Next DLP, a leader in insider risk and data protection, has announced XTND AI, an artificial intelligence-powered assistant that extends insider risk and data security analysts’ expertise, enabling every member of the security team to contribute to the business at a higher level.

XTND stands out as a transformative tool, enabling every member of the security team, regardless of their skill level, to operate at a more advanced level of expertise and contribute more effectively to the organisation’s business objectives.

The assistant represents a significant addition to the Reveal Platform’s already comprehensive detection and response capabilities.

XTND operates on a multi-layered approach to ensure maximum efficiency and effectiveness in addressing insider risks and data security concerns. The first layer provides organisations with a detailed analysis of user interactions with data. This includes establishing a comprehensive understanding of what constitutes normal behaviour by examining individual, peer group and organisational baselines.

The second layer focuses on identifying and assessing risky user behaviours. This involves a sophisticated process of sequencing user actions, assigning risk scores, and mapping these behaviours to the well-established MITRE ATT&CK framework. This framework is a globally accessible knowledge base of adversary tactics and techniques, which is used extensively in the cybersecurity industry to understand and mitigate threats.

Innovation

With the introduction of XTND, the Reveal Platform integrates a crucial third layer. XTND enhances incident response by contextualising, summarising and presenting data exfiltration incidents in a format that is easily digestible for analysts. This feature is not just limited to the security team; it can also be extended to other stakeholders in the business as needed, facilitating a more collaborative and informed approach to handling security threats.

John Stringer, head of product at Next DLP, emphasises the importance of XTND in the context of data exfiltration events. He notes that two critical metrics in managing such events are the time to contain (TTC) and the time to respond (TTR). These metrics are pivotal in limiting the impact of data breaches. XTND is designed to enhance the efficiency of analysts in conducting investigations, thereby controlling the costs associated with running an effective insider risk programme.

The innovation of XTND lies not just in optimising the analyst experience and simplifying workflows. It also extends the expertise of analysts across various skill levels, allowing them to perform more complex tasks with greater ease. This democratisation of skills within the security team is a significant step forward in ensuring robust and proactive data protection.

An additional advantage of XTND is its integration of the MITRE ATT&CK Insider Threat mapping. This feature provides essential context and support, especially for security teams that might not have a dedicated insider risk function. “This capability alone is a huge time saver for analysts who need to take a detection data set and turn it into a summary that a business stakeholder can read and understand the who, why, when and how of what happened,: Stringer says.

For organisations where resources are limited or where insider risk functions are integrated into broader security roles, XTND offers a valuable tool to understand and mitigate insider threats effectively.

This integration is particularly beneficial as it enables teams to identify threat patterns and understand the methodologies used by potential insider threats quickly and accurately. “We’ve built a prompt interface for XTND into our incident and case management user interfaces to provide analysts with information contextualising the observed activity. For example, how common is it for an employee or someone in their job role to download, upload or share data with the user entity or SaaS application identified?”

By leveraging this comprehensive threat modelling, XTND significantly reduces the time required to contain and respond to insider threats. This reduction in TTC and TTR not only enhances the security posture of an organisation but also has a positive impact on its overall operational efficiency.

Moreover, XTND’s user-friendly interface and intuitive operation ensure that it can be seamlessly integrated into existing security workflows. This ease of integration means that organisations can quickly adopt XTND without the need for extensive training or significant changes to their current processes. This aspect of XTND is crucial for organisations looking to enhance their security capabilities without disrupting their ongoing operations.

In conclusion, XTND by Next DLP represents a significant leap forward in the field of insider risk and data protection. Its multi-layered approach, integration of MITRE ATT&CK framework, and user-friendly design make it an invaluable tool for organisations seeking to enhance their security posture. As cyber threats continue to evolve, tools like XTND will play an increasingly important role in helping organisations protect their sensitive data and maintain their competitive edge in the digital landscape.

About Next DLP
Next DLP (“Next”) is a leading insider risk and data protection solution provider. The Reveal Platform by Next uncovers risk, stops data loss, educates employees, and fulfils security, compliance and regulatory needs. The company’s leadership brings decades of cyber and technology experience from Fortra (previously HelpSystems), Digital Guardian, Crowdstrike, Forcepoint, Mimecast, IBM, Cisco and Veracode. Next is trusted by organisations big and small, from the Fortune 100 to fast-growing healthcare and technology companies. For more information, visit www.nextdlp.com.