DLP Data Loss Prevention
DTEX behavioral DLP focuses on context, not content.
The behaviors leading up to a data exfiltration event are more important than the event itself. This context indicates the type of insider risk and aids in determining next steps.
Risk modeling and effective DLP in a single platform
Data Loss Prevention (DLP) solutions are an integral part of most public and private organizations’ cybersecurity framework. The file-centric approach of legacy DLP solutions, however, has failed to keep sensitive IP safe and prevent data exfiltration. This is due in part to cumbersome rules and policy management and lack of behavioral context and visibility. Intrusive file and application scanning have created additional performance issues that interfere with user workflows and block normal business processes.
DTEX Behavioral DLP addresses the design and functional inadequacies of file-centric endpoint DLP solutions with a set of
unique capabilities to meet the dynamic needs of modern organizations.
DTEX InTERCEPT
DTEX InTERCEPT™ is a purpose-built insider risk management platform that consolidates the essential capabilities of data loss prevention (DLP), user and entity behavior analytics (UEBA), and user activity monitoring (UAM) in a single platform to provide early detection and mitigation of insider risks. DTEX InTERCEPT does not rely on rules to identify threats and so does not require constant tuning. Instead, DTEX uses a different technique, employing continuous, behavioral monitoring through lightweight endpoint metadata capture.
Data Loss Protection for Endpoints and Servers
DTEX supports Windows, Mac, Linux and Citrix endpoints and servers that are deployed in the cloud, on-premises or as virtual servers and monitors activity both on and off-network. InTERCEPT protects cloud, on-premises and virtual servers with real-time visibility into all user activity and applies advanced analytics to discern legitimate activity from malicious, including activity commonly associated with data loss such as reconnaissance, obfuscation and circumvention. This pinpoints threats early in the kill chain to identify risks before exfiltration. Through this emerging risk approach, DTEX metadata and behavioral enrichment work together to accurately identify the access, sharing, and transformation of data assets.
Risk-Adaptive Data Protection
DTEX creates dynamic risk scores and captures all file activity, enabling a more effective, contextual understanding of data movement. DTEX can then identify indicators of intent around a data event, preventing insider risks from turning into insider threats.
File Lineage, Forensics & Auditing
DTEX behavioral DLP works holistically to capture and track full file lineage including a complete audit trail of when each file is created, modified, aggregated, obfuscated, archived, encrypted, deleted, and by who. This quickly and visually answers questions like, “How many versions of this file are there? How much effort went into the file or data set?,” providing a clear picture of file changes that can highlight unusual activity.
Sensitive Data Profiling
DTEX sensitive data profiles automatically infer data sensitivity based on file lineage, file type, creator, audience, investment of time, and other file attributes. This approach is designed to identify sensitive information in unstructured data, without having to inspect the data itself. The digital fingerprint classifies data, not the contents. For this reason, InTERCEPT is a valuable complement to email security solutions and network based DLP products. Then telemetry is correlated with user behavior profiles and leading data classification tools to detect the movement of sensitive data without heavy content-aware rules.
Risk-Based Blocking
DTEX InTERCEPT protects sensitive data and IP from leaving an organization with dynamic enforcement capabilities that reduces operational overhead and eliminates false positives. InTERCEPT can act on data from across the security ecosystem by blocking specific ‘process network connections’ that are not part of normal or approved workflows. It can block FTP, large files in email as well as block access to certain cloud services. InTERCEPT also supports remotely removing user credentials and locking devices.
Data Labeling
DTEX natively integrates data classification labels from major data classification solutions to help determine when sensitive data is being transferred. Data sensitivity labels can be used in rules to elevate the risk score of an individual and generate an alert. Classifying data related to intellectual property can become very expensive, and while DTEX integrates with these tools, InTERCEPT is a powerful alternative to traditional classification that is more effective for intellectual property and other sensitive data that isn’t just PHI, IP, credit card numbers.
To improve on data labeling, DTEX behavioral DLP automatically profiles files based on creator, audience, investment of time, lineage and many other factors, so DTEX can identify anomalous behaviors well before a data loss event occurs.
AI-Driven Investigations
The DTEX Ai³ Risk Assistant helps guide investigations that empower analysts with summarized user activity and to ask pointed questions like where sensitive data is going, who is accessing it, and most importantly, why. DTEX also detects end user interactions with generative AI chat sites, critical functionality to prevent unauthorized sharing, use, or transfer of sensitive information.
Regulatory Data Loss Compliance
DTEX InTERCEPT supports a balanced and proportional approach to data loss prevention that exceeds the requirements of regulatory mandates with out-of-the-box compliance for HIPAA, CCPA, GDPR, SOX, PCI DSS, ITAR and others.
DTEX Behavioral DLP vs. Rule-Based DLP
The DTEX behavioral scoring mechanism is based on a comprehensive collection of activities which enables InTERCEPT to alert on only truly suspicious events, saving time and empowering the analyst with full context about any given incident.
Anomaly detection compares suspicious events from an individual user to the department and the organization as a whole, quickly indicating what is normal and what is suspicious. The timeline below highlights these differences.