Phase 1: Advanced Analysis and Reporting

At the end of this phase, security administrators and other stakeholders get instant access to each user identity and the activities conducted by them within the enterprise. They get a summarized view of user activities and a comparison of user activities with their peers.

	Phase 2: Detection and Management of Suspicious Behavior

Securonix Behavior Profiler provides a highly flexible policy evaluation engine that checks for deviations from normal user and peer behavior.

The suspiciousness of any transaction is ranked based on a proprietary SmartRank algorithm that assigns adaptive weights based on user, peer, resource and transactional information.

Security administrators get instant access to the most suspicious transactions happening within the enterprise. Each suspicious activity can be tagged as being a true anomalous activity, a false positive non-anomalous activity or can even be tagged for further investigation.

Business workflows can be triggered based on the suspiciousness of a transaction to get the appropriate stakeholders involved.

At the end of this phase, security administrators and other stakeholders can detect suspicious behavior based on deviations from user and peer behavior profiles.

	Phase 3: Real Time Anomaly Detection

Securonix Event Analyzer uses machine learning algorithms to mine for policies to detect user anomalous behavior. These policies are utilized by log monitoring agents residing on individual applications or log management/system event monitoring technologies to detect truly anomalous user behavior. Security alerts and business workflows are triggered when anomalous behavior is detected.

At the end of this phase, anomalous user behavior is detected in near real time by event log monitoring agents.

Click here to request a copy of our complete methodology document.