User & Entity Behavior Analytics (UEBA)

Log Files Tell a Partial Story

Most User and Entity Behavior Analytics (UEBA) solutions rely solely on interpreting log files. This approach can miss user activity on the endpoint like renaming files and other obfuscation techniques and is blind to user activity off the corporate network.

In fact, many malicious actions look like legitimate business activities. Users constantly download files, copy and paste data, use screenshots, compress files, and share sensitive information. Security and compliance teams need to understand when an action is a precursor to a malicious action. UEBA solutions don’t provide this all-important context or visibility.

Visibility to User Intent with DTEX InTERCEPT

DTEX InTERCEPT provides visibility to all user activity by integrating into the endpoint where the activity takes place, on or off the corporate network. With hundreds of known-bad behavior patterns “built in” DTEX InTERCEPT can identify malicious intent and known threats without the 3 to 4 months of tuning required by UEBA solutions.

Unlike UEBA and log-based solutions that rely on intensive data collection of Windows Event logs, Firewall logs, Proxy logs, and AV logs, DTEX InTERCEPT collects only 3-5MB of endpoint-based metadata per user per day. This means full user behavior visibility even when users are off corporate networks, and no negative impact on endpoint or network performance.

Only DTEX InTERCEPT can discern between legitimate and malicious activities without hundreds of custom rules or months of observation. Its dedicated signal sees the important activity that network-based tools and event logs miss to provide analysts the full context needed to dismiss or act on suspicious user activity quickly.

User Behavioral Awareness to Stop Data Loss

The Insider Threat Kill Chain describes the steps a malicious insider takes to identify and steal sensitive data. Traditional UEBA solutions relying on log data can see only bits and pieces of the actions in the kill chain, leaving organizations vulnerable to malicious and accidental loss of information. The table below illustrates the advantages of DTEX InTERCEPT versus log-based UEBA solutions.

Kill Chain ActivityDTEXLog-Based UEBA
Detects launching of PowerShell
Detects downloading or launching of common hacking tools
Unusual rates of opening files
Unusual access to new file locations
Mounting USB drives or accessing cloud storage
Detect TOR browser
Detect “incognito” mode
Non-corporate private messaging tools
Non-corporate VPN
Downloading files
Renaming files
Compressing filesIf on network
Changing file extensions
Unusual rates of file renaming
Use of steganography applications
Clearing cookies and event viewer logsIf on network
Copy and paste data into an email or document
Use a screen capture and save the data as an image file
Copy data to removable media
Upload sensitive data to a cloud service
Send data to a personal email account
Use AirDrop to transfer data to another device

DTEX InTERCEPT – A Smarter Approach to User & Entity Behavior Analytics

DTEX InTERCEPT is the first and only Workforce Cyber Intelligence platform to deliver holistic, real-time awareness about the workforce’s activities without invading personal privacy. Born in the cloud and scalable to millions of devices in hours, DTEX empowers enterprises to easily see, understand and act on contextual intelligence using ‘out of the box’ customer-tested and community-based scoring frameworks proven to stop insider threats, prevent data loss, maximize software investments, and protect the workforce, wherever they may be.


Enterprise Visibility | Behavioral Awareness | Actionable Insight | Intelligent Protection


2021 Remote Workforce Security Report Available Now. Read the News!

Dtex Announces $17.5M in New Funding! Read More!