Background

Identity and Access Governance (IAG) solutions on the market today fall short of providing more than an entitlement catalogue and provisioning automation, there is no historical context or understanding of access usage. Organizations that are using automated access reviews find themselves facing review fatigue, where every entitlement is being reviewed quarterly. And access request systems unnecessarily route most all requests for approval, instead of taking a risk-based approach.  Risk scoring is fallible as it only takes into account how many entitlements are associated with a given user, but not how the user interacts with those sensitive entitlements.  Most often, you’ll find the IAG system is merely a snapshot of a point in time collection, and therefore IAG systems are only as good as the last data collection.  The data collection is constantly overwritten and only shows what entitlements a particular Identity has, as of the collection.  The reason is that market leading IAG solutions were never architected for a vast amount of data and rely solely on relational databases, which are not built for machine learning, historical context or deep analytical insight

Anomalix - IdGenius (IdG) Overview

Taking a true Risk-based approach to Identity and Access Governance starts with a big-data architecture that will consume inputs that identify how access is being used.  Anomalix’s IdGenius collects Identity data such as HR repositories, (PeopleSoft, Workday, Active Directory, etc), LDAP repositories and Contractor/1099 Worker Databases (any RDBMS where Identity data is stored).  This Identity data is then correlated to:

  • SSO/MFA
  • IAG
  • VPN
  • RDBMS Logs
  • Application Logs
  • Server Logs
  • GRC
  • DLP
  • SIEM
  • PAM
  • HTTP Transactions• Firewalls• Gateways• Proxy• DLP• Virtual Machines• Malware (FireEye, Palo Alto, Wildfire)• External Threats (FS-ISAC, Google CIF)• Cloud (AWS CloudTrail, Mobile Device Logs, Box)• End-Points (App Logs, Security Logs, DB Logs, Server Logs)• Custom APIs (Java, JavaScript, REST, SysLogs)

IDGENIUS

  • Discover how or if identities are using their permissions
  • Establish a true baseline of enterprise risk based on entitlement assignment and usage. 
  • Leverage a risk-driven approach to reduce access reviews

We can now establish a holistic baseline of who has access to what sensitive information.  More importantly, we now know “who is doing what” with sensitive/high-risk access.  The next step is to build a baseline of “normal” Identity activity based on time, geography, transactions, and session information. 

That baseline is continuously gauged against a peer group of Identities to further monitor the “normal” baseline for an Identity given their respective organizational responsibilities through credential modeling.  IdG automatically builds a dynamic baseline of user behavior through profiles of when, where and how Identities employ credentials to access sensitive company resources.  IdG then builds peer groups which can be used to centralize user access and efficiently perform access reviews, while streamlining the Joiner, Mover and Leaver process. Once IdG detects anomalous behavior, it will reference supervised and unsupervised algorithms to determine if real-time action is warranted.  

An example might be that most DBAs run queries against production databases after midnight on weekends for routine maintenance.  Since this is the norm for that peer group, the activity is logged and associated with a lower risk level. IdG is able to detect Rogue Access, or access that did not go through the proper approval and request channels.  Rogue access is then routed for action or disablement.  

IdGenius is able to help organizations to automatically identify access that should be cleaned up and removed due to inappropriate access or legacy assignment that is no longer valid given current business responsibilities.  Further, IdG allows organizations to take a Risk-based approach to access certifications to focus only on Identities and Access that impact the business.  Far too often organizations are finding themselves in a state of access certification fatigue where every quarter every user and all there access is being reviewed unnecessarily.  

 Anomalix’s customers are doing fewer access certifications and simultaneously increasing their audit and compliance posture.   Access requests are streamlined because all requests are evaluated for risk and organizational Segregation of Duties violations, only high risk and potential violations are routed for approval.  

This significantly reduces the amount of business user involvement in the request process.IdG enables true Dynamic & Polymorphic Threat Detection by leveraging supervised and unsupervised algorithms that constructs a risk profile through a multidimensional lens.  IdG provides continuous Machine Learning, Graph Analysis and Behavior Analytics for Users and Entities (IoT).  Since anomalies don’t always pose a risk, IdG cuts through 99% of false positives to enable actionable line of sight through the kill chain by leveraging user/entity behavior and identity context.

BENEFITS

FAST, SCALABLE DATA COLLECTION – IdG enables vast data collection through a heterogeneous engine that will span the breadth and depth of required identity and security-related information and data

USER BEHAVIOR ANALYTICS – Dynamic user profile and peer group enhancements that provide real-time and historical user behavior context to empower business decisions

REAL-TIME RISK-BASED POLICY ENFORCEMENT – Detect real threats in real-time and take action.  By filtering through the 99% of false positive events and alerts, IdG provides the ability to identify suspicious and anomalous threats, internally and externally, and react based on risk to organizational resources

IDENTITY AND SECURITY DASHBOARD – IdG provides an intuitive User Interface that maximizes the user experience.  The IdGenius Dashboard (charts, graphs, and organized data points) quickly identifies Identity and Security related Anomalies with respect to Authentication, Authorization, Geo-location, Vulnerability, Access Requests, Policy Violations and Enforcements, Peer Group Behavior and Security Investigation

ADVANCED THREAT MONITORING – IdG improves threat detection cycles by over 1000% when compared to SIEM capabilities alone.  Most SIEM tools do not enable real-time capabilities with organizational, risk-based policy enforcement to predict user behavior and plan for an automated response or manual response

IdGenius

  • Avoid Access Review Fatigue by only focusing on access changes and access anomalies
  • Implement real-time anomaly detection that poses threats based on risk
  • Increase Threat Monitoring coverage by understanding User and Entity Behavior
download white paperBack To White PApers

Please enter your information to download this white paper

Thank you!
Download from the link below.
IDGenius For Identity And Access Governance
Oops! Something went wrong. Please check all fields and try again.
← Go Back to White Papers