ID Genius


Identity Analytics:

  • Big Data engine geared towards understanding Identity related information as it occurs in real-time
  • Detect Anomalous behavior and enforce policies
  • Self learning methods to increase scope and view of identity related activities to establish meaningful, contextual and action-able Identity data\ Multiple integration hooks that enable cross reference policies to evaluate network, server, database, application and service level activity across the enterprise

Identity Genius Overview (IdG)

Security, Identity and Privileged User Analytics starts by collecting Identity data from HR repositories, (PeopleSoft, Workday, Active Directory, etc), LDAP repositories and Contractor/1099 Worker Databases (any RDBMS). IdG will establish an identity profile for all users with access to sensitive company resources.

The next step is to start understanding the sensitivity of data and information. By taking feeds from:

  • SSO
  • IAM
  • VPN
  • RDBMS Logs
  • Application Logs
  • Server Logs
  • GRC
  • DLP
  • SIEM
  • PAM


We can then establish a baseline of who has access to what sensitive information. The next step is to build a baseline of “normal” user activity based on time, geography, transactions, and session information. That baseline is continuously gauged against a peer group of users to further identify the “normal” baseline for a user given their respective responsibilities through credential modeling. Anomalix essentially builds a dynamic baseline of user behavior through profiles of when, where and how users employ credentials to access sensitive company resources. Once IdG detects anomalous behavior, it will reference Risk-Based Policies to determine if real-time action is warranted. An example might be that most DBAs run queries against production databases after midnight on weekends for routine maintenance. Since this is the norm for that peer group, the activity is logged and associated with a lower risk level.


Security Genius Overview (SecG)

Security Genius builds upon Identity Genius and enables further visibility across the enterprise to include:

  • HTTP Transactions
  • Firewalls
  • Gateways
  • Proxy
  • DLP
  • Virtual Machines
  • SIEM (ArcSight, Log Rhythm, QRadar)
  • Malware (FireEye, Palo Alto, Wildfire)
  • External Threats (FS-ISAC, Google CIF)
  • Cloud (AWS CloudTrail, Mobile Device Logs, Box)
  • EnPoints (App Logs, Security Logs, DB Logs, Server Logs)
  • Custom APIs (Java, JavaScript, REST, SysLog)

Security Genius enables true Dynamic & Polymorphic Threat Detection by continuing to build upon User Behavior Analytics profile through a multidimensional lens.

Security Genius provides continuous Machine Learning, Graph Analysis and Behavior Analytics. Since Anomalix don’t always pose risk, Advanced Threat Monitoring is improved exponentially with actionable line of sight through the kill chain.



FAST, SCALABLE DATA COLLECTION – Anomalix enables vast data collection through a heterogeneous engine that will span the breadth and depth of required identity and security related information and data

USER BEHAVIOR ANALYTICS – Dynamic user profile and peer group enhancements that provide real-time and historical user behavior context to empower business decisions

REAL-TIME RISK BASED POLICY ENFORCEMENT – Detect real threats in real-time and take action. By filtering through the 99% of false positive events and alerts, Anomalix provides the ability to identify suspicious and anomalous threats, internally and externally, and react based on risk to organizational resources

IDENTITY AND SECURITY DASHBOARD – Anomalix provides an intuitive User Interface that maximizes the user experience. The Genius Dashboard (charts, graphs and organized data points) quickly identifies Identity and Security related Anomalies with respect to Authentication, Authorization, Geo-location, Vulnerability, Access Requests, Policy Violations and Enforcements, Peer Group Behavior and Security Investigation

ADVANCED THREAT MONITORING – Anomalix improves threat detection cycles by over 1000% when compared to SIEM capabilities alone. Most SIEM tools do not enable real time capabilities with organizational, risk based policy enforcement to predict user behavior and plan for an automated response or manual response.

DYNAMIC ANALYTICAL MODELS – Anomalix provides dynamic analytical models that can be adjusted and refined by clients to enable the following:

  • Visibility into Operational Risk Models
  • Reduce Operational Risk
  • Reduce Operational Costs
  • Improve Security and Audit Readiness
  • Improve operational efficiency
  • Fraud Prevention
  • Identity Validation
  • User Access Propensity Tracking
  • Risk Mitigation


Advisory & Implementation Services


Anomalix prides itself on solving our client’s most complex Identity & Access Governance challenges. Our diverse team has broad-ranging IAG experience, including design/strategy work at Big-4 consulting firms, engineering/implementation services at security software companies, and infrastructure/operations support at Fortune 500 corporations. This mix of expertise gives us the unique ability to combine “top-down” design and “bottom-up” product knowledge to propose and deliver solutions that are based on industry best practices that can be reliably implemented.

Advisory Services:

  • Roadmaps
  • Security Assessments
  • Vendor Proof-of-Concepts & Product Selection
  • Health-Checks

Implementation Services:

  • Identity Analytics
  • Identity Access and Governance
  • Strong Authentication and Biometrics
  • Security and Compliance Policy Definition and Enforcement
  • Attribute and Role-Based Access Control
  • SSO and Identity Federation
  • Data Governance



Managed IAG Services – Hosted or On-Premise


Anomalix provides comprehensive Managed Identity & Access Governance (IAG) Services for both cloud and on-premise deployments. Many of Anomalix’s clients transition from Advisory & Implementation Services to Managed IAG Services after their production rollouts to ensure they can seamlessly maintain and enhance their systems as a parallel effort.

Typical services include:

  • Remote Administration & Support
    • Server Maintenance
    • Log Monitoring
    • Version Upgrades and Patching
    • Troubleshooting
  • Application On-Boarding
  • Access Review Generation & Administration
  • Custom Connector Development for Auto provisioning
    • Custom Applications
    • Packaged On-Premise Applications
    • Cloud and SaaS Applications
  • Role and Attribute Access Controls
  • Enterprise Access Request UI
    • Access Request Form Development
    • Approval Workflow Development
    • Fulfilment Workflow Development
  • Audit Reports
  • Custom End-User and Administrator Training