The DTEX
Risk Model

How known risks, normal behavior baselining, cues, and anomaly evaluation deliver context

Fighting insider threats requires more than intelligence.

Insider threats can come from just about any angle. To stop them, you need a solution that brings context and Indicators of Intent to the task. DTEX combines an incredibly lightweight forwarder on each endpoint with a powerful server- based analytics engine to deliver proactive, privacy-conscious user awareness and protection.  
 
With more telemetry than any other solution, DTEX utilizes patented behavioral enrichment techniques and predictive analytics to automatically build user-level activity profiles and identify sudden changes in behavior that indicate abnormal activity.

Insider Threat Solution Buyer’s Guide

Context is Key

The reason DLP and SIEM solutions aren’t effective on their own is because they don’t take history, trends and context into account. This results in lots of false positives, wasted time and ineffective monitoring. DTEX collects and synthesizes employees’ normal behaviors and crafts finely tuned alerts based on unusual activity changes. By putting each user’s behavior in context through four distinct steps, we create intelligent insider threat detection that picks up on only the activity that really matters. 

Explore InTERCEPT

Four Steps to Put Behavior in Context

Profile known risks.

Over the past decade, DTEX has continued to evolve and refine its library of known high-risk activities. Every endpoint event is parsed through the DTEX library to highlight known high-risk behaviors.

Baseline normal behavior.

When trying to identify new or unknown threats, DTEX first focuses on what is normal. A baseline of normal activity is created for each user, device and application using endpoint utilization, file access and account access metrics. Abnormal activities are identified by comparing a user’s recent events against their history, their peer group and the entire organization.

Understand the context.

The most important factor in any Insider Threat investigation is “Why”. DTEX answers that question by incorporating contextual information of the events before and after an Insider Threat event. An analyst can use these contextual cues to easily investigate, acknowledge or ignore alerts generated by the system.

Evaluate the Anomalies.

Human security risks are rarely simple. DTEX incorporates the company IT Acceptable Use Policy within the Risk Model so that acceptable behaviors can be ignored, and policy breaches highlighted.

The Insider Threat Kill Chain

The vast majority of security threats follow a pattern of activity during an attack, and insider threats are no exception. Many security professionals will already be familiar with Lockheed Martin’s Cyber Kill Chain, which outlines the steps that APT attacks tend to follow from beginning to end. Since human behavior is more nuanced than machine behavior, however, insider attacks follow a slightly different path. Over the course of thousands of insider threat investigations and incidents, DTEX analysts have identified the insider equivalent: The Insider Threat Kill Chain, which encompasses the five steps present in nearly all insider attacks. 

The Insider Threat Kill Chain eBook

Insider Threat Kill Chain

The Latest On Workforce Cyber Intelligence

E-books

Protect & Respect: 7 Endpoint DLP Capabilities that Empower the Virtual Workforce

How do you protect your organization against data loss, while enabling your workforce to be productive and showing respect for…

Read More
DTEX Insider Threat Mitigation Guide resource

E-books, Solution Briefs

DTEX Insider Threat Mitigation Guide

Guidelines for evaluating Insider Threat Mitigation technology solutions and considerations for building an effective Insider Threat Detection and Response Program…

Read More

White Papers

SANS Product Review: Smart Enterprise Visibility with DTEX InTERCEPT

Download this report from SANS for an assessment of how DTEX InTERCEPT can help your organization achieve its security objectives.

Read More

Put Workforce Cyber Intelligence to work for you.

Start a free trial of DTEX and experience how you can secure and optimize your organization.

INSIDER RISK DETECTION 101: MITIGATING UNINTENTIONAL INSIDER THREATS