Join our panel during Black Hat 2024 – Blurred Lines: Investigating the Convergence of Internal and External Threats



Insider Risk Insights - DTEX Blog

Time to Value for Insider Risk Management is Key to Adoption & Success

Time to value for Insider Risk Management blog post

In previous posts we have covered several critical factors for organizations to consider when comparing insider risk management and insider threat surveillance solutions. This post will discuss a more basic business factor: Time to Value.

When organizations evaluate solutions, they consider features, total cost of ownership, and the impact on their business of adding the technology. They expect benefits in return. The sooner they see those benefits, the better. The time required to realize benefits is known as time to value. Rapid time to value provides organizations with demonstrable proof that they selected the right solution. Dollar for dollar, solutions that provide value quickly will also have a better return on investment.

In contrast, solutions that require extensive configuration, employee training, or a change in how employees work will have a longer time to value. Delaying time to value can result in resistance in the organization (“this thing isn’t working”) and wasted fees on unused licenses. It can also cause initiatives to lose momentum and turn solutions into shelf-ware.

Insider threat surveillance solutions like Proofpoint ITM start with a disadvantage. Operating costs are necessarily higher due to the volume of data collected when capturing and processing video. Endpoints may need more processing power to support their requirements for system resources. Storage requirements for raw video, keystroke logs, and screen captures are also higher.

Solutions that are difficult to scale can inhibit rollouts, as discussed in a previous post. We see this in traditional data loss prevention solutions that require extensive “tuning” of rules dictating which users can take specific actions with each category of data. In that example, each time a new data set or group of users is added, new rules are required. This, too, is a prominent characteristic of insider threat surveillance solutions. These require dedicated deployment windows to avoid disrupting worker productivity, different deployments, and support for MacOS, Windows, Linux, Citrix, and Android, and often interfere with existing endpoint agents for antivirus and identity and access management solutions. Troubleshooting conflicts between vendors’ solutions complicates rollout and delays time to value. It leads some users to delay full deployment or simply limit deployment to fewer endpoints, leaving paid licenses unused.

Protecting against insider threats requires solutions that can discern between legitimate use and malicious intent and be deployed quickly at tremendous scale. DTEX installs across hundreds of thousands of endpoints in only a few hours and begins protecting information immediately with analytics based on proven human behavioral patterns. DMAP+ Technology’s effectiveness doesn’t depend on constant human intervention.

Unlike intrusive surveillance solutions, DTEX InTERCEPT does not require extensive overhead. It provides a lightweight, zero-impact, cloud-native solution that collects only 3-5 MB of data per user each day with low CPU usage and zero impact on employee efficiency or performance. This allows customers to experience rapid time to value:

  • Day 1: Within the first 24 hours, DTEX InTERCEPT begins calculating user, peer group and organizational behavioral baselines.
  • Day 10: InTERCEPT is identifying anomalous behaviors that stem from malicious, negligent, or compromised users.
  • Day 14: DTEX InTERCEPT’s accelerated deployment and information gathering delivers Internal Risk Benchmarks and produces an executive overview of organizational risk and actionable recommendations.

Rapid time to value requires solutions that are simple to deploy and manage, without the need for extensive overhead. DTEX InTERCEPT provides these capabilities and protects organizations from insider threats without violating user privacy.

The next post in this series will cover the differences in how Insider Risk Management and Insider Threat Surveillance solutions integrate with an organization’s existing security ecosystem. Download our e-book IRM vs. ITM for the full comparison of these two solutions.