Securonix Privileged Account Analytics
Challenge: Protecting the Keys to the Kingdom
High privileged users, service and shared accounts are the primary targets and tools for insider and external attackers. Their elevated permissions allow them access to the most sensitive transactions, data, and the ability to create new privileged accounts or elevate privileges for misuse. Organizations face enormous challenges in monitoring these accounts due to the sheer numbers, volume of activity data they generate, and their inability to differentiate misuse from legitimate use. Effectively monitoring privileged accounts is not just an important compliance requirement but also a critical threat management capability.
Solution: Real-time threat and risk monitoring
Securonix automatically identifies privileged users, service and shared accounts and then monitors them for abnormal usage associated with insider and external attacks along with key compliance requirements. All abnormal account activity or policy violations can be investigated using Securonix or integrated into the leading Privileged Account Management (PAM) solutions. Securonix also takes activity and event information directly from PAM solutions and enriches the data with identity context, analyzes for abnormal behavior, and re-prioritizes based on their relative risk level. This out-of-the-box solution delivers:
- Automated discovery of privileged service, shared, and human accounts through advanced correlation
- Rapid detection of abnormal high privilege account and user behavior
- High risk activity and access detection using peer group analysis
Benefits: Rapid Detection & Improved compliance with reduced risk
Securonix provides a plug-n-play solution to meet key compliance and threat management needs with the following benefits:
- Efficient Compliance. Securonix removes the costly and time consuming process of privileged account detection and log review enabling a streamlined and scalable monitoring program.
- Improved Protection. Using automated and adaptive behavior as well as peer group profiling of privileged account and user behavior, Securonix detects abnormal activity associated with insider and external attacks that cannot be detected using traditional techniques.
Privileged Account Detection and Security Profiling
Using advanced correlation techniques and system specific rules Securonix automatically identifies user, service, and shared accounts. All access entitlements, users, transactional activity, and security events are continuously linked to a specific account allowing for a comprehensive “Security Profile” of each privileged account.
Behavior Anomaly Detection
All privileged activity for privileged users, service, and shared accounts are analyzed and transformed into multi-dimensional behavior profiles that can be filtered by transaction type and time frame. These behavior profiles are automatically updated and any anomalous activity away from the standard behavior profiles is detected