Privileged Account Analytics

Part of your Privileged Access Management solution

Privileged Account Analytics (PAA) integrates data from our Privileged Session Management (PSM) technology, as well as a variety of logs and contextual data points. Our 13 algorithms scrutinize 17 behavioral characteristics, generating user behavior profiles for each individual privileged user that are continually adjusted using machine learning.

Real-Time Threat Detection

Track and visualize user activity in your IT environment in real-time, without pre-defined correlation rules.

Distinguish friend from foe

Use keystroke and mouse data to detect threats and provide continuous authentication for legitimate users.

Reduce Alert Noise

Prioritize events based on user risk and deviation levels. Only investigate the most serious occurrences.

Notify or Suspend

Close down sessions that indicate a malicious presence and notify legitimate users of a potential breach.


How to use PAA effectively
within an
overall PAM

Mitigate against privileged account risks
Get in touch

Automated Response

High-impact events are often preceded by a reconnaissance phase. So detection and response are critical to preventing damaging activity. Seamless integration with PSM enables automated session termination whenever a highly suspicious event occurs, or malicious behavior is detected. Types of automated response include:

  • Immediate notification

    To either your security analyst or the account holder

  • Session termination

    Stop a privileged user session before it threatens your network

  • Account suspension

    Remove a potentially malicious account from your IT environment

Real-Time Insight

Using real-time data derived from machine learning algorithms, PAA establishes a profile for every user who can access your network and continuously compares actual activity to baseline activity. By detecting unusual activity in real-time, PAA enables analysts to react immediately.

  • Real-time analysis

    No session closure necessary

  • Constant updates

    Results refreshed every few seconds

  • Fast detection

    Anomalies uncovered within 30 seconds

  • Customize baseline behavior

    Adjust the frequency of baseline behavior updates

Behavioral Biometrics

Each user has its own idiosyncratic pattern of behavior, even when performing identical actions like typing or moving a mouse. PAA algorithms inspect these characteristics, when they are captured by PSM, using them to identify breaches and serve as continuous, biometric authentication. Inspected traits include:

  • Keystroke dynamics

    Including dwell time, flight time, function key usage and key press time

  • Mouse movement

    Including the changing position of the mouse, speed, idle time between movement and click, and the time between clicks or double clicks

Risk Scoring

PAA categorizes all privileged account activity and events based on risk and deviation levels, enabling security analysts to focus on the most important.
It highlights events where the levels are high, and gives analysts the tools to investigate. It looks at 17 characteristics, including:

  • Time of login and host

  • Type and length of activity

  • IP address and port

  • Protocol

Screen Content Analysis

The Optical Character Recognition engine of PSM can read and understand the screen content of privileged users (including window titles, used applications or issued commands) to enrich behavior profiles. This analysis facilitates the detection of ID thefts.

  • Forbidden or malicious commands

  • All issued commands to build a baseline

  • Window titles / used applications

Privileged Access Management goes beyond password-based authentication to protect your business against privileged access misuse. The PAA component uses data from PSM, helping you to monitor privileged access user behavior against pre-defined, constantly updated profiles. In doing so, you can stop hacks before they happen.

Recent Resources

The top IT Security trends to watch out for in 2018

With 2017 now done and dusted, it’s time to think ...

The key takeaways from 2017’s biggest breaches

Like many years before it, 2017 has seen a large ...

Why is IT Security winning battles, but losing the war…?

When a child goes near something hot, a parent will ...

“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”

– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser