Meet Ai3, the DTEX Risk Assistant. Fast-track effective insider risk management with guided investigations.

What is DMAP+

A unique cloud-native analytics engine that evaluates, scores and alerts to anomalies in human interaction with data and systems.

Collection, Correlation and Analytics to Power Contextual Awareness

DTEX Systems’ DMAP+ Technology™ is an elastic metadata collection, correlation and analytics engine that powers its Workforce Cyber Intelligence platform. Only DMAP+ delivers a 24x7x365 continuous audit trail of unique endpoint metadata to observe and record the actions and activities of data, machines, applications and people (DMAP) in near-real-time, both on and off the corporate network to surface dynamic behavioral awareness indicators. 

See DMAP+ in Action

Enterprise Telemetry

The Enterprise Telemetry layer of DMAP+ contains a combination of smart, lightweight forwarders and real-time correlation of telemetry from data, machines, applications and people. Activities are continuously streamed to the DTEX Analytics Server.  Monitoring of all activity group types such as session, process, file system, window, net-flow, webpage, network, device and other activities is configurable through granular endpoint filters as well as via the DTEX Analytics Server and can be segregated by configurable groups. PII information contained in the activity data can be optionally tokenized via DTEX’s patented anonymization technique.

Behavioral Enrichment

The Behavioral Enrichment layer of DMAP+ is focused on statistical analysis, risk profiling and machine learning.  As activities arrive at the DTEX Analytics Server from lightweight forwarders they are decrypted, decompressed, flattened then enriched through multiple stages of analysis including activity annotation and correlation.   

Activity Annotation
A process where raw activity data is parsed through configurable behavioral profiles to identify activities of interest. These activities are tagged (annotated) for forensic investigation/reporting and marked for further behavioral analysis and anomaly detection routines (e.g. user to user, user to peer group and user to organization anomalies).

Activity Correlation
For specific use cases where a collection of sequential activities is expected to occur (e.g. an email link is clicked followed by the download of a suspicious word document spawning an unusual process), DTEX ‘correlation logic’ is used to create a higher level activity based on the expected sequence of activities, the expected time window, the linking data elements and a specified rule trigger.

Predictive Analytics

The Predictive Analytics layer of DMAP+ concentrates on the aggregation of behavior scores from the Behavioral Enrichment layer and stacks alerts to provide actionable information regarding known and unknown threats.  Outputs from the DMAP+ Predictive Analytics layer can be easily integrated with 3rd party SIEM platforms and data lakes.   

DTEX’s DMAP+ Predictive Analytics engine

The Latest On Workforce Cyber Intelligence


Protect & Respect: 7 Endpoint DLP Capabilities that Empower the Virtual Workforce

How do you protect your organization against data loss, while enabling your workforce to be productive and showing respect for…

Read More
DTEX Insider Threat Mitigation Guide resource

E-books, Solution Briefs

DTEX Insider Threat Mitigation Guide

Guidelines for evaluating Insider Threat Mitigation technology solutions and considerations for building an effective Insider Threat Detection and Response Program…

Read More

White Papers

SANS Product Review: Smart Enterprise Visibility with DTEX InTERCEPT

Download this report from SANS for an assessment of how DTEX InTERCEPT can help your organization achieve its security objectives.

Read More

Put Workforce Cyber Intelligence to work for you.

Start a free trial of DTEX and experience how you can secure and optimize your organization.