Monitoring the Keys to the Kingdom

Overview

Industry

  • Cross Industry Solution

Supported Systems

  • Custom applications
  • Commercial applications
  • Active Directory
  • Host platforms
  • Databases
  • Mainframe Systems

Securonix Use Cases

  • Privileged account threat and risk monitoring
  • Service account threat monitoring
  • Privileged user monitoring
  • Securonix for Lieberman

Data Sources

  • Application/System logs and entitlements
  • HR/Identity information
  • Privileged Account Mgmt. systems (optional)

Relevant Compliance & Security Best Practices

  • SOX
  • PCI DSS
  • HIPAA/HITECH
  • FISMA
  • FERC/NERC

Challenge: Protecting the Keys to the Kingdom

High privileged users, service and shared accounts are the primary targets and tools for insider and external attackers. Their elevated permissions allow them access to the most sensitive transactions, data, and the ability to create new privileged accounts or elevate privileges for misuse. Organizations face enormous challenges in monitoring these accounts due to the sheer numbers, volume of activity data they generate, and their inability to differentiate misuse from legitimate use. Effectively monitoring privileged accounts is not just an important compliance requirement but also a critical threat management capability.

Solution: Real-time threat and risk monitoring

Securonix automatically identifies privileged users, service and shared accounts and then monitors them for abnormal usage associated with insider and external attacks along with key compliance requirements. All abnormal account activity or policy violations can be investigated using Securonix or integrated into the leading Privileged Account Management (PAM) solutions. Securonix also takes activity and event information directly from PAM solutions and enriches the data with identity context, analyzes for abnormal behavior, and re-prioritizes based on their relative risk level. This out-of-the-box solution delivers:

  • Automated discovery of privileged service, shared, and human accounts through advanced correlation
  • Rapid detection of abnormal high privilege account and user behavior
  • High risk activity and access detection using peer group analysis

Benefits: Rapid Detection & Improved compliance with reduced risk

Securonix provides a plug-n-play solution to meet key compliance and threat management needs with the following benefits:

  • Efficient Compliance. Securonix removes the costly and time consuming process of privileged account detection and log review enabling a streamlined and scalable monitoring program.
  • Improved Protection. Using automated and adaptive behavior as well as peer group profiling of privileged account and user behavior, Securonix detects abnormal activity associated with insider and external attacks that cannot be detected using traditional techniques.

Solution Tour

Privileged Account Detection and Security Profiling

Using advanced correlation techniques and system specific rules Securonix automatically identifies user, service, and shared accounts. All access entitlements, users, transactional activity, and security events are continuously linked to a specific account allowing for a comprehensive “Security Profile” of each privileged account.

User Risk and Threat Monitoring

Behavior Anomaly Detection

All privileged activity for privileged users, service, and shared accounts are analyzed and transformed into multi-dimensional behavior profiles that can be filtered by transaction type and time frame. These behavior profiles are automatically updated and any anomalous activity away from the standard behavior profiles is detected

HPA Monitoring