Leverage User Behavior Analytics to Minimize Your Risk Exposure
Today’s threatscape requires security controls to be adaptive to the risk-context, using machine learning to carefully analyze a privileged user’s behavior. Adaptive control means not only being notified of risky activity in real time, but also being able to actively respond to incidents by cutting off sessions, adding additional monitoring, or flagging for forensic follow up. Leveraging Centrify Privilege Threat Analytics Service can make the difference between falling victim to a breach or stopping it in its tracks.
Gain Insights and Stop Breaches in Near Real-Time
Immediate Visibility with Flexible, Holistic View of Access Activity Across the Ecosystem
Leverage a series of dashboards and interactive widgets to better understand IT risk and access patterns across your infrastructure. By tailoring security policy to each user’s behavior and automatically flagging risky behavior, gain immediate visibility into account risk, eliminating the overhead of sifting through millions of log files and massive amounts of historical data.
Rich Tools for Deeper Analysis
Better comprehend access and events by drilling into details around events, across systems, location, time, privileged commands and more. IT users can drill into individual events to understand the risk nature of any specific event. Risk is computed in real time for every event and expressed as high, medium or low for any anomalous activity.
Streamlined Threat Monitoring and Investigation
Gain streamlined insight into anomalous activity with a detailed timeline view. Identify the specific factors contributing to an anomaly for a comprehensive understanding of a potential threat, all from a single console. Security teams can view system access, anomaly detection in high resolutions with analytics tools such as dashboards, explorer views, and investigation tools.
Easy Integration with SIEM Tools
Privileged access data is captured and stored to enable robust querying by log management tools and integration with external reporting tools. Streamlined integration with SIEM and alerting tools such as Micro Focus® ArcSight™, IBM® QRadar™ and Splunk® identify risks or suspicious activity quickly.
Easy Alert Notification by Integration with Webhook-Enabled Endpoints
Leverage Slack or existing on-board incident response systems such as PagerDuty to enable real-time alert delivery, eliminating the need for multiple alert touch points and improving time to response. When an alert event occurs, Centrify Privilege Threat Analytics Service allows the user to easily fire off alerts into third-party applications via Webhook. This capability enables the user to respond to a threat alert and contain the impact.
View Suspicious Activity
Gain specific and detailed information about suspicious privileged activity. IT admins can take immediate remediation actions to protect against potential risk or a threat in progress directly from the alert screen and manually or automatically terminate a session based on risk.
Provide Context-Aware Access Decisions in Real-Time
Events analyzed from the Centrify Privilege Threat Analytics Service are used to profile the normal behavior pattern for a user on any login or privileged activity including commands, so anomalies can be identified in real-time to enable risk-based access control. High-risk events are immediately flagged, alerted, notified and elevated to IT’s attention, speeding analysis and greatly minimizing the effort required to assess risk across today’s hybrid IT environments.
Centrify Privilege Threat Analytics
Centrify Privilege Analytics Service
Watch this video to learn how Centrify Privilege Threat Analytics leverages a user behavioral profile along with real-time context to determine risk, and how that risk score can be used in access control decisions, including MFA for identity assurance.