Jul 6, 2023

DTEX and Microsoft 365 E5 | Powering Next Gen Insider Risk Management

4

DTEX and Microsoft are proven tech players in their own right. But together, they take insider risk management to the next level, providing another layer of visibility to empower analysts to stay ahead of the most sophisticated, rule-bending insider.

DTEX InTERCEPT integrates with Microsoft 365 E5 to enable enterprise organizations to detect the malicious insider risks that too often fall between the cracks of standalone DLP and UEBA technologies.

This blog explores the specific integrations between InTERCEPT and E5 modules Defender for Endpoint, Defender for Cloud Apps, and Information Protection and Governance (a.k.a. Purview).

DOWNLOAD DTEX AND MICROSOFT INFOGRAPHIC

DTEX and Microsoft 365 E5 | Information Protection and Governance

Information Protection and Governance is a standout module in the Microsoft 365 E5 license, providing comprehensive data classification tools with some traditional DLP policy controls.

These controls are great for providing alerts on behaviors associated with negligent (non-malicious) insider risks and accidental data loss.

DTEX takes this capability a step further by providing a mechanism for the early detection and deterrence of malicious (intentional) insider risks who would otherwise find a way to bypass controls and cover their tracks.

InTERCEPT extends Microsoft’s data classification capabilities with policy templates and behavior-based sensitivity algorithms that analyze the lineage of every file to identify the precursors associated with intentional data loss incidents involving unstructured data types.

InTERCEPT also identifies and protects non-regulated IP – such as source code and design documentation – that are often missed by traditional DLP techniques.

DTEX and Microsoft 365 E5 | Defender for Endpoint

Microsoft Defender for Endpoint provides powerful malware detection and prevention capabilities with device-level forensic information. DTEX InTERCEPT integrates with Defender for Endpoint to provide root cause attribution and analysis based on human behavior.

By mapping user activity against the MITRE ATT&CK framework, InTERCEPT contextualizes Defender’s Indicators of Compromise (IoCs) and alerts with actual user attribution to answer questions related to when, what, how, in what sequence, and why.

DTEX and Microsoft 365 E5 | Defender for Cloud Apps

As a Cloud Access Security Broker (CASB), Microsoft Defender for Cloud Apps provides rich visibility and control over data across Microsoft and third-party cloud services on managed endpoints and mobile devices.

InTERCEPT extends the powerful IAM capabilities within Defender for Cloud Apps to include the continuous profiling of endpoint access to all web-based resources to detect suspicious SaaS-based uploads and anomalous behavior in near real time – without any additional configuration.

Analysts can detect both user and peer group anomalies occurring across Windows, MacOS, Linux, Citrix, VMWare, as well as other cloud-based environments such as AWS workspaces.

DTEX and Microsoft | Finding the Malicious Needle in the Haystack

Together, DTEX and Microsoft make it possible to find the malicious needle in the haystack – the insider driven by “where there’s a will, there’s a way”.

Where Microsoft provides SaaS-based IoCs and endpoint data, DTEX provides rich behavioral context. These capabilities combine deliver a new level of intelligence that can be leveraged to beat malicious actors at their own game.

The InTERCEPT platform is set apart by the following:

  • Behavioral Intelligence and Analytics – demystifies context and human intent without intrusive content inspection that violates the trust and privacy of employees.
  • Enterprise DMAP+ Visibility – affords continuous lightweight endpoint metadata capture and behavioral monitoring on and off the network without complex, heavy rules.
  • File Lineage Forensics and Auditing – provides a full audit history detailing file activity of who and when each file is created, modified, aggregated, obfuscated, archived, encrypted, and deleted.
  • Sensitive Data Profiling – infers file sensitivity based upon file lineage, file location, creation, user role file types and other file attributes to eliminate false positives. This intelligence is correlated with the user’s behavior profile as well as leading data classification tools to detect potential loss of sensitive data.
  • Regulatory Data Loss Compliance Capabilities – offer proportional approach that exceeds the requirements of regulatory mandates with compliance for HIPAA, GDPR, SOCs and others.
  • Risk Adaptive Data Protection – prevents sensitive data and IP from leaving an organization with multiple highly accurate and dynamic enforcement capabilities that block application processes and network connections based on an elevated user risk score. When warranted, SOC teams and analysts can remotely lock employees out of their corporate devices.
  • Cloud Architecture and Interoperability Capabilities – support every major OS with a lightweight forwarder. Data is collected and synchronized in near real time with DTEX DMAP+ cloud analytics engine for analysis, detection, and prevention to keep users productive and data protected.

DTEX and Microsoft 365 E5 | i3 Customer Testimonials

Our customers understand that Microsoft 365 E5 Defender and Information Protection tools offer the foundation they need to identify and classify structured, regulatory mandated data and limit negligent data loss.

With InTERCEPT, our customers are addressing use-cases that require deeper and wider visibility than Microsoft 365 E5 tools can offer, specifically the ability to proactively detect malicious behaviors involving unstructured data and IP, perform real-time analysis in the context of human activity, and to interrupt suspicious behavior sequences and block data exfiltration to prevent a breach.

A CISO of a leading financial institution provided the following testimonial:

“We have found Microsoft 365 E5’s Information Protection and Governance tools match those offered by best of breed pure cybersecurity vendors. As a Microsoft shop, these tools offer us the foundation we need to identify and classify our structured, regulatory mandated data accurately and effectively. DTEX InTERCEPT pushes our visibility deeper and wider, giving us the ability to proactively monitor data usage including unstructured data and IP in the context of human activity, and to pre-empt suspicious behavior sequences before a possible breach.”

When it comes to insider risk management, being proactive is everything. DTEX extends the scope and protection provided by Microsoft to provide holistic behavioral context to stop insider risks from becoming threats in the first place.

For more information on how DTEX integrates with Microsoft, contact us.

Subscribe today to stay informed and get regular updates from DTEX Systems