User Behavior Intelligence for Insider Threat
The advent of distributed enterprises and modern technology means that potential insider threats are everywhere. Dtex is purpose-built to provide a solution for every type of insider threat, whether they're malicious, negligent, or a case of compromised credentials.
- Creative Data Theft
- Obfuscation/Covering Tracks
- Bypassing Security Controls
- Flight Risk
- Online File Sharing
- Personal Webmail Use
- Pirated Media & Apps
- Unusual Data Aggregation
- Privilege Escalation
- Lateral Movement
A Modern Solution
Modern threats mean that organizations need a modern solution. Dtex fights insider threats by combining four integral elements to create the ultimate insider threat detection solution:
Dtex provides a high-fidelity audit trail of user behavior.
Dtex collects user behavior metadata from the endpoint, providing a dedicated signal that sees the important activity that network-based tools and event logs miss.
Machine learning models baseline normal user behavior and identify suspicious anomalies.
Dtex utilizes both supervised and unsupervised machine learning models to baseline normal user behavior and identify suspicious anomalies.
Field-tested behavioral models pinpoint known-bad behavior.
Dtex comes with hundreds of known-bad behavior patterns from the field, which allow it to alert on known threats without lengthy tuning.
Risk-scoring and alert-stacking mean that Dtex gives you actionable answers, not just an onslaught of alerts.
Dtex produces alerts that take into account the context around each event, rating them by behavior score so that analysts are presented with a prioritized list.
Dtex's Approach to Insider Threats
Dtex was built from the ground up to provide an intelligence and sustainable insider threat solution. It delivers in five steps.
It Starts with the Right Visibility
Fighting insider threats begins with having tangible insights into what users are actually doing on company endpoints, including activity that happens off-network or on mobile hotspots. Instead of attempting to reverse-engineer insights from log files, Dtex provides user-focused visibility from a very lightweight endpoint collector, capturing important user activity that is the foundation for insider threat detection.
Profile Known Risks
Based on insider threat investigations over the past decade, Dtex has built and delivers a library of thousands of known high risk activities. Every user action is parsed through the Dtex library to pinpoint known high-risk behaviors, without lengthy tuning periods.
Adapt to Individual Behavior
The first step to identifying new or unknown threats is determining each user's individual "normal." Dtex uses machine learning to create a baseline of normal behavior for each user, device, and application. Then, it uses that baseline to determine whether a user's activities are abnormal as compared to themselves, against their peer group, and against the entire organization.
Understand the Context
Truly understanding an insider threat means understanding the infinite variables of human behavior. One alert alone can never tell the full story. Dtex incorporates the contextual activity before and after an insider threat event, which analysts can use to easily investigate alerts.
Evaluate the Risk
Every organization has a different behavioral landscape, and Dtex adapts to those individual requirements. Alerting methods incorporate the company Acceptable Use Policy, ignoring acceptable behavior and highlighting specific areas of concern. What's more, context and behavior severity is incorporated into a single insider threat score in order to prioritize alerts.
How Dtex Fights Insider Threats
Get a deeper explanation of Dtex's approach to insider threat detection.
How Dtex Uses Machine Learning
Find out more about how Dtex utilizes machine learning models to pinpoint suspicious or risky user activity.
How a Global Financial Institution Uses Dtex to Fight Insider Threats
Learn how a large, global financial institution scaled Dtex enterprise-wide as a core piece of their insider threat approach.
The Trusted Insider Philosophy
Many security solutions approach the insider threat by treating every employee as a potential security risk, but we believe that effectively fighting insights comes from a place of trust, not suspicion. With organization-wide, privacy-first visibility that treats every user as an equal, security teams can treat every employee as a trusted insider, giving them the freedom to get their jobs done while also feeling confident that they'll catch any potentially risky behavior.
See how Williams F1 Protects Their Most Valuable IP
Williams Formula 1 is one of the top racing teams in the world, and their engineering division handles priceless intellectual property every day. In a highly competitive industry where fractions of a second can make or break success, see how Williams F1 trusts Dtex to protect their data and enable innovation.
100% of Assessed Organizations Found Some Form of Insider Threat in our 2018 Insider Threat Intelligence Report
Obfuscation via anonymous or private browsing
60% of assessments found attempts to conceal activity through private browsing or research.
Publicly Accessible Data
78% of assessments found company data publicly accessible online, typically on cloud sites like Google Drive or Dropbox.
High Risk Applications
72% of assessments found unauthorized use of high-risk applications, including hacking tools.