Securonix Apps

Threat and Risk Monitoring of Key Enterprise Applications

CHALLENGE: No Threat Visibility

Application Risk Intelligence plays a key role in any organization’s overall security and risk posture. Enterprise applications are the primary source of an organization’s critical assets and processes. As such they are the primary targets for insider and external threats and attacks. Most organizations have limited to no threat monitoring of these applications and are rely primarily on access controls and network security solutions that do little or nothing against an insider threat or an external targeted attack. Operating under a false sense of security, organizations need a real-time, continuous monitoring control to provide them with visibility into application-targeted threats before it is too late.

SOLUTION: Application Threat & Risk Monitoring

Securonix addresses this need by monitoring critical applications and systems at the transaction, data set, and sensitive user record level. Securonix continuously builds a risk profile for all applications and systems while identifying all high-risk users, access, and activities associated with sensitive data and transactions. All results are scored and presented in application risk scorecards.

Benefits: Real Time Visibility with Actionable Intelligence

The Securonix solution for enterprise applications provides:

→  Continuous control and compliance monitoring

→  Automated rapid detection of high risk activity through behavior analysis

→  Detection and monitoring of high risk access and activity

→  Continuous detection and monitoring of critical information for DLP

→  Enriches data with identity, behavior and business context for security and compliance management

→  Pro-active detection and management of fraud, misuse, snooping and other illicit activity

Solution Tour

  • User Risk &Threat Monitoring

  • High Privileged Account (HPA) Monitoring

  • Application & Data Risk Monitoring

  • Advanced Enterprise Fraud Detection

Securonix continuously builds a comprehensive risk profile of a user based on identity/employment, security violations, IT activity and access, physical access, and even phone records. All identity, activity, and access characteristics are compared to their baseline, their peers, and known threat indicators to identify true areas of risk. All results are scored and presented in interactive scorecards.

HPAs are a primary source of insider misuse and a platform for their attacks. Securonix automatically identifies HPAs such as administrator, service, and shared accounts then monitors them for abnormal behavior associated with an attack while linking the high-risk behavior back to a real user and their risk profile to give the potential threat full context.

Insiders attack sensitive data, transactions, or the systems that host them. Securonix addresses this threat by monitoring critical applications and systems at the transaction, data set, and sensitive user record level. Similar to a user, Securonix continuously builds a risk profile for all applications and systems identifying all high-risk users, access, and activity associated with their sensitive data and transactions. All results are scored and presented in application risk scorecards.

Insider fraud is typically conducted over a long period of time or through complex activity designed to get around the known threat or “signature-based” detection methods. Securonix addresses this blind spot with advanced “signature-less” behavior and peer based outlier analysis techniques that are highly effective at identifying “slow and low” and complex fraud attacks.

Packaged Applications

Out-of-the-box content in the form of packaged applications specifically designed for insider threat, cyber threat, fraud, and cloud security analytics is delivered in the form of threat models and built-in connectors that enable rapid deployment and quick time to value. Key packaged applications include: data security analytics, privileged account analytics, cyber threat analytics, application security analytics, cloud security analytics, fraud analytics and patient data analytics.

Data Security Analytics

Ingests data from sources such as email, DLP, proxy and printers to baseline normal behavior patterns and detect sudden spikes in data egress attempts coming from inside or outside the organization and potential compromises to critical data. The application also applies predictive behavior analytics that identify, profile and monitor users whose behaviors indicate an elevated risk of data theft; for example, an employee with plans to leave the company.

Privileged Account Analytics

Identifies and monitors privileged user and service accounts and detects misuse of credentials, account compromise and/or credential sharing. Securonix ingests data from sources such as Active Directory, UNIX, databases, and PIM/PAM solutions to baseline privileged account behavior and look for anomalous events such as rare transactions on sensitive data, login anomalies, and more.

Cyber Threat Analytics

Monitors security logs and network flows to detect malware infections (e.g. zero day attacks and ransomware,) system compromise, lateral movement and other advanced threats. Securonix ingests data from sources such as firewalls, proxy, VPN, IDS, DNS, endpoints and Netflow to baseline normal behavior and detect malicious patterns such as beaconing, digitally generated algorithyms, robotic behavior, random-generated domains, rare executables and programs, lateral connections and unusual web activity.

Identity and Access Analytics

Analyzes access privileges of users to identify rogue access and support risk-based access management and review. Securonix ingests entitlement data from authentication sources such as Active Directory, enterprise applications (e.g. SAP,) and IAM solutions and analyzes it using peer comparisons, fuzzy logic and SOD libraries to detect high-risk access. The solution also integrates with authentication systems (e.g. IAM) tools to decommission or block access, or step up authentication requirements based on the risk of the user.

Application Security Analytics

Monitors transaction and security logs for enterprise applications to detect and prevent attempts of data snooping, privilege misuse and sabotage. Securonix ingests transaction logs, security logs and entitlements from enterprise applications (e.g. SAP, EPIC and custom apps) to baseline normal activity patterns and identify anomalous behavior.

Cloud Security Analytics

Monitors cloud infrastructure platforms and applications for data exfiltration attempts, privilege misuse and access anomalies. Securonix also has the ability to perform data discovery and classification in cloud applications and manage dynamic permissions to critical infrastructure. Securonix supports integration with several cloud services including O365, Google Apps, Box, Salesforce, Workday, Hightail, Netskope, Okta, Ping, AWS, Azure and many more.

Fraud Security Analytics

Monitors transaction data over a period of time, profiling normal entity-data-time relationships to detect fraudulent behavior patterns. Baselines of normal transaction behavior are based on actor, target, location, time, frequency and sequence to detect rogue events such as spikes in transactions, misuse of discount or promotional codes, suspicious refunds, fraudulent prescriptions, rogue orders or suspicious shipping request. The application provides packaged use cases for many types of fraud including healthcare, ATM, online banking, retail, customer and customer service reps, among others.

Patient Data Analytics

Monitors the activity of users accessing patient records in clinical applications and detects attempts at data snooping and data exfiltration. Securonix has specific algorithms to detect different types of snooping events including family snooping, co-worker snooping, VIP snooping, self-examination, age-based anomalies and location-based anomalies. Plus, out-of-the-box integration and use cases for clinical applications such as EPIC, Cerner, Medicity and Allscripts and many others. Securonix also provides use cases, built-in reports and dashboarding capabilities for compliance requirements such as HIPAA and HITECH.