Next-Gen Anti-Virus (NGAV) technology has greatly improved many organizations abilities to detect, identify and stop malware from infecting their endpoints, servers and networks. Its efficacy over legacy solutions is undebatable. So why are we continuing to hear about the frequency and severity in data breaches increasing? Its simple really humans. Users remain the elusive missing link whos behavior has the most impact on an organizations risk posture.

In a recent webinar, we heard from Stephen Seljan, Security Operations Manager at Equinix, who shared how Equinix is super-charging its NGAV tool with behavioral DLP and human activity forensics with the help of DTEX.

Below, weve summarized the key points highlighted within the webinar for those not able to listen for the full hour. Hopefully, learning about the seven ways Equinix is utilizing workforce cyber security alongside NGAV will help other organizations emulate what the company has done successfully to improve their own security posture.

1. Root Cause Analysis Back in February, Equinix had a user whose Office 365 account was compromised with a known MFA bypass vulnerability. This led the company to ask a number of questions: Was this a drive by? Was this scanning? How did this happen?

With DTEX, Equinix was empowered to go back through this particular users history in detail to see that he unknowingly fell victim to a targeted phishing attack. With the ability to duplicate everything that happened, the company was able to determine how the attack occurred in addition to identifying other weaknesses introducing areas of vulnerability. This level of visibility and root cause analysis proved crucial in explaining this first attack and preventing future attacks.

2. Data Exfiltration All companies continuously strive to prevent data exfiltration. Equinix worked with DTEX to help solve part of this challenge by looking at the amount of data and specific files an individual transfers. For instance, with the capability to see file names and distinguish whether files are sensitive, IT teams have the granularity needed to create rules that identify sensitive file paths so IT can be notified in the event that any employee accesses those directories. With this visibility, IT teams are able to confirm whether the individuals accessing the data should be able to have access, helping to prevent the exfiltration of sensitive files.

3. Work-From-Home (WFH) Engagement Monitoring The shift to remote work has made it increasingly difficult for businesses to tell what employees are doing. With DTEX, Equinix is able to anonymously compare the processes of team members alongside one another to evaluate productivity. This helps the organization to balance workloads more effectively, spot any activities that shouldnt be occurring and support team members to increase productivity.

4. Malicious Insider Detection Equinix, along with other organizations, is constantly working to deter the activity of malicious insiders. DTEXs workforce cyber intelligence and security solution enables the company to anonymously identify what users are engaging in these types of behaviors. So, for example, if a user creates a fake email to send anonymous notes, the organization would be able to see that the anonymous user was engaging with that address through their device. From there, they would be able to identify the individual and address the malicious activity head-on.

5. Shadow IT/ Unwanted Applications Unwanted applications are a huge problem today, especially given the shift to remote work and the friction between IT teams and other members of the organization. In the case of unwanted apps, Equinix is able to look at the most used and least used apps in its environment. With this intel, the company can pinpoint what the least used apps are and evaluate whether theyre necessary. This has enabled the company to spot malicious actors and negligent users introducing risk, and to identify potential licensing issues.

6. Early Ransomware Detection Equinix has benefited from creating alerts for network share discovery. So, anytime files are found on a network share, DTEX helps to rewrite those files and encrypt them. By detecting early whether a system is accessing any network shares out of the norm for that host, the company can stay one step ahead of these types of attacks.

7. User Lockout The ability to lock users out of their system is crucial, especially with users working remotely and in the case of malicious insiders. With this lockout, if users try to login to their system, they will immediately be logged out. This is essential in preventing data exfiltration.

NGAV technology on its own has helped to improve many organizations abilities to detect, identify and stop malware from infecting their endpoints, servers and networks. However, data breaches still occur as a result of NGAVs missing link humans.

With Workforce Cyber Intelligence & Security, organizations like Equinix are empowered to understand the human element and the sequences of human behavior that are impacting an organizations risk posture so that it can be improved.

Interested in learning more about how DTEXs insights are providing an extra layer of security protection? Please reach out to us at [emailprotected] or send us a note here. We look forward to working with you.

The post The Seven Ways Equinix is Plugging the Holes in NGAV with DTEX appeared first on Dtex Systems Inc.

*** This is a Security Bloggers Network syndicated blog from Dtex Systems Inc authored by Jonathan Daly. Read the original post at: https://www.dtexsystems.com/blog/the-seven-ways-equinix-is-plugging-the-holes-in-ngav-with-dtex/

Excerpt from:
The Seven Ways Equinix is Plugging the Holes in NGAV with DTEX - Security Boulevard