Identification of Vulnerable User Profile Data

• Identification of

  • Orphan accounts

  • Ghost accounts

  • Accounts with unused permissions

  • Accounts with excessive permissions

  • Accounts not enrolled in MFA

  • Shared accounts

  • Shadow accounts and permissions

  • Privileged accounts

Identification of Runtime Malicious Activity

• Identification of

  • Failed logins after no activity

  • Impossible traveller / Logins from risky locations

  • Account takeover

  • Privilege abuse and escalation

  • Session hijacking / parallel session use

  • Credential attacks

• Support

  • Access usage analytics

  • Creation of baseline identity behaviour

• Analyze

  • Comparison of runtime behavior to attack frameworks / indicators of

    compromise

  • Comparison of runtime behavior to real time cyber threat intelligence

  • Comparison of runtime behavior to self

  • Comparison of runtime behavior to defined peer groups

Contextual Investigation

• Improving post event analysis

• Improving current event investigation

• Context and cascading analysis of exploitation

• Ability to prove malicious intent

• Ability to support better identity attribution of the attack

• Event risk scoring - either individual or composite based on models

Automated Response

• Digital playbooks

• Support human lead notification and investigation

• Delegated investigation