The Audit Trail in Action, Revealing the Full Kill Chain
No other solution offers an audit trail as complete, including detailed visibility into every step of the insider threat kill chain. Take, for example, the below audit trail of a data theft incident:
User accesses confidential server.
User switches from corporate wifi to mobile hotspot network.
User escalates privileges.
User copies 121 files to their local desktop.
User compresses those files into "ClientList.zip" and encrypts it.
User renames "ClientList.zip" to "MomsPieRecipe.pdf"
User uploads "MomsPieRecipe.pdf" to Dropbox.
With this timeline of user behavior, analysts can quickly understand the full context of this incident:
The intentional obfuscation of the file name and the switch off of the corporate network show analysts that this was an intentional, malicious incident.
The audit trail reveals exactly which files the user downloaded and stole.
Dtex maps the entire incident, step by step, to a definitive timeline.
Should the company decide to pursue legal action, Dtex provides record of the user's data theft, including the evasive action taken before the event.
DTEX and Phishing
Find out how DTEX detected and investigated a phishing attack at a customer.
The 2019 Insider Threat Intelligence Report
Dive into findings, results, and research from DTEX investigations over the past year.
How DTEX Fights Insider Threats
Get a deeper explanation of DTEX's approach to insider threat detection.
Investigating Malware with DTEX
While DTEX's metadata collection focuses on user behavior, its extensive high-fidelity endpoint data has also proven to be very useful when it comes to investigating external incidents, including malware, ransomware and hacking attacks. Customers have used DTEX to quickly identify which endpoints organization-wide have used a dangerous application, for instance. Or, determine the exact root phishing email that led to an infection.
DTEX's user behavior records have been used to support legal proceedings and prosecution. Recently, DTEX's data was used in the prosecution of a data theft incident at a large financial institution, which resulted in a guilty plea.