In order to access the organizational resources and sensitive information, the attackers’ primary target is to obtain the privileged user credentials. Privileged user accounts are the accounts of users with managerial rights or root privileges and the accounts with upgraded privileges. Efficient privileged user monitoring plays an important role for the organizations in protecting their critical assets. In addition, it assists in meeting the compliance requirements, and decreasing the number of both insider and external threats.
By means of correlation processes and Behavior Analysis, the user can be tagged as Attacker, Victim, and Suspicious.
Total number of incidents formed on privileged user accounts within time are shown on dashboards. This report indicates the normal privileged account usage method and defines the extraordinary or unexpected activities.
How many times the privileged accounts used on the dashboard within a certain period were used to log in is seen.
Momentary images of users are provided on the dashboard. On this dashboard, there are credential data panels that include the account names, account categories, departments, and other relevant information.
In order to obtain more information on the activities of privileged users, correlation definitions can be formed with the aim of detecting the critical actions. For instance; if a user tries to verify the credentials on an application from more than one host computers at the same time, a correlation search reporting the access can be created.
You can monitor a privileged user uploading a large file on a domain with “x.xxx”. Correlation searches can be created by using the access and credential information.
The results are shared with relevant IT managers, and e-mail & SMS alert mechanisms are formed.