DTEX Systems announced a partnership with Splunk to deliver a zero-trust approach to insider risk intelligence, data loss prevention and security operations orchestration and response.
Splunk and DTEX Systems are accelerating security response times and root cause analysis, driving faster event resolution with advanced analytics and reporting, as well as decreasing manual security and IT operations. DTEX InTERCEPT’s human-based endpoint telemetry provides the full context around the data, machines, applications, and people involved in an event via a single, noise-free endpoint data signal.
DTEX InTERCEPT brings a previously unavailable data source to existing cyber security architectures that multiplies the value of NGAV while allowing for the consolidation of UEBA, endpoint DLP and digital forensics tools. It’s next-generation DMAP+ forwarders and cloud analytics engine deliver a single endpoint data source to Splunk security solutions to proactively identify insider threats, predict data loss events, protect remote workers, flag possible credential compromise, and monitor file servers and packaged applications for abnormal behavior and requests.
“Early customer response to our integrated solution with Splunk Enterprise Security and Splunk SOAR has been overwhelmingly positive,” said Mohan Koo, Co-founder and Chief Technology Officer at DTEX Systems. “Unlike legacy solutions, DTEX InTERCEPT provides a simple and clear view of human activity, and because the hundreds of meta-data elements we collect are filtered at the source, the number of notable events that require investigation drops by nearly ninety-percent. This means overworked SOC teams and analysts spend more time focused on what matters and can have full confidence in automated response and orchestration workflows.”
Splunk Enterprise Security ingests DTEX InTERCEPT’s risk-based alerts, also known as ‘Indicators of Intent,’ from the Splunk Security Analytics Platform. It uses these alerts to provide customers with a better, more contextually rich understanding of how user activity is influencing what’s happening in their environments and if those behaviors are creating risks to data, users and operational processes.
How organizations are utilizing DTEX InTERCEPT with Splunk enterprise security & SOAR
- Visibility and collection of hundreds of unique meta-data elements and user activities transformed into Splunk CIM format (no contextual losses) for a noise-free endpoint data signal.
- Accelerated response times and root cause analysis within the Splunk ES console using real-time, detailed inside risk analytics and risk-based notifications.
- Notable event enrichment with human-behavioral intent telemetry to support faster, more automated remediation.
from Help Net Security https://ift.tt/3usn7aj
0 comments:
Post a Comment