Part of your Privileged Access Management solution
Privileged Account Analytics (PAA) integrates data from our Privileged Session Management (PSM) technology, as well as a variety of logs and contextual data points. Our 13 algorithms scrutinize 17 behavioral characteristics, generating user behavior profiles for each individual privileged user that are continually adjusted using machine learning.
Track and visualize user activity in your IT environment in real-time, without pre-defined correlation rules.
Use keystroke and mouse data to detect threats and provide continuous authentication for legitimate users.
Prioritize events based on user risk and deviation levels. Only investigate the most serious occurrences.
Close down sessions that indicate a malicious presence and notify legitimate users of a potential breach.
High-impact events are often preceded by a reconnaissance phase. So detection and response are critical to preventing damaging activity. Seamless integration with PSM enables automated session termination whenever a highly suspicious event occurs, or malicious behavior is detected. Types of automated response include:
To either your security analyst or the account holder
Stop a privileged user session before it threatens your network
Remove a potentially malicious account from your IT environment
Using real-time data derived from machine learning algorithms, PAA establishes a profile for every user who can access your network and continuously compares actual activity to baseline activity. By detecting unusual activity in real-time, PAA enables analysts to react immediately.
No session closure necessary
Results refreshed every few seconds
Anomalies uncovered within 30 seconds
Adjust the frequency of baseline behavior updates
Each user has its own idiosyncratic pattern of behavior, even when performing identical actions like typing or moving a mouse. PAA algorithms inspect these characteristics, when they are captured by PSM, using them to identify breaches and serve as continuous, biometric authentication. Inspected traits include:
Including dwell time, flight time, function key usage and key press time
Including the changing position of the mouse, speed, idle time between movement and click, and the time between clicks or double clicks
PAA categorizes all privileged account activity and events based on risk and deviation levels, enabling security analysts to focus on the most important.
It highlights events where the levels are high, and gives analysts the tools to investigate. It looks at 17 characteristics, including:
The Optical Character Recognition engine of PSM can read and understand the screen content of privileged users (including window titles, used applications or issued commands) to enrich behavior profiles. This analysis facilitates the detection of ID thefts.
Privileged Access Management goes beyond password-based authentication to protect your business against privileged access misuse. The PAA component uses data from PSM, helping you to monitor privileged access user behavior against pre-defined, constantly updated profiles. In doing so, you can stop hacks before they happen.
With 2017 now done and dusted, it’s time to think ...
Like many years before it, 2017 has seen a large ...
When a child goes near something hot, a parent will ...
“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”
– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser