Collection, Correlation and Analytics to Power Contextual Awareness
DTEX Systems’ DMAP+ Technology™ is an elastic metadata collection, correlation and analytics engine that powers its Workforce Cyber Intelligence platform. Only DMAP+ delivers a 24x7x365 continuous audit trail of unique endpoint metadata to observe and record the actions and activities of data, machines, applications and people (DMAP) in near-real-time, both on and off the corporate network to surface dynamic behavioral awareness indicators.
The Enterprise Telemetry layer of DMAP+ contains a combination of smart, lightweight forwarders and real-time correlation of telemetry from data, machines, applications and people. Activities are continuously streamed to the DTEX Analytics Server. Monitoring of all activity group types such as session, process, file system, window, net-flow, webpage, network, device and other activities is configurable through granular endpoint filters as well as via the DTEX Analytics Server and can be segregated by configurable groups. PII information contained in the activity data can be optionally tokenized via DTEX’s patented anonymization technique.
The Behavioral Enrichment layer of DMAP+ is focused on statistical analysis, risk profiling and machine learning. As activities arrive at the DTEX Analytics Server from lightweight forwarders they are decrypted, decompressed, flattened then enriched through multiple stages of analysis including activity annotation and correlation.
A process where raw activity data is parsed through configurable behavioral profiles to identify activities of interest. These activities are tagged (annotated) for forensic investigation/reporting and marked for further behavioral analysis and anomaly detection routines (e.g. user to user, user to peer group and user to organization anomalies).
For specific use cases where a collection of sequential activities is expected to occur (e.g. an email link is clicked followed by the download of a suspicious word document spawning an unusual process), DTEX ‘correlation logic’ is used to create a higher level activity based on the expected sequence of activities, the expected time window, the linking data elements and a specified rule trigger.
The Predictive Analytics layer of DMAP+ concentrates on the aggregation of behavior scores from the Behavioral Enrichment layer and stacks alerts to provide actionable information regarding known and unknown threats. Outputs from the DMAP+ Predictive Analytics layer can be easily integrated with 3rd party SIEM platforms and data lakes.
The Latest On Workforce Cyber Intelligence
How do you protect your organization against data loss, while enabling your workforce to be productive and showing respect for…Read More
Download this report from SANS for an assessment of how DTEX InTERCEPT can help your organization achieve its security objectives.Read More