SAN JOSE, Calif. – March 31, 2021 – DTEX Systems, the Workforce Cyber Intelligence CompanyTM, today announced enhancements to InTERCEPT for Critical Infrastructure Entities – a Workforce Cyber Security solution specifically created to address the user activity monitoring (UAM) requirements of public and private oil and gas, electric, water, telecommunications and healthcare organizations with headquarters in the Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom and the United States) as defined by the latest guidance from the U.S. National Counterintelligence & Security Center.
According to the National Counterintelligence & Security Center’s latest report titled ‘Insider Threat Mitigation for U.S. Critical Infrastructure Entities – Guidelines from an Intelligence Perspective’ ‘foreign adversaries are no longer simply targeting the U.S. government, as was often the case during the Cold War, but today are using their sophisticated intelligence capabilities against a much broader set of targets, including U.S. critical infrastructure and other private sector and academic entities. These U.S. industry and academic organizations are now squarely in the geopolitical battlespace.’1
Based on this evolving threat landscape, the NCSC report directs critical infrastructure entities to prioritize and dedicate resources to preempt and mitigate insider threats. Insider threats, as defined by the NCSC report and the National Insider Threat Task Force (NITTF) are ‘trusted individuals in an organization who may use their authorized access to facilities, personnel, and information to cause harm to their organization — whether intentionally or unintentionally.’2
“As a company who works closely with the US Government to raise the security of our nation and its Five Eyes partners; we think the NCSC report strengthens the need for a comprehensive, data driven behavioral based program to address the growing issue of insiders and the threats they pose,” said Chris Folk, Director, Cyber Partnerships and Policy, the MITRE Corporation.
“As we continue to close the gap between cyber adversary and defender, we are witnessing a return to human insiders as key enablers of espionage, damage and theft of Intellectual property. SOCs are not designed, staffed, or trained to address this threat, so we are working with trusted partners who appreciate the holistic and unique nature of the threat; to find a blend of human based data driven behavioral analytics and comprehensive organizational insider threat programs. The A3C with MITRE and DTEX are tackling this challenge head on.
Similar to other reports issued in December 2020 by Gartner, Inc and in February 2021 by Forrester Research, the NCSC report issued last week, calls attention to the need for organizations and cyber security teams to understand workforce behavior and gain the visibility to recognize anomalous activity. To help mitigate insider threats, both from insiders working with external actors and trusted insiders who have been unknowingly compromised, an organization must, at a minimum, achieve two things according to the NCSC:
- ‘Have a program that identifies individual anomalous behavior and the resources to respond.
- Respond to anomalous behavior in a way that fosters trust and leverages the workforce as a partner.’3
“The workforce is every organization’s greatest asset, and in many ways the missing link to better cyber security,” said Bahman Mahbod, President and CEO of DTEX Systems. “Real-time awareness and contextual intelligence about a user’s behavior, understanding what’s normal versus what’s not, is the key to successful insider threat mitigation and attack prevention. And to understand ‘normal’ organizations must see the complete picture of a user and identity’s interaction with an entity’s systems, applications and data. We’ve enhanced InTERCEPT for Critical Infrastructure Entities to deliver just that – real-time contextually aware intelligence that focuses on human activity to see and stop insider threat-born attacks before they can do harm to infrastructure services which are of vital importance to the national security of Five Eyes countries.”
DTEX InTERCEPT for Critical Infrastructure Entities
DTEX InTERCEPT for Critical Infrastructure Entities is a first-of-its-kind Insider Threat Mitigation and User Activity Monitoring solution that delivers always-on, human-centric cyber security by proactively illuminating anomalous activities and behaviors in real-time well before an attack can be executed or data can be exfiltrated.
Powered by DTEX’s patent pending DMAP+ Technology, InTERCEPT for Critical Infrastructure Entities continuously collects and synthesizes hundreds of unique elements of enterprise telemetry from data, machines, applications and people to surface dynamic ‘Indicators of Intent’ that combine to deliver holistic, contextual awareness about an enterprise workforce’s activities while maintaining a ‘Privacy-by-Design’ approach to protect employee privacy.
