DTEX Systems announced enhancements to DTEX InTERCEPT for critical infrastructure entities – a workforce cybersecurity solution specifically created to address the user activity monitoring (UAM) requirements of public and private oil and gas, electric, water, telecommunications and healthcare organizations with headquarters in the Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom and the United States).
As part of this, DTEX is also offering free insider threat assessments to entities with headquarters in these regions.
According to a recent report by The National Counterintelligence and Security Center of the United States of America titled, Insider Threat Mitigation for U.S. critical infrastructure entities: Guidelines from an Intelligence Perspective, “foreign adversaries are no longer simply targeting the U.S. government, as was often the case during the Cold War, but today are using their sophisticated intelligence capabilities against a much broader set of targets, including U.S. critical infrastructure and other private sector and academic entities. These U.S. industries and academic organizations are now squarely in the geopolitical battlespace.”
“Given our close work with the U.S. government to raise the security of our nation and its Five Eyes partners, the assertions in this report strengthen the need for a comprehensive, data-driven behavioral-based program to address the growing issue of insiders and the threats they pose,” said Chris Folk, Director, Cyber Partnerships and Policy, the MITRE Corporation.
“As we continue to close the gap between cyber adversary and defender, we are witnessing a return to human insiders as key enablers of espionage, damage and theft of intellectual property.
“SOCs are not designed, staffed or trained to address this threat, so we are working with trusted partners who appreciate the holistic and unique nature of the threat to find a blend of human-based data-driven behavioral analytics and comprehensive organizational insider threat programs.
“The Australian Cyber Collaboration Centre (A3C), MITRE and DTEX are tackling this challenge head on.”
To help mitigate insider threats, both from insiders working with external actors and trusted insiders who have been unknowingly compromised, the NCSC report suggests an organization must, at a minimum, achieve two things:
- “Have a program that identifies individual anomalous behavior and the resources to respond.”
- “Respond to anomalous behavior in a way that fosters trust and leverages the workforce as a partner.”
“The workforce is every organization’s greatest asset, and in many ways the missing link to better cyber security,” said Bahman Mahbod, President and CEO of DTEX Systems.
“Real-time awareness and contextual intelligence about a user’s behavior, and understanding what’s normal versus what’s not, is the key to successful insider threat mitigation and attack prevention for every one of our customers, including those that design, operate and maintain critical infrastructure operations.
“To understand ‘normal,’ organizations must see the complete picture of a user and an identity’s interaction with an entity’s systems, applications and data.
“We’ve enhanced InTERCEPT for Critical Infrastructure Entities to deliver just that – real-time contextually aware intelligence that focuses on human activity to see and stop insider threat-born attacks before they can do harm to infrastructure services, which are of vital importance to the national security of Five Eyes countries.”
DTEX InTERCEPT for critical infrastructure entities
DTEX InTERCEPT for critical infrastructure entities is a Insider Threat Mitigation and User Activity Monitoring solution that delivers always-on, human-centric cyber security by proactively illuminating anomalous activities and behaviors in real-time well before an attack can be executed or data can be exfiltrated.
Powered by DTEX’s patent-pending DMAP+ Technology, InTERCEPT for critical infrastructure entities continuously collects and synthesizes hundreds of unique elements of enterprise telemetry from data, machines, applications and people to surface dynamic ‘Indicators of Intent’ that combine to deliver holistic, contextual awareness about an enterprise workforce’s activities while maintaining a ‘Privacy-by-Design’ approach to protect employee privacy.
These elements are enriched in real-time using advanced behavioral models that are mapped against a user or identity’s normal activity and peer group baselines.
DTEX’s cloud-based predictive analytics engine continuously processes, scores and stacks ‘Indicators of Intent’ to stream live status updates, trend analysis and, when required, trigger notifications of abnormal activity that deviate from baselines and indicate elevated risks to an interactive, all-in-one dashboard for forensic investigation, protective action and cross-functional reporting.
The next-generation insider threat management and user activity monitoring capabilities that combine to make DTEX InTERCEPT for critical infrastructure entities unique include:
- Lightweight meta-data forwarder collects hundreds of unique elements of data, applications, machines and people to deliver holistic, real-time awareness about workforce activities while only collecting 3-4MB of data per user/day, creating no noticeable network impact and does not harm employee productivity or endpoint performance, using less than 0.5% CPU.
- Real-time cloud analytics engine synthesizes enterprise workforce activity, data movement, application usage and device forensics against individual and peer group baselines using predictive models and advanced scoring algorithms that identify, score and highlight deviations, trends and deliver predictive analytics regarding potential insider threats, probable data loss scenarios and potential shadow IT projects as well as possible fraud, compliance and privacy violations.
- Sensitive IP and customer data notifications automatically generate real-time alerts for sensitive IP and customer data, helping organizations bolster security around their most valuable assets.
- Interactive data lineage map tracks the full history of every file, whether it is in use, in motion or at rest, providing the context needed to identify and stop insider threat activity from resulting in data loss and IP theft. To further aid the investigation process, DTEX also generates Automatic User Investigation reports to streamline evidence gathering around anomalous behaviors.
- Data classification policy templates integrate with data classification and Data Labeling and Monitor (DLM) software. Additionally, the InTERCEPT team has developed a patent pending “multi-factor data sensitivity” algorithm that provides next-level intelligence for decision making, as the automation understands that sensitive data often has more to do with the content creator than classification labels.
- Data regulation compliance supports regulatory compliance with emerging data protection regulations, including HIPAA, CCPA, GDPR, SOX, PCI DSS, ITAR and more.
- Interactive dashboards and executive reports provide full details of insider threat activity and intent, along with full forensic audit trails.
Free Insider Threat Assessment for critical infrastructure entities
DTEX is now offering a comprehensive ‘Insider Threat Assessment’ which identifies and analyzes a critical infrastructure entities’ insider risk posture and data loss vectors across common user activity and behavioral categories.
The assessment is 100% commitment free and available to all energy, water, telecommunications and healthcare organizations with headquarters in Five Eyes countries.
This assessment will provide a thorough review of the Nine Elements of Insider Threat Programs for critical infrastructure entities including direct evaluation of an organization’s maturity against the NITTF Insider Threat Model used by U.S. government entities.
An actionable, easy-to-read report will be delivered and reviewed by DTEX solution architects following the 30-day engagement.