The Audit Trail in Action
Here's an example of the Dtex audit trail in action. Investigators will use Dtex to investigate the following alert:
ALERT: Dropbox Usage
User 243 has uploaded "MomsPieRecipe.pdf" to Dropbox.
Analysts are aware that files have been uploaded to Dropbox -- a disallowed file sharing platform -- but an alert alone doesn't give them any hint as to whether this was simple carelessness or a case of attempted data theft. Here's Dtex's audit trail for this event:
User logs onto their laptop.
User accesses corporate Sharepoint.
User switches from corporate wifi to mobile hotspot network.
User downloads folder of 121 "ClientList.xls" files.
User compresses those 121 files into "ClientList.zip"
User renames "ClientList.zip" to "MomsPieRecipe.pdf"
User uploads "MomsPieRecipe.pdf" to Dropbox, triggering a file sharing alert.
User signs off.
With this full audit trail, analysts can quicly understand the full context of this incident:
Analysts could confirm that this was intentional data theft, based on the intentional obfuscation of the file name and the switch off of the corporate network.
The audit trail reveals exactly which files the user downloaded and stole.
Dtex maps the entire incident, step by step, to a definitive timeline.
Should the company decide to pursue legal action, Dtex's user behavior data provides evidence of the user's data theft, including the evasive action taken before the event.
Dtex and Phishing
Find out how Dtex detected and investigated a phishing attack at a customer.
The 2019 Insider Threat Intelligence Report
Dive into findings, results, and research from Dtex investigations over the past year.
How Dtex Fights Insider Threats
Get a deeper explanation of Dtex's approach to insider threat detection.
Investigating Malware with Dtex
While Dtex's metadata collection focuses on user behavior, its extensive high-fidelity endpoint data has also proven to be very useful when it comes to investigating external incidents, including malware, ransomware and hacking attacks. Customers have used Dtex to quickly identify which endpoints organization-wide have used a dangerous application, for instance. Or, determine the exact root phishing email that led to an infection.
Dtex's user behavior records have been used to support legal proceedings and prosecution. Recently, Dtex's data was used in the prosecution of a data theft incident at a large financial institution, which resulted in a guilty plea.