Next-Gen Visibility, Detection and Forensics
First generation Insider Threat platforms rely on ‘person of interest’ identification and require time-consuming, full-time analyst interaction. This approach creates high levels of false positives, requires heavy endpoint agents that degrade performance, and does little to protect trusted employees who have been compromised or simply require more security and risk training.
The modern enterprise is distributed, mobile and dependent on a vast set of employees and consultants to operate efficiently and effectively. This dynamic operating environment requires more than firewalls, EDR, NDR and SIEM tools to keep data secure and employees safe. The reason these solutions aren't effective in preventing Insider Threats is because they don’t take history, trends, and context into account. This leaves the questions of Who, What, When and How unanswered. Enterprises need a new approach.
Insider Threat Management with DTEX InTERCEPT
DTEX INTERCEPT answers all of these questions and more leading up to, and following, a potential Insider Threat event. Powered by DTEX’s patent pending DMAP+ Technology, InTERCEPT continuously collects hundreds of unique elements of enterprise telemetry from data, machines, applications and people.
DTEX InTERCEPT’s human-centric machine-learning anomaly detection capabilities synthesize this meta-data to baseline user/device activity and identify suspicious events based upon anomalies for an individual user, departments, and the corporation as a whole. No more false positives. Instead, only finely tuned notifications about suspicious deviations from usual activities that an analyst can use to quickly confirm, acknowledge and act on to stop data loss and employee exploitation.
Unlike first-generation Insider Threat tools, DTEX InTERCEPT is a lightweight forwarder that requires no more than 3-5MB of bandwidth per day/endpoint and utilizes less than 1% CPU. With DTEX InTERCEPT, no processing is done on the endpoint. All data is sent to the cloud for real-time analysis and detection. And only DTEX InTERCEPT can be spun up in minutes and provide actionable intelligence in hours.
How DTEX InTERCEPT Detects and Stops Insider Threats
Insider threats take many different forms in enterprise organizations, making them difficult to detect, investigate and mitigate.
The short video to the right explains a timeline representing common behaviors and actions involved in an insider threat incident.
In this scenario, an employee has decided it is time to leave his employer. After signing an offer letter from a competitor, he begins to search and download sensitive documents across SharePoint and accessible files shares. The employee archives these files, password protects the data and attempts to exfiltrate via USB, drop-box and his/her personal Gmail account. Many of these steps occur while off the company network or VPN. DTEX records every activity in this scenario and stitches this information together into one user incident report for an analyst to investigate. ‘Indicators of Intent’ present themselves well before the full scenario plays out and allows analysts and the organization to confront the employee and prevent data theft.
DTEX InTERCEPT – A Better Approach to Insider Threat Detection
DTEX InTERCEPT is the first and only Workforce Cyber Intelligence platform to deliver holistic, real-time awareness about the workforce’s activities without invading personal privacy. Born in the cloud and scalable to millions of devices in hours, DTEX empowers enterprises to easily see, understand and act on contextual intelligence using customer-tested and community-based scoring frameworks proven to stop insider threats, prevent data loss, maximize software investments, and protect the workforce, wherever they may be.