Products

User Behavior Analytics (UBA)

LEVERAGE USER BEHAVIOR ANALYTICS TO MINIMIZE YOUR RISK EXPOSURE

Today’s threatscape requires security controls to be adaptive to the risk-context, using machine learning to carefully analyze a privileged user’s behavior. Adaptive control means not only being notified of risky activity in real time, but also being able to actively respond to incidents by cutting off sessions, adding additional monitoring, or flagging for forensic follow up. Leveraging Centrify Privilege Threat Analytics Service can make the difference between falling victim to a breach or stopping it in its tracks.

Gain Insights and Stop Breaches in Near Real-Time

  • Gain insight into privileged user access activity with information related to unusual recent privilege change, command runs, target accessed and privilege elevation.
  • Understand the risk nature of any specific event computed in real time for every event and expressed as high, medium or low for any anomalous activity.
  • Quickly identify security factors that triggered an anomaly alert.
  • Play and easily re-play video sessions within the dashboard to minimize the overhead of switching views.
  • Customizable alerts for context-relevant visibility and session recording anomaly notifications to facilitate quick investigative action.
identity-intell-holistic-view

Immediate Visibility with Flexible, Holistic View of Access Activity Across the Ecosystem

Leverage a series of dashboards and interactive widgets to better understand IT risk and access patterns across your infrastructure. By tailoring security policy to each user’s behavior and automatically flagging risky behavior, gain immediate visibility into account risk, eliminating the overhead of sifting through millions of log files and massive amounts of historical data.

investigative-analysis-identify-request-events

Rich Tools for Deeper Analysis

Better comprehend access and events by drilling into details around events, across systems, location, time, privileged commands and more. IT users can drill into individual events to understand the risk nature of any specific event. Risk is computed in real time for every event and expressed as high, medium or low for any anomalous activity.

investigative-analysis-id-anomalies

Streamlined Threat Monitoring and Investigation

Gain streamlined insight into anomalous activity with a detailed timeline view. Identify the specific factors contributing to an anomaly for a comprehensive understanding of a potential threat, all from a single console. Security teams can view system access, anomaly detection in high resolutions with analytics tools such as dashboards, explorer views, and investigation tools.

Streamlined Integration with SIEM, Alerting and Reporting Tools

Easy Integration with SIEM Tools

Privileged access data is captured and stored to enable robust querying by log management tools and integration with external reporting tools. Streamlined integration with SIEM and alerting tools such as Micro Focus® ArcSight™, IBM® QRadar™ and Splunk® identify risks or suspicious activity quickly.

webhook-setup

Easy Alert Notification by Integration with Webhook-Enabled Endpoints

Leverage Slack or existing on-board incident response systems such as PagerDuty to enable real-time alert delivery, eliminating the need for multiple alert touch points and improving time to response. When an alert event occurs, Centrify Privilege Threat Analytics Service allows the user to easily fire off alerts into third-party applications via Webhook. This capability enables the user to respond to a threat alert and contain the impact.

threat monitoring

View Suspicious Activity

Gain specific and detailed information about suspicious privileged activity. IT admins can take immediate remediation actions to protect against potential risk or a threat in progress directly from the alert screen and manually or automatically terminate a session based on risk.

behavior-based-access-control-priv

Provide Context-Aware Access Decisions in Real-Time

Events analyzed from the Centrify Privilege Threat Analytics Service are used to profile the normal behavior pattern for a user on any login or privileged activity including commands, so anomalies can be identified in real-time to enable risk-based access control. High-risk events are immediately flagged, alerted, notified and elevated to IT’s attention, speeding analysis and greatly minimizing the effort required to assess risk across today’s hybrid IT environments.

Centrify Privilege Threat Analytics

Centrify Privilege Analytics Service

Watch this video to learn how Centrify Privilege Threat Analytics allow IT and security practitioners to not only be notified of risky activity in real time, but also being able to actively respond to incidents by cutting off sessions, adding additional monitoring, or flagging for forensic follow up.

READ THE Centrify Privilege Threat Analytics Service DATA SHEET

DOWNLOAD THE DATA SHEET

Ready to Protect Against the #1 Attack Vector?

Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.

Free Trial