Enterprise DMAP Intelligence for Insider Threat

Enterprise DMAP Intelligence for Insider Threat

The advent of distributed enterprises and modern technology means that potential insider threats are everywhere. Dtex is purpose-built to provide a solution for every type of insider threat, whether they're malicious, negligent, or a case of compromised credentials.

Malicious Insiders

  • Creative Data Theft
  • Obfuscation/Covering Tracks
  • Bypassing Security Controls
  • Flight Risk
Negligent Insiders

  • Online File Sharing
  • Personal Webmail Use
  • Pirated Media & Apps
  • Gambling
Credential Theft

  • Unusual Data Aggregation
  • Privilege Escalation
  • Lateral Movement
  • Ransomware

A Modern Solution

Modern threats mean that organizations need a modern solution. Dtex fights insider threats by combining four integral elements to create the ultimate insider threat detection solution:

User Visibility

Dtex provides a high-fidelity audit trail of user behavior.

User Visibility

Dtex collects user behavior metadata from the endpoint, providing a dedicated signal that sees the important activity that network-based tools and event logs miss.


Machine learning models baseline normal user behavior and identify suspicious anomalies.


Dtex utilizes both supervised and unsupervised machine learning models to baseline normal user behavior and identify suspicious anomalies.

Behavioral Analytics

Field-tested behavioral models pinpoint known-bad behavior.

Behavioral Analytics

Dtex comes with hundreds of known-bad behavior patterns from the field, which allow it to alert on known threats without lengthy tuning.


Risk-scoring and alert-stacking mean that Dtex gives you actionable answers, not just an onslaught of alerts.


Dtex produces alerts that take into account the context around each event, rating them by behavior score so that analysts are presented with a prioritized list.

Dtex's Approach to Insider Threats

Dtex was built from the ground up to provide an intelligence and sustainable insider threat solution. It delivers in five steps.

Step 1

It Starts with the Right Visibility

Fighting insider threats begins with having tangible insights into what users are actually doing on company endpoints, including activity that happens off-network or on mobile hotspots. Instead of attempting to reverse-engineer insights from log files, Dtex provides user-focused visibility from a very lightweight endpoint collector, capturing important user activity that is the foundation for insider threat detection.

Step 2:

Profile Known Risks

Based on insider threat investigations over the past decade, Dtex has built and delivers a library of thousands of known high risk activities. Every user action is parsed through the Dtex library to pinpoint known high-risk behaviors, without lengthy tuning periods.

Step 3

Adapt to Individual Behavior

The first step to identifying new or unknown threats is determining each user's individual "normal." Dtex uses machine learning to create a baseline of normal behavior for each user, device, and application. Then, it uses that baseline to determine whether a user's activities are abnormal as compared to themselves, against their peer group, and against the entire organization.

Step 4

Understand the Context

Truly understanding an insider threat means understanding the infinite variables of human behavior. One alert alone can never tell the full story. Dtex incorporates the contextual activity before and after an insider threat event, which analysts can use to easily investigate alerts.

Step 5

Evaluate the Risk

Every organization has a different behavioral landscape, and Dtex adapts to those individual requirements. Alerting methods incorporate the company Acceptable Use Policy, ignoring acceptable behavior and highlighting specific areas of concern. What's more, context and behavior severity is incorporated into a single insider threat score in order to prioritize alerts.

Learn More:

How Dtex Fights Insider Threats

Get a deeper explanation of Dtex's approach to insider threat detection.

Data Sheet

How Dtex Uses Machine Learning

Find out more about how Dtex utilizes machine learning models to pinpoint suspicious or risky user activity.

Case Study

How a Global Financial Institution Uses Dtex to Fight Insider Threats

Learn how a large, global financial institution scaled Dtex enterprise-wide as a core piece of their insider threat approach.

The Trusted Insider Philosophy

Many security solutions approach the insider threat by treating every employee as a potential security risk, but we believe that effectively fighting insights comes from a place of trust, not suspicion. With organization-wide, privacy-first visibility that treats every user as an equal, security teams can treat every employee as a trusted insider, giving them the freedom to get their jobs done while also feeling confident that they'll catch any potentially risky behavior.


See how Williams F1 Protects Their Most Valuable IP

Williams Formula 1 is one of the top racing teams in the world, and their engineering division handles priceless intellectual property every day. In a highly competitive industry where fractions of a second can make or break success, see how Williams F1 trusts Dtex to protect their data and enable innovation.

100% of Assessed Organizations Found Some Form of Insider Threat in our 2018 Insider Threat Intelligence Report

60 %

Obfuscation via anonymous or private browsing

60% of assessments found attempts to conceal activity through private browsing or research.

78 %

Publicly Accessible Data

78% of assessments found company data publicly accessible online, typically on cloud sites like Google Drive or Dropbox.

72 %

High Risk Applications

72% of assessments found unauthorized use of high-risk applications, including hacking tools.

Learn More About How Enterprise DMAP Intelligence Can Help
Secure and Optimize Your Business


Dtex Announces $17.5M in Funding! Read the news!

Dtex Announces $17.5M in New Funding! Read More!