Securonix for PTC Windchill

Monitor Intellectual Property Theft and Misuse

Windchill is a product lifecycle management platform used by manufacturing and engineering companies to store and share information about assemblies, parts, and designs. It contains sensitive intellectual property, and needs to be protected. However, it is also used for collaboration, so it must be accessible to many stakeholders including engineers, supply chain managers, suppliers, accountants, contractors, and more.

Windchill offers role-based access capabilities and auditing, but lacks threat detection capabilities to catch intellectual property compromise.

Securonix monitors Windchill activity events using advanced machine learning and behavior-based techniques to detect theft, fraud, or misuse of intellectual property.

windchill_4A_2

Streamlined Integration

Direct API integration allows you to collect relevant events.

Context Enrichment

Events are enriched with additional context.

Threat Modeling

Detect suspicious behavior patterns which indicate an advanced threat.

Securonix Integration and Use Cases

Securonix has direct API integration with Windchill. The primary information that is collected and monitored includes access to objects such as assembly, parts, or drawings, and changes to security labels or classifications.

Key use cases include:

  • Data exfiltration including data export and data downloads
  • Suspicious object sharing, for example, sharing data with a high risk security label
  • Suspicious changes to security labels
  • Suspicious copy, delete, and rename events
  • Excessive and outlier permissions compared to peers
aws_commonUseCase
windchill_4C

Context Enrichment

Securonix enriches events from Windchill with identity context obtained from HR systems, Active Directory, or IAM applications. This additional context is used to monitor for specific threat patterns such as:

  • An offsite contractor downloading large amounts of data [user type context]
  • A user who is in marketing, but who is accessing confidential design documents not accessed by their peers [user department context]
  • Someone traveling to a foreign country and suddenly logging in at odd hours and exfiltrating data [user location context]
  • User about to leave the company exfiltrating large amount of data [user termination date]

Threat Modeling by Correlating Violations with Other Systems

These days you likely have a wide variety of users who need to be able to access data from anywhere on any device. Detecting an anomalous access can be an indication of compromise, but more often it is a false alarm.

Securonix combines multiple indicators across different data sources using threat chains to build a full picture of the user access pattern and reduce the likelihood of false positives.

Here’s an example threat chain built by Securonix:

  • First, proxy data shows that a user is searching for jobs. This means that they could be thinking of leaving the company, so they might be a flight risk. Alone, this is not unusual. People leave companies for many reasons.
  • However, afterward Windchill data indicates that this user – who has been labeled a flight risk – accessed Windchill and started snooping for confidential data.
  • Lastly, email gateway data shows that this user sent emails to their personal email (or other outside email) account.

Individual Violations

windchill_4D1_indiv

Threat Chain

windchill_4D2_threat

Securonix Fusion Partner Program

Securonix Fusion Partners are committed to providing you with robust integrated solutions.