Federal Government
60,000+ employees
United States
Lightweight IRM with integrated behavioral analytics, forensic depth, and DHS-compliant data visibility.
- Streamlined Compliance
- Improved Detection and Forensics
- Mission-Aligned Performance
A major U.S. federal agency undertook a strategic initiative to modernize its approach to insider risk. Following the mandate of Executive Order 13587, which requires the deployment of User Activity Monitoring (UAM) and User Entity and Behavior Analytics (UEBA) across government networks, the agency sought a solution capable of delivering real-time visibility, behavioral context, and policy compliance without returning to legacy tools that had failed to meet evolving needs.
Company profile
This U.S. federal agency operates in a highly regulated environment, where security, compliance, and operational effectiveness are critical. After years of relying on pooled licenses from an older vendor managed centrally from headquarters, the agency was granted the ability to select its own technology, provided it could still deliver the required data and fund the initiative internally. This shift opened the door for a modern approach to insider threat detection, enabling the consolidation of telemetry and improving overall security performance.
The need
The agency needed to implement an integrated insider risk platform to unify telemetry across its networks and satisfy UAM/UEBA requirements. Internal stakeholders were dissatisfied with existing tooling, citing limited behavioral insight, lack of flexibility, and underwhelming performance. The stakes were high: any solution had to support multiple teams, including investigations, inspections, analytics, and legal, while meeting strict federal standards around privacy and operational continuity.
This required a solution that could deliver high-fidelity behavioral visibility across endpoints, provide strong forensic capability, and integrate seamlessly into a complex and heavily governed environment. To complicate the situation, the agency made an emergency request to be fully functional in 3 days.
The solution
The agency selected the DTEX Platform as the foundation of its insider risk program. After installing a 40,000-endpoint system in 24 hours, the agency was up and functioning in its hardened environment, designed to reduce vulnerabilities, minimize the attack surface, and strengthen defenses. DTEX delivered a single, lightweight platform that consolidated UAM, behavioral analytics, and endpoint forensics without requiring heavy infrastructure or disrupting productivity. The DTEX Platform provided real-time visibility into user activity and intent, enabling the agency to identify risky or anomalous behavior across departments and job functions.
DTEX worked closely with stakeholders across the agency, including security operations, insider threat, data protection, and legal, to align the solution with operational workflows. Through tailored sessions, deep technical validation, and demonstrated integration with MITRE ATT&CK, DTEX established itself as a trusted partner capable of supporting current needs and long-term mission success.
The results
The agency met its mandate by adopting the DTEX Platform as its insider risk management solution while advancing operational visibility and control.
Benefits
- Streamlined Compliance: DTEX provides a unified approach to UAM and UBA, enabling the agency to fulfill DHS requirements without legacy limitations
- Improved Detection and Forensics: Real-time behavioral context and forensic depth support investigations and inspections across multiple offices.
- Mission-Aligned Performance: Lightweight deployment and strong privacy controls ensure the platform supports security goals and constitutional obligations.
Related Case Studies
Ready to Learn More?
For further insights on how the DTEX Platform secures critical infrastructure, request a demo.