INSURANCE CASE STUDY:
Insurance Provider Streamlines Privileged Access and Activity Monitoring

Securonix High Privileged Account Intelligence

 

THE BUSINESS

One of the largest life insurance companies in the US and around the world, this NY based insurance company is Fortune 500 company with hundreds of billions of dollars under management.

 

THE CHALLENGES

With several critical applications hosted on a legacy mainframe environment, the client was concerned about the access that users had on these applications and their usage of the applications. The lack of a single pane to see the granular access held by each user and the transactions run by the users was a blind spot for security professionals. With millions of transactions occurring on the mainframe applications, it was virtually impossible to detect suspicious transactions.

Additionally, the customer is using Symantec’s DLP product to track sensitive files on systems but was unable to detect rogue activity or access to these files, thus severely limiting their ability to protect their most sensitive data.

Although access was being reviewed from a compliance basis on individual systems or applications, they had no automated way of detecting high risk rogue access without the business doing manual access reviews across millions of entitlements.

 

THE SECURONIX SOLUTION

The Securonix application was used to correlate user identity, mainframe activities, mainframe access, Symantec DLP events and Active Directory events. By establishing a comprehensive security profile for each user, system, and application that baselined all access and activity for user or resource, the Securonix solution was used to detect suspicious activities and rogue access privileges through the use of outlier and behavior analysis. The result was seen by the security team in terms of the high risk alerts generated when users were accessing applications and data that they should not have been. The security team used the Securonix application to perform in-depth investigations across their critical business applications and systems.

 

Overview

Industry

  • Insurance

Securonix Use Cases

  • Privileged Account Monitoring
  • Data Exfiltration Intelligence
  • Mainframe Activity Monitoring
  • Access Intelligence

Securonix Solutions

 

Business Impact

  • Increased Efficiency in Access Control
  • Monitoring User Activity in Critical Applications
  • Reduced Time for Investigation and Incident Response Team

Data Sources

  • Vontu logs
  • ACF2 mainframe application logs and access entitlements
  • Web application and AD entitlements

Solution Tour

  • Efficient Monitoring of Mainframe Systems

  • Automated and Efficient Access Control

  • Identified Sensitive Files Being Accessed by Users

  • Continuous Risk Profiling & Monitoring

Prior to Securonix, the company’s mainframe team would manually review the large and complex set of logs across the numerous applications and their corresponding transaction sets. With Securonix the team was able to make use of the solution’s Privileged Account Intelligence module to automatically detect the outlying transactions and queue them for a risk-based reviews. Beyond access risk, Securonix’s Data Exfiltration module is used to monitor transactional activity and data access for abnormal usage associated with data exfiltration and misuse.

With the Securonix Access Intelligence solution, the security team was able to automatically detect high-risk rogue access privileges for focused reviews by the business. With 100s of legacy applications to review the process of access clean up was streamlined to consume just a fraction of the time compared to previous practices.

Before Securonix, the customer made use of Symantec Discover product to identify existing classified and sensitive files within its infrastructure. Unfortunately they didn’t have a method to identify user access to these critical files. Securonix solved this problem by correlating sensitive files to user access and activity while identifying high-risk usage activity through behavior and outlier analysis techniques.

Through it continuous risk profiling feature Securonix maintains an automated data driven risk score for every user, application, system, and organizational unit. These risk scores calculated based on the presence of rogue access privileges, anomalies in users’ or system behavioral patterns and violations of the company’s well defined security policies.