Fighting insider threats requires more than intelligence.
Insider threats can come from just about any angle. To stop them, you need a solution that brings context and Indicators of Intent to the task. DTEX combines an incredibly lightweight forwarder on each endpoint with a powerful server- based analytics engine to deliver proactive, privacy-conscious user awareness and protection.
With more telemetry than any other solution, DTEX utilizes patented behavioral enrichment techniques and predictive analytics to automatically build user-level activity profiles and identify sudden changes in behavior that indicate abnormal activity.
Four Steps to Put Behavior in Context
Profile known risks.
Over the past decade, DTEX has continued to evolve and refine its library of known high-risk activities. Every endpoint event is parsed through the DTEX library to highlight known high-risk behaviors.
Baseline normal behavior.
When trying to identify new or unknown threats, DTEX first focuses on what is normal. A baseline of normal activity is created for each user, device and application using endpoint utilization, file access and account access metrics. Abnormal activities are identified by comparing a user’s recent events against their history, their peer group and the entire organization.
Understand the context.
The most important factor in any Insider Threat investigation is “Why”. DTEX answers that question by incorporating contextual information of the events before and after an Insider Threat event. An analyst can use these contextual cues to easily investigate, acknowledge or ignore alerts generated by the system.
Evaluate the Anomalies.
Human security risks are rarely simple. DTEX incorporates the company IT Acceptable Use Policy within the Risk Model so that acceptable behaviors can be ignored, and policy breaches highlighted.
The Insider Threat Kill Chain
The vast majority of security threats follow a pattern of activity during an attack, and insider threats are no exception. Many security professionals will already be familiar with Lockheed Martin’s Cyber Kill Chain, which outlines the steps that APT attacks tend to follow from beginning to end. Since human behavior is more nuanced than machine behavior, however, insider attacks follow a slightly different path. Over the course of thousands of insider threat investigations and incidents, DTEX analysts have identified the insider equivalent: The Insider Threat Kill Chain, which encompasses the five steps present in nearly all insider attacks.
The Latest On Workforce Cyber Intelligence
How do you protect your organization against data loss, while enabling your workforce to be productive and showing respect for…Read More
Download this report from SANS for an assessment of how DTEX InTERCEPT can help your organization achieve its security objectives.Read More