Threat Analysis

What it is

A solution dedicated to environment monitoring in order to detect and send real-time alerts of any suspicious action performed with privileged credentials, allowing the security team to prevent an ongoing attack.

Benefits

• Reduced response time to attacks;
• Automatic blocking of stolen privileged credentials;
• Visibility of threats associated with privileged accounts;
• Access to all information associated with the incident.

How it works

A list of suspicious commands and behaviors in the environment is classified according to the level of risk. Whenever risk are identified, alerts are issued and consolidated on a graphic dashboard. The information security team can therefore take immediate action if necessary.

Features

• Graphic dashboards with risk and threat information;
• Alerts with detailed information about the occurrence of suspicious activity;
• Analysis of user sessions with record of abnormality in reports;
• Audit, command alert and blocking, even for privileged users;
• Recording of command input and output logs;
• Command scoring according to the level of risk of each command;
• Identification of lateral movement and privilege escalation;
• Sending suspicious activity alerts to SIEM/SYSLOG.

Technical features

• Self-learning of operating machine history and user behavior to identify any change that represents a threat;
• Scoring, monitoring, alerting and command blocking based on whitelist and blacklist;
• Automatic response for detection of threats without human intervention.