Privilege Threat Analytics Service
The Privilege Threat Analytics Service is an add-on to
This section describes the following key features of Privilege Threat Analytics Service:
Insights is a dashboard that helps IT users understand access risk and access patterns within the enterprise. The following are some of the canned insights dashboards we provide to help customers get on-boarded:
- User Risk Overview
- Application Risk Overview
- Endpoint Risk Overview
- Resource Risk Overview
Example of Insight Dashboard
The Explorer is a visual tool that allows users to drill into individual events, so as to understand the risk nature of any specific event. Risk is computed in real time for every event and expressed as high, medium or low for any anomalous activity.
Example of Explorer Dashboard
This is done by first profiling access behavior for a given user, focused on apps and resource usage. The user’s current actions are then compared against the behavioral norms for that user.
Explorer features include cross-filtering, a query generator, as well as more than a dozen UI widgets to better understand the events and risks.
Explorer Risk Distribution Graph
Events that are analyzed from the platform can be used to profile the normal access pattern for a user on an application
Risk-Based Access Control Interface
Centrify categorizes anomalous activity as either low, medium, or high risk. That risk level is fed to the policy enforcement engine for app
Remediate anomalies by integrating with any Webhook-enabled endpoint:
- Anomaly alerts
- Slack or incident-response applications, such as PagerDuty, for real-time alerting; integrate with any Webhook-enabled endpoint
- Alert content customization
- Ability to define alert message contents
Alert Message Example