot malicious actors and negligent users introducing risk, and to identify potential licensing issues.
- Early Ransomware Detection
Equinix has benefited from creating notifications for network share discovery. This means anytime files are found on a network share, DTEX helps to rewrite those files and encrypt them. By detecting early whether a system or server is accessing any network shares out of the norm for that host, the company can stay one step ahead of these types of attacks with a holistic, contextual view of their entire computing asset stack.
- User Lockout
The ability to lock users out of their system is crucial, especially with users working remotely and in the case of malicious insiders. With this lockout, if users try to login to their system, they will immediately be logged out. This is essential in preventing data exfiltration.
Next-Gen Antivirus (NGAV) technology on its own has helped to improve many organizations’ abilities to detect, identify, and stop malware from infecting their endpoints, servers, and networks. However, data breaches still occur as a result of NGAV’s missing link—humans.
With Workforce Cyber Intelligence & Security, organizations like Equinix are empowered to understand the human element and the sequences of human behavior that are impacting an organization’s risk posture so that it can be improved while maintaining trust and transparency. DTEX InTERCEPT is specifically designed to collect the minimum amount of data needed to build a forensic audit-trail in a privacy compliant manner. Unlike data-centric DLP and UEBA tools or intrusive employee monitoring solutions, DTEX Systems collects application metadata only, i.e.
- No file scanning
- No email content captured
- No website content captured
- No conversations captured
- No screen recording
- No keystroke logging
Interested in learning more about how DTEX’s insights are providing an extra layer of security protection? Please contact us. We look forward to hearing from you.