Privilege Threat Analytics Service

The Privilege Threat Analytics Service is an add-on to Privilege Access Services. Privilege Threat Analytics Service is focused on risk-based multi-factor authentication (MFA). The Service leverages machine learning to detect unusual access in real-time, providing behavior awareness to access requests for shared accounts.

This section describes the following key features of Privilege Threat Analytics Service:

Insights

Insights is a dashboard that helps IT users understand access risk and access patterns within the enterprise. The following are some of the canned insights dashboards we provide to help customers get on-boarded:

  • User Risk Overview
  • Application Risk Overview
  • Endpoint Risk Overview
  • Resource Risk Overview

Example of Insight Dashboard

Explorer

The Explorer is a visual tool that allows users to drill into individual events, so as to understand the risk nature of any specific event. Risk is computed in real time for every event and expressed as high, medium or low for any anomalous activity.

Example of Explorer Dashboard

This is done by first profiling access behavior for a given user, focused on apps and resource usage. The user’s current actions are then compared against the behavioral norms for that user.

Explorer features include cross-filtering, a query generator, as well as more than a dozen UI widgets to better understand the events and risks.

Explorer Risk Distribution Graph

Behavior-Based Access Control

Events that are analyzed from the platform can be used to profile the normal access pattern for a user on an application or resource, so that anomalies can be identified in real-time. This risk assessment is included as part of adaptive access policy to enable risk-based access control on apps and infrastructure access.

Risk-Based Access Control Interface

Centrify categorizes anomalous activity as either low, medium, or high risk. That risk level is fed to the policy enforcement engine for app and infrastructure access. An administrator can then leverage this risk-based access control as another control for portal login, application access, resource access, or account checkout. In short, wherever you can enable Centrify Authentication Profiles (that can Allow, Deny or MFA to any access), you can leverage this risk level policy enforcement.

Alerting and Notifications

Remediate anomalies by integrating with any Webhook-enabled endpoint:

  • Anomaly alerts
  • Slack or incident-response applications, such as PagerDuty, for real-time alerting; integrate with any Webhook-enabled endpoint
  • Alert content customization
  • Ability to define alert message contents

Alert Message Example