Sample Use Case: Identity and Access Analytics
A key use case for Securonix with SAP is the identification of identity misuse. Securonix utilizes SAP access and user activity data to identify activity from orphaned or dormant accounts, abandoned accounts with no password changes and users with system level access who perform activities that are not consistent with their past or peer group behavior. Securonix uses these and other indicators for identifying identity issues and privilege misuse, among other threats.
Some other key use cases include:
- Suspicious SAP role and account modifications.
- Unusual or rare t-code usage.
- Authentication attempts from rare geolocations.
- Critical/secure t-code execution.
- Suspicious activity for system/high privilege accounts.
- Suspicious application interactions.
- Device issues leading to privilege anomalies.
- Unauthorized or excessive access privileges.
- Segregation of duties (SoD) violations and misuse.