- Big Data engine geared towards understanding Identity related information as it occurs in real-time
- Detect Anomalous behavior and enforce policies
- Self learning methods to increase scope and view of identity related activities to establish meaningful, contextual and action-able Identity data\ Multiple integration hooks that enable cross reference policies to evaluate network, server, database, application and service level activity across the enterprise
Identity Genius Overview (IdG)
Security, Identity and Privileged User Analytics starts by collecting Identity data from HR repositories, (PeopleSoft, Workday, Active Directory, etc), LDAP repositories and Contractor/1099 Worker Databases (any RDBMS). IdG will establish an identity profile for all users with access to sensitive company resources.
The next step is to start understanding the sensitivity of data and information. By taking feeds from:
- RDBMS Logs
- Application Logs
- Server Logs
We can then establish a baseline of who has access to what sensitive information. The next step is to build a baseline of “normal” user activity based on time, geography, transactions, and session information. That baseline is continuously gauged against a peer group of users to further identify the “normal” baseline for a user given their respective responsibilities through credential modeling. Anomalix essentially builds a dynamic baseline of user behavior through profiles of when, where and how users employ credentials to access sensitive company resources. Once IdG detects anomalous behavior, it will reference Risk-Based Policies to determine if real-time action is warranted. An example might be that most DBAs run queries against production databases after midnight on weekends for routine maintenance. Since this is the norm for that peer group, the activity is logged and associated with a lower risk level.
Security Genius Overview (SecG)
Security Genius builds upon Identity Genius and enables further visibility across the enterprise to include:
- HTTP Transactions
- Virtual Machines
- SIEM (ArcSight, Log Rhythm, QRadar)
- Malware (FireEye, Palo Alto, Wildfire)
- External Threats (FS-ISAC, Google CIF)
- Cloud (AWS CloudTrail, Mobile Device Logs, Box)
- EnPoints (App Logs, Security Logs, DB Logs, Server Logs)
Security Genius enables true Dynamic & Polymorphic Threat Detection by continuing to build upon User Behavior Analytics profile through a multidimensional lens.
Security Genius provides continuous Machine Learning, Graph Analysis and Behavior Analytics. Since Anomalix don’t always pose risk, Advanced Threat Monitoring is improved exponentially with actionable line of sight through the kill chain.
FAST, SCALABLE DATA COLLECTION – Anomalix enables vast data collection through a heterogeneous engine that will span the breadth and depth of required identity and security related information and data
USER BEHAVIOR ANALYTICS – Dynamic user profile and peer group enhancements that provide real-time and historical user behavior context to empower business decisions
REAL-TIME RISK BASED POLICY ENFORCEMENT – Detect real threats in real-time and take action. By filtering through the 99% of false positive events and alerts, Anomalix provides the ability to identify suspicious and anomalous threats, internally and externally, and react based on risk to organizational resources
IDENTITY AND SECURITY DASHBOARD – Anomalix provides an intuitive User Interface that maximizes the user experience. The Genius Dashboard (charts, graphs and organized data points) quickly identifies Identity and Security related Anomalies with respect to Authentication, Authorization, Geo-location, Vulnerability, Access Requests, Policy Violations and Enforcements, Peer Group Behavior and Security Investigation
ADVANCED THREAT MONITORING – Anomalix improves threat detection cycles by over 1000% when compared to SIEM capabilities alone. Most SIEM tools do not enable real time capabilities with organizational, risk based policy enforcement to predict user behavior and plan for an automated response or manual response.
DYNAMIC ANALYTICAL MODELS – Anomalix provides dynamic analytical models that can be adjusted and refined by clients to enable the following:
- Visibility into Operational Risk Models
- Reduce Operational Risk
- Reduce Operational Costs
- Improve Security and Audit Readiness
- Improve operational efficiency
- Fraud Prevention
- Identity Validation
- User Access Propensity Tracking
- Risk Mitigation