Incident Response

Incident Response (?)

Activity monitoring is a key component of any security infrastructure. Compliance initiatives are generally focused on the ‘who has access to what’ question, by analyzing the relationships between users, accounts and the associated entitlements. Provisioning, RBAC and access review techniques are powerful tools in helping to implement the principle of least privilege access control, but often don’t take into account, the actual transactions a user is performing on the underlying systems.

By analyzing the underlying system transaction and event logs – either directly or indirectly via a SIEM solution – the Securonix solution can help create key activity metrics that allow access clean-up, risk based access approval and suspicious usage management.

Is this the correct content?  Taken from:

Privileged Account Monitoring

Privileged accounts are a key target for both external piggy-back attacks and general insider misuse, through sharing and non-accountability.


SIEM solutions are often a key foundation in activity and event monitoring, by providing centralised collection and analysis functionality. Many SIEM solutions use either an agent or agent-less approach for data extraction allowing key tracking of any infrastructure device such as firewalls, directories, IDS/IPS systems, network components and databases.

Application Log Monitoring

Managing, securing and analysing complex, distributed web based applications is difficult and often time consuming, An application infrastructure can contain many disparate tiers, often obfuscated under layers of middle-ware and ‘glue’. Identifying the true user of a particular transaction is difficult and being able to add a business context to a particular application transaction is sometimes overlooked.