DTEX Systems announced new capabilities within its DTEX InTERCEPT for Behavioral DLP solution that expand the scope and protection provided by multiple Microsoft 365 E5 modules to provide wholistic behavioral data loss prevention and workforce activity intelligence capabilities across the entirety of an enterprise’s application, data, and operating system architecture.
Through enhanced integration with the Microsoft Defender for Endpoint and Cloud Apps modules, as well as Information Protection & Governance, DTEX InTERCEPT delivers cross-platform user behavior telemetry collection, visibility, and analysis capabilities that answer the questions of Who, What, Why, When, Where and How related to a user’s intent when interacting with organizational data and IP regardless of geo-location, on or off-network without employing invasive surveillance data gathering techniques.
The behavioral, contextual workforce intelligence provided by DTEX InTERCEPT extends the capabilities of the Microsoft 365 E5 modules to detect and capture intentional data loss incidents, stop intellectual property theft, pinpoint human behavior attribution as well as malware root cause, and prevents the use and misuse of unsanctioned and sanctioned SaaS applications.
DTEX InTERCEPT extends Microsoft Information Protection and Governance module’s data classification capabilities with policy templates and multi-factor data sensitivity algorithms to identify the precursors associated with intentional data loss incidents and protect non-regulated intellectual property such as source code, design documentation, and other unregulated data types and formats.
“Our customers understand that Microsoft 365 E5 Defender and Information Protection tools offer the foundation they need to identify and classify structured, regulatory mandated data and limit negligent data loss,” said Rajan Koo, Chief Customer Success Officer with DTEX Systems. “With DTEX InTERCEPT, our customers are addressing use-cases that require deeper and wider visibility than Microsoft 365 E5 tools can offer, specifically the ability to proactively detect malicious behaviors involving unstructured data and IP, perform real-time analysis in the context of human activity, and to interrupt suspicious behavior sequences and block data exfiltration to prevent a breach.”
DTEX InTERCEPT infuses Microsoft Defender for the Endpoint with powerful human behavior attribution and malware root cause analysis created by mapping user activity against the MITRE ATT&CK framework and its own patented DMAP+ metadata collection, correlation and analytics engine to contextualize IOCs and alerts with user activity intelligence. The result is single-click access to dynamic, insider risk and data loss dashboards that offer evidentiary quality incident and file lineage intelligence with drill-down investigative capabilities that inform rapid, targeted incident response and remediation in support of Microsoft’s IRM case-management tools.
Customers are also utilizing DTEX InTERCEPT to extend Microsoft Defender for Cloud Apps’ powerful IAM capabilities to include the continuous profiling of endpoint access to all web-based resources to detect suspicious SaaS-based uploads and anomalous behavior in real-time without additional configuration. This gives SOC teams and IR analysts the ability to detect both user and peer group anomalies occurring across the entirety of their IT environment including Windows, macOS, Linux, Citrix, VMWare, and other cloud-based environments such as AWS Workspaces.
The additional user attribution, data movement and file lineage, as well as endpoint access intelligence across and beyond an organization’s Microsoft 365 environment captured by DTEX InTERCEPT is seamlessly available within Microsoft Sentinel to enrich SOC operations with user behavior telemetry.