These elements are enriched in near real-time using advanced behavioral models that are mapped against a user or identity’s normal activity and peer group baselines. DTEX’s cloud-based predictive analytics engine continuously processes, scores and stacks ‘Indicators of Intent’ to stream live status updates, trend analysis and, when required, trigger notifications of abnormal activity that deviate from baselines and indicate elevated risks to an interactive, all-in-one dashboard for forensic investigation, protective action and cross-functional reporting.
The next-generation insider threat management and user activity monitoring features and design innovations that combine to make DTEX InTERCEPT for Critical Infrastructure Entities unique include:
- Lightweight Meta-Data Forwarder collects hundreds of unique elements of data, applications, machines and people delivers holistic, real-time awareness about workforce activities while only collecting 3-4MB of data per user/day, creating no noticeable network impact and does not harm employee productivity or endpoint performance, using less than 0.5% CPU.
- Real-time Cloud Analytics Engine synthesizes enterprise workforce activity, data movement, application usage and device forensics against individual and peer group baselines using predictive models and advanced scoring algorithms that identify, score and highlight deviations, trends and to deliver predictive analytics regarding potential insider threats, probable data loss scenarios, and likely shadow IT projects as well as possible fraud, compliance and privacy violations.
- Sensitive IP and Customer Data Notifications automatically generate real-time alerts for sensitive IP and customer data, helping organizations bolster security around their most valuable assets.
- Interactive Data Lineage Map tracks the full history of every file, whether it is in use, in motion or at rest, providing the detailed history needed to identify and stop insider threat activity from resulting in data loss and IP theft. To further aid the investigation process, DTEX also generates Automatic User Investigation reports to streamline evidence gathering around anomalous behaviors.
- Data Classification Policy Templates integrate with data classification and Data Labeling and Monitor (DLM) software. Plus, the InTERCEPT team has developed a patent pending “multi-factor data sensitivity” algorithm that provides next-level intelligence for decision making, as the automation understands that sensitive data often has more to do with the content creator than classification labels.
- Data Regulation Compliance: DTEX’s Workforce Cyber Security platform supports regulatory compliance with emerging data protection regulations, including HIPAA, CCPA, GDPR, SOX, PCI DSS, ITAR and more.
- Interactive Dashboards and Executive Reports provide full details of insider threat activity and intent, along with full forensic audit trails.
Free Insider Threat Assessment for Critical Infrastructure Entities
DTEX is now offering a comprehensive ‘Insider Threat Assessment’ identifies and analyzes a Critical Infrastructure entities insider risk posture and data loss vectors across common user activity and behavioral categories. The trial is 100% commitment free and available to all energy, water, telecommunications and healthcare organizations with headquarters in Five Eyes countries.
This assessment will provide a thorough review of the NSCS’s Nine Elements of Insider Threat Programs for Critical Infrastructure Entities including direct evaluation of an organization’s maturity against the NITTF Insider Threat Model used by the U.S. Department of Defense and the Department of Homeland Security (DHS). An actionable, easy-to-read report will be delivered and reviewed by DTEX solution architects following the 30-day engagement. To request a free assessment, visit: https://www.dtexsystems.com/critical-infrastructure-insider-threat-assessment/
About DTEX Systems
DTEX Systems helps hundreds of organizations worldwide better understand their workforce, protect their data and make human-centric operational investments. Its Workforce Cyber Intelligence platform brings together UEBA, endpoint DLP, digital forensics, user activity monitoring and insider threat management in one scalable, cloud-native platform. Through its patented and privacy-compliant meta-data collection and analytics engine, the DTEX platform surfaces abnormal behavioral “indicators of intent” to mitigate risk of data and IP loss and make smarter business decisions quickly. To learn more about DTEX Systems, please visit www.DTEXsystems.com
Media Contact
Justin McCann
fama PR for DTEX Systems
Subscribe today to stay informed and get regular updates from DTEX Systems
Interested in learning more?
Subscribe today to stay informed and get regular updates from DTEX