Use Cases Solved by Identity Analytics and Intelligence
Detecting Excessive Permissions
Default user profiles can be dangerous. For example, assigning all managers the same access permissions – without concern for what is required for their specific position – can quickly cause a crisis if that manager is careless with his password.
By using Securonix Next-Gen SIEM to monitor usage and correlate it with user task profiles from your IAM solution, the identity analytics and intelligence generated can determine the appropriate level of permission required for a user’s tasks, so excessive permissions can be removed. This eliminates the possibility that accounts with excessive privileges will be abused.
Enabling Risk-Based Access Clean-Up and Certification
The amount of data that a reviewer might deal with as part of an access certification review can be massive. Often, due to changing work responsibilities, user access rights may have changed, but the context of the change was not reported. Overwhelmed, reviewers can fall back on rubber-stamping permissions instead of thoughtfully considering each one.
Securonix Next-Gen SIEM uses sophisticated peer group analysis techniques, behavioral analytics, and access and usage monitoring to prioritize high-risk entitlements. This reduces the amount of data that needs to be handled during an access review, which reduces the likelihood that reviewers will just rubber-stamp privileges.
Risk-based clean-ups lead to an approximate revocation rate of 75%, reducing your risk without affecting business operations. With identity analytics and intelligence, the security team can now perform more frequent and effective reviews.
Monitoring Privileged and Service Account Usage
Most systems have privileged accounts that are used by operating system processes or administrative users. These accounts are prime targets for attackers due to the high level of access that they provide.
By monitoring these accounts using identity analytics and intelligence, unusual behavior such as privilege escalations, data exfiltration, credential sharing, and account compromise can be detected, and swift action can be taken.
Detecting Separation of Duties Usage Anomalies
Credential compromise as well as access privilege escalation can be detected by monitoring identity usage and correlating that usage with security context using Securonix Next-Gen SIEM. Behavioral analytics provides context for access requests, which enables IAM solutions to accurately determine access requirements and detect illegal credential usage and credential compromise. It also enables them to predict and block attacks.
Anomalies, such as users who are accessing resources that are not relevant to their job role, are also a key indicator of account compromise and can be detected swiftly using identity analytics and intelligence.
Discovering Rogue or Orphan Accounts
Rogue accounts are accounts with high-level privileges that are created by internal agents, while orphaned accounts are accounts that have lingered in the system after the users linked to them have left. These accounts are ripe for compromise.
Using identity analytics and intelligence to identify actions that cannot be traced back to specific accounts or entitlements enables the revocation of these accounts, increasing security while lowering licensing expenses.
Monitoring Usage of Dormant and Terminated Accounts
Dormant and terminated accounts need to be purged on a regular basis, but occasionally accounts are overlooked due to analyst oversight or request backlogs. Such accounts could be misused to gain system access.
Identity analytics and intelligence can be used to detect unusual activities and remediate the privileges for dormant and terminated accounts. This reduces the possibility of credential misuse and improves the risk posture of the organization by removing high-risk credentials.