THE SECURONIX SOLUTION
Inactive Unix Account Cleanup
The client required an automated process that would detect inactivity of Unix accounts and flag for the suspension or removal of such accounts after a stated period of inactivity. Securonix was setup to detect inactivity of these accounts according to the customer’s policies and create alerts that would allow the security team to remove these accounts and privileges.
Service Account Monitoring
By policy, Windows Service Accounts are not allowed to perform interactive logon capability for a period of more than 14 days from the time they are provisioned. The client needed the ability to detect interactive logon activities that were happening past the set time frame and provide alerts on these activities.
Monitoring High Privileged Account Interactive Logins on Service Account
According to the customers policy, Windows Service Accounts are not allowed to perform interactive logon ability for a period of more than 14 days. The goal was to identify Unix and Windows non personal accounts as well as High Privileged Accounts with the ability to establish interactive logon sessions that are granted Administrative Access on servers that host critical systems or SOX L1 regulated applications and flag them for remediation.
Non Admin Accounts Present in Admin Groups
The client defined a goal to be able to identify Non ‘Admin’ accounts that are present in admin groups within the different directory services in the organization. According to the customer’s policy, users should never use their primary identity account present in admin or high privileged groups. Securonix Privileged Account Intelligence was used to detect such cases and flag them for remediation.
Terminated Users Access Privileges Cleanup
The objective was to create the capability to allow the customer to rapidly detect accounts and entitlements that are not deleted from the organizations directories within 48 hours of a user’s termination. Securonix was used to detect the termination flags in the company’s HR system and immediately identify events where employees were terminated while leaving their access entitlements intact.
Continuous Provisioning Control Violation
Detect accounts with privileged entitlements or accounts in privileged groups that are created directly on the Windows or Unix directory services thus circumventing the company’s IDM system. This was done by comparing account creation events to trace or evidence of creation in the IDM activity logs.
Smart Card Enforcement Violation
The client has strict rules and policies governing physical access through smart cards. The policy states that privileged accounts not having smart card authentication should not be seen logging in to systems. The capability was needed to detect such events and create the relevant flags and alerts.
Real time Fire call account Monitoring
Identify Fire call accounts that have been used on High Privileged Accounts on Windows/Unix Servers that do not show correlated check out activity in the vault(CyberArk).