DTEX Systems released DTEX InTERCEPT for Behavioral Data Loss Prevention designed to address the data protection and insider risk challenges of the distributed and digital enterprise.
Data Loss Prevention solutions are integral to every public and private organization’s cybersecurity framework. First-generation solutions have struggled in modern environments, as they deliver slow time to value, come with heavy on-premises deployment models, and only deliver partial data-lifecycle visibility.
In addition, the lack of context and user behavioral analysis informing automated prevention actions results in a high number of false-positives, reducing efficacy and the ability to meet organizational investment and data security objectives.
“Modern DLP requires a multi-faceted approach, which the InTERCEPT platform embraces. By utilizing machine learning and “next-generation” behavioral analytics, DTEX looks to address the limitations it sees with today’s approach to DLP by looking broadly at a number of vectors when assessing how any piece of information is being used,” said Paul Stringfellow, Senior Analyst with GigaOm.
“DTEX does not rely solely on data classification, though it still plays a role in its approach. This solution instead uses a data lineage approach, not looking at individual data actions in isolation but rather at the who, what, where, when, and why of usage to build a more detailed and accurate picture of user intent.”
The data-centric approach of traditional DLP tools comes at a notable cost and time commitment for endpoint security specialists and SOC teams as the configuration and administration of the rules and policies that are meant to stop data exfiltration and trigger alerts require constant tuning to be effective.
The newest release of DTEX InTERCEPT for Behavioral Data Loss Prevention further addresses the design, architectural, and functional inadequacies of first-generation, data-centric Endpoint DLP solutions.
“With DTEX InTERCEPT, we understand what is happening to our data, who is using it, and where it is going, because we can truly evaluate behavior,” said Bruce Moore, CIO at the Victorian Rail Track Corporation. “If important data is being used or replicated in ways that seem abnormal or unnecessary, such as attempts to copy to external drives or uploads to non-corporate cloud storage sites, this signals a risk. If this behavior is negligent, we can take steps to educate the user. If it is malicious, we can take appropriate action to ensure that data meant for our organization, stays within our organization.”
DTEX InTERCEPT for Behavioral Data Loss Prevention provides customers with data utilization, modification, and protection capabilities that meet the dynamic needs of today’s distributed organization:
Workforce behavioral intelligence & analytics: DTEX InTERCEPT for Behavioral Data Loss Prevention demystifies the context and intent of human behaviors without violating the trust and privacy of employees. DTEX utilizes data science to collect, analyze, and baseline acceptable user behavior by role, department, and geography. Alert stacking and activity scoring algorithms accurately detect deviations that precede data loss events and prevent data loss resulting from compromised, malicious, and negligent behaviors.
360o enterprise DMAP+ visibility: DTEX InTERCEPT employs continuous, lightweight endpoint meta-data capture and behavioral monitoring across every Windows, Mac, Linux, and Citrix endpoint and server, both on and off-network. More than 500 data elements are collected, analyzed and used to continuously update a forensic audit trail of scored user behaviors and made available to analysts in real-time for response and investigations.
File lineage forensics & auditing: DTEX InTERCEPT for Data Loss Prevention delivers a full audit history detailing file activity to enable a real-time, contextual understanding of the severity of ‘indicators of intent’ that precede a data loss event. It delivers a full audit trail of who is involved and when each file is created, modified, aggregated, obfuscated, archived, encrypted, and deleted. These added attributes provide a clear distinction between normal activity and true data loss scenarios.
Sensitive data profiling: DTEX InTERCEPT’s sensitive data profiles and analytics addresses issues caused by traditional DLP solutions by inferring sensitivity based upon file lineage, file location, creation, user role, file types, and many additional file attributes. This telemetry is correlated with a user’s behavior profile, as well as leading data classification tools, to detect data loss without reliance on content-aware rules. This dramatically decreases false positive events, the time needed for administrators to tune rules, and analyst time to investigate data loss alerts.
Risk-adaptive data protection: DTEX InTERCEPT protects sensitive data and IP from leaving an organization with multiple, highly accurate and dynamic enforcement capabilities. Data loss is prevented intelligently when a user’s behavioral risk score exceeds an organization’s threshold by blocking specific application processes and network connections that are not part of normal or approved workflows.
This includes blocking FTP, large files in email, and access to certain cloud services. Additionally, SOC teams and analysts can remotely remove a user’s credentials and lock them out of their device. These risk-based blocking features best meet the requirements of today’s distributed workforce, reduce operational overhead, and eliminate false positives.
Regulatory data loss compliance: DTEX InTERCEPT supports a balanced and proportional approach to data loss prevention that exceeds the requirements of regulatory mandates with out of the box compliance for HIPAA, CCPA, GDPR, SOX, PCI DSS, ITAR, and others.
Cloud architecture & interoperability: DTEX InTERCEPT’s SASE architecture introduces a lightweight forwarder that requires no more than 3-5MB of bandwidth per day per endpoint and utilizes less than 1% CPU. Data is collected and synchronized in near real-time with DTEX’s Cloud Analytics Engine for analysis, detection, and prevention, eliminating the likelihood of user productivity issues and ensuring seamless interoperability with NGAV, IAM, and UEBA solutions.
“The future of data loss prevention and protection is people-centric, not data-centric,” said Mohan Koo, CTO and Co-founder at DTEX Systems. “Content detection that triggers on every file using heavy endpoint agents is archaic, often creates more questions than answers and routinely ‘blue screens’ user machines as they are trying to do their jobs. In contrast, DTEX InTERCEPT for Behavioral Data Loss Prevention takes a human approach utilizing hundreds of meta-data elements that genuinely express a user’s actions and intent when interacting with data. No more false positives; simply real-time, risk-based scoring of risk to data that prevents exfiltration events.”