Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

Dune Security Adaptive Security Controls

Integrate with the rest of your security stack to enable enhanced insights and adaptive security controls.

This document outlines Dune Security's vision for adapting security controls based on high-risk user profiles and activities. These upcoming features will enable automated, risk-based decisions across various systems. By pioneering a user-centric security model, DuneSecurity enhances enterprise security teams’ capabilities through greater automation and seamless integration—extending their effectiveness while reducing manual workload.

Identity and Access Management (IAM)

Adapt controls for user authentication and access management:

  1. Stricter MFA Enforcement: dynamically trigger stricter MFA policies and requirements for high-risk users, not just at login. For example, prohibit text-based MFA and instead require Phishing Resistant MFA (FIDO2 protocol).

  2. Password Policy Enforcement: for users identified with high-risk behaviors, enforce stronger password requirements and require frequent password resets.

  3. Session Restrictions: automatically restrict session lengths for high-risk users, requiring re-authentication after shorter intervals.

  4. Role-Based and Conditional Access Adjustments: remove or downgrade excessive permissions if a user’s risk score increases due to suspicious behavior.

  5. Lockout Policy: Increase account lockout durations after multiple failed login attempts by high-risk users to prevent brute-force attacks.

 

Secure Email Gateway (SEG)

Enforce adaptive email security measures that dynamically increase based on user behavior:
    1. Email Quarantine: automatically quarantine emails with specific attachments for users with high-risk scores. Emails are held in quarantine until sandbox analysis verifies they are safe, introducing a delay to prevent immediate access to potentially malicious content.
    2. Attachment Scanning and Blocking: for users with high-risk profiles, force all attachments to undergo sandbox malware scanning before delivery. If a user’s risk score exceeds a certain threshold, block attachments entirely to prevent exposure to malicious files.
    3. External Sender Restrictions: block emails from new or unrecognized external senders for high-risk users. This control limits exposure to phishing attempts by preventing communication with untrusted sources.
    4. Link Disarming: disable all clickable links within emails for users flagged as high-risk. These users must manually copy and paste URLs into their browsers, increasing friction and reducing the risk of clicking on malicious links.
    5. Email Forwarding Controls: block email forwarding to external domains for any high-risk user.
    6. Contextual Warnings for High-Risk Users: display real-time/in-line warnings (e.g. a banner within the message) when high-risk users attempt to interact with emails containing suspicious content or attachments.

    Ticketing Workflow

    Enhance incident response and workflow automation by automating ticketing to the SIEM, SOAR, or general ticketing (e.g. ServiceNow, Jira), Workday:

      1. SIEM and SOAR
        1. Anomalous Behavior Detection: generate high-priority tickets for suspicious behaviors, like repeated login failures or access from unusual locations. Trigger immediate actions like session termination or blocking access.
        2. Social Engineering Alerts: detect when high-risk users engage with phishing attempts. Generate tickets and trigger automated responses, such as increasing email security measures or scheduling user re-training.
        3. Privilege Escalation & Data Exfiltration: automatically flag unauthorized attempts to escalate privileges or transfer large volumes of data. Trigger account lockouts, enforce password resets, or isolate affected systems.
        4. Dynamic Incident Escalation: elevate ticket priority when risk scores exceed set thresholds. Automatically activate SOAR playbooks to isolate endpoints, block network access, or initiate deeper investigations.
        5. Automated Policy Enforcement: create tickets for policy violations, like accessing restricted data, with automated responses to enforce MFA or require re-authentication.
        6. Real-Time Notifications: alert SOC teams and stakeholders to coordinate immediate responses, reducing time to resolution.
      2. IT Ticketing (e.g. ServiceNow, Jira)
        1. High-Risk Threshold: generate IT tickets when users hit certain high-risk threshold
        2. Over Permissioning and Anomalous Behavior Alerts: generate IT tickets when users are excessively permissioned, request access to resources outside their usual scope, or are behaving in anomalous manners.
        3. Device Security Compliance: if high-risk users connect to the network using unauthorized or non-compliant devices, automatically trigger IT tickets to revoke access or initiate device audits. This prevents the introduction of vulnerabilities into the organization’s network.
        4. Phishing Simulation Failures: generate IT tickets for users who repeatedly fail phishing simulations, suggesting targeted training or adjusting email security settings to reduce their exposure to real-world attacks.
      3. HRIS Ticketing
        1. Policy Violation Tracking: create HRIS tickets if users exhibit behavior that violates company policies, such as accessing sensitive HR data without authorization or attempting to transfer confidential information to personal devices.
        2. High-Risk Behavior Reporting: generate HRIS tickets when user activities suggest potential insider threats, such as accessing restricted files, tampering with records, or attempting unauthorized downloads.
        3. Social Engineering Vulnerability: For users repeatedly falling for social engineering simulations, create HRIS tickets to schedule additional training or risk assessments. This helps improve user resilience against phishing and other social engineering tactics.
        4. Compliance Audits: If a user’s risk score remains elevated over a period, generate HRIS tickets to trigger compliance reviews, which may include performance evaluations or corrective actions to mitigate risks.

      ZTNA / SASE / SSE

      Configure network access controls dynamically based on user behavior and risk profiles:

        1. Restricted Domain Access: Automatically limit network access to a pre-approved list of corporate domains for high-risk users.
        2. Geo-Restrictions: Enforce access restrictions based on geographic locations. If a user logs in from an unusual location or country, block network access or require additional verification.
        3. VPN Access Control: Block VPN connections from non-corporate IP addresses if a user’s risk score is elevated.
        4. Session-Based Network Segmentation: Isolate high-risk users' network sessions by redirecting them to segmented environments with limited access to sensitive resources.
        5. Time-Based Access Control: Restrict network access outside of standard working hours for users with high-risk score, reducing potential attack windows.
        6. Application Whitelisting: Allow access only to whitelisted applications and cloud services for users flagged as high-risk.