Identity Analytics and Intelligence

Adopting a Risk-Based Approach to Identity and Access Management and Governance

Identities are traditionally managed using dedicated identity and access management (IAM) and identity governance and administration (IGA) solutions. This made sense when enterprise applications were in on-premises data centers. However, enterprise application data today rests in on-premises and cloud datastores. With multiple access privileges to manage for each user across a multitude of applications, organizations struggle to keep their access-related risk in check.

According to the 2019 Verizon Data Breach Investigations Report, 29% of breaches involved the use of stolen credentials. However, according to the Cisco 2019 CISO Benchmark Study, only 19% of CISOs report encountering a security incident involving stolen credentials.

Keeping track of access permissions and activities conducted within applications and establishing a security context based on that information is a big problem for IT security. Realizing that IAM and IGA tools do not have the native capabilities to tackle the challenge, organizations are turning to data-driven solutions that use advanced analytics to identify and monitor access risk while transforming compliance-driven processes with risk intelligence.

Identity Analytics and Intelligence: Data-Driven Risk-Based Access Management

Identity analytics and intelligence is a better, smarter solution to dynamically manage access decisions as well as intelligently identify and manage user risk profiles based on application usage. This reduces the manual effort required and increases the pace and accuracy of security operations.

To address this challenge, Securonix Next-Gen SIEM applies advanced behavior analytics to identity usage and access patterns in data collected from your IAM solution. This enables the creation of risk profiles for user behaviors, which can be used by the IAM solution to make dynamic, informed access decisions. The integrated SIEM and IAM solution delivers advanced identity analytics and intelligence capabilities, enabling several use cases that are otherwise difficult for IT security teams to manage.

Identity analytics and intelligence is a better, smarter solution to dynamically manage access decisions as well as intelligently identify and manage user risk profiles based on application usage. It reduces the manual effort required and increases the pace and accuracy of security operations.

Benefits of the Integration of Securonix and IAM

Better Access Control and Efficiency

Securonix Next-Gen SIEM integrates with every major IAM and IGA solution to deliver a continuous stream of identity analytics and intelligence allowing for:

→  Improved access management compliance through user- and resource-centric views of access risk

→  Automated access cleanup and risk-based certification

→  Streamlined, risk-based access request processes

Use Cases Solved by Identity Analytics and Intelligence

Detecting Excessive Permissions

Default user profiles can be dangerous. For example, assigning all managers the same access permissions – without concern for what is required for their specific position – can quickly cause a crisis if that manager is careless with his password.

By using Securonix Next-Gen SIEM to monitor usage and correlate it with user task profiles from your IAM solution, the identity analytics and intelligence generated can determine the appropriate level of permission required for a user’s tasks, so excessive permissions can be removed. This eliminates the possibility that accounts with excessive privileges will be abused.

Enabling Risk-Based Access Clean-Up and Certification

The amount of data that a reviewer might deal with as part of an access certification review can be massive. Often, due to changing work responsibilities, user access rights may have changed, but the context of the change was not reported. Overwhelmed, reviewers can fall back on rubber-stamping permissions instead of thoughtfully considering each one.

Securonix Next-Gen SIEM uses sophisticated peer group analysis techniques, behavioral analytics, and access and usage monitoring to prioritize high-risk entitlements. This reduces the amount of data that needs to be handled during an access review, which reduces the likelihood that reviewers will just rubber-stamp privileges.

Risk-based clean-ups lead to an approximate revocation rate of 75%, reducing your risk without affecting business operations. With identity analytics and intelligence, the security team can now perform more frequent and effective reviews.

Monitoring Privileged and Service Account Usage

Most systems have privileged accounts that are used by operating system processes or administrative users. These accounts are prime targets for attackers due to the high level of access that they provide.

By monitoring these accounts using identity analytics and intelligence, unusual behavior such as privilege escalations, data exfiltration, credential sharing, and account compromise can be detected, and swift action can be taken.

Detecting Separation of Duties Usage Anomalies

Credential compromise as well as access privilege escalation can be detected by monitoring identity usage and correlating that usage with security context using Securonix Next-Gen SIEM. Behavioral analytics provides context for access requests, which enables IAM solutions to accurately determine access requirements and detect illegal credential usage and credential compromise. It also enables them to predict and block attacks.

Anomalies, such as users who are accessing resources that are not relevant to their job role, are also a key indicator of account compromise and can be detected swiftly using identity analytics and intelligence.

Discovering Rogue or Orphan Accounts

Rogue accounts are accounts with high-level privileges that are created by internal agents, while orphaned accounts are accounts that have lingered in the system after the users linked to them have left. These accounts are ripe for compromise.

Using identity analytics and intelligence to identify actions that cannot be traced back to specific accounts or entitlements enables the revocation of these accounts, increasing security while lowering licensing expenses.

Monitoring Usage of Dormant and Terminated Accounts

Dormant and terminated accounts need to be purged on a regular basis, but occasionally accounts are overlooked due to analyst oversight or request backlogs. Such accounts could be misused to gain system access.

Identity analytics and intelligence can be used to detect unusual activities and remediate the privileges for dormant and terminated accounts. This reduces the possibility of credential misuse and improves the risk posture of the organization by removing high-risk credentials.

Securonix Fusion Partner Program

Securonix Fusion Partners are committed to providing you with robust integrated solutions.