Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

Dune Security User Behavior Events

By integration cybersecurity service providers with Dune Security, we are able to correlate user behavior to their risk score, providing a single pane of glass for user risk management.

 Identity and Access Management (IAM)

Events:

  1. User Login Activities: Tracking successful and failed login attempts allows us to detect potential unauthorized access, brute force attacks and therefore any behavioral anomalies related to user their geographical logins.

  2. Account Lockouts: Accounts that are locked due to multiple failed login attempts, could indicate the individuals being targeted, subsequently increasing the risk.

  3. Multi-Factor Authentication (MFA) Usage: Proof of users aligning within compliance and policies when accessing applications.

  4. Access Requests: Monitoring when users request new access or permissions, and who approves these requests, ensuring proper controls are in place as well as identify any unusual request for access.

Service Providers:

  • Okta Identity Cloud
  • Microsoft Entra ID
  • Google IAM

Endpoint Detection and Response (EDR)

  1. Device Compliance: Ensuring users are accessing company resources with device in compliance with company policies and identifying any anomalies surrounding behavioral activities.

  2. Malicious Device Detection: Identifying any devices accessing the network or resources and ensuring minimal act of malicious activities

  3. Malicious File Detection: Tracking detections of suspicious or malicious files being executed on endpoints, with details on file names, type, and by whom, which may indicate ransomware activity or other malicious behaviors.

  4. Suspicious Network Monitoring: Monitoring unusual or unauthorized outbound network traffic that could indicate a compromised device or data exfiltration.

Service Providers:

  • CrowdStrike Falcon
  • Microsoft Defender
  • SentinelOne Singularity

Data Loss Prevention (DLP)

  1. Data Transfer Attempts: Monitoring users behavior regarding sensitive data (e.g., financial, confidential, personal data etc.) and any attempts of transfers outside the organization via other mediums (email, USB drives, cloud storage, etc.).

  2. Policy Violations: Tracking attempts to access or send data that violates DLP policies, such as trying to send unencrypted sensitive data over email.

  3. Clipboard Monitoring: Detecting users attempting to copy or paste sensitive data to the computer clipboard, which could indicate an intentional or unintentional attempt to transfer sensitive data.

  4. Cloud Data Access: Tracking unauthorized users attempting to access sensitive data from cloud storage platforms

  5. Endpoint Actions: Monitoring for the use of external devices like USB drives or external hard drives to transfer data, particularly on sensitive machines.

Service Providers:

  • Microsoft Purview
  • Symantec DLP
  • Forcepoint DLP

Email Reporting System

  1. Phishing Report Submissions: Tracking how often users report suspected phishing emails using the native reporting button, providing insights into awareness, potential threats, and therefore identifying any risks associated to the individual

  2. User Engagement: Monitoring the frequency and consistency of individual users reporting phishing attempts, which could indicate either awareness or complacency.

  3. Suspicious URL Clicks: Tracking if a user clicks a reported phishing link or visits a dangerous URL, helping to identify potential compromises.

  4. Response Time to Reports: Measuring how quickly the security team responds to reported phishing emails, which helps in assessing the efficiency of phishing incident management.

Service Providers:

  • Microsoft Report Phishing
  • Proofpoint PhishAlarm
  • Cofense Reporter

Human Resource Information System (HRIS)

  1. Employee Data Updates: Tracking changes in personal or employment details, such as name, position, salary, or department, to ensure all updates are legitimate.

  2. Role/Department Changes: Monitoring Human Resource (HR) changes regarding user roles and permissions identifies a change in risk as an individual within the organization

  3. User Onboarding/Off-boarding: Tracking new employees' account creation and existing employees’ access revocation upon termination to identify unwanted activities

  4. HR/Account Correlation: Correlating HR identities against account activities allows the identification of any rogue behaviors regarding any unmanaged accounts.

  5. Audit Trails: Monitoring all user activity for auditing purposes, ensuring all actions within the HRIS are logged for compliance and traceability.

Service Providers:

  • Workday HCM
  • ADP Workforce Now