Privileged Account Manager assesses the risk associated with an access attempt based on the contextual information. For example, the contextual information can be IP address and device information.
Some threats are very complex and difficult to trace through rule-based computation. These unknown threats are unpredictable and do not leave any evidence behind. The evidence might be hidden within your data. These threats require a more sophisticated approach to anomaly detection using machine learning.
To enable the unknown threat or anomaly detection, Privileged Account Manager integrates with ArcSight Intelligence and leverages its User and Entity Behavioral Analytics (UEBA) capability. Using the organization's data, ArcSight Intelligence establishes the normal behavior for the organizational entities and then, using advanced analytics and machine learning, identifies the anomalous behaviors that constitute potential risks such as compromised accounts, insider threats, or other unknown cyber threats.
The following are a few examples of anomalies in behavioral access control:
A large number of session authentication successes and failures
A large number of application access events
A large number of distinct applications accessed
Unusual application access events
Unusual browser used during authentication
Unusual working hours or working days
This integration enables Privileged Account Manager to perform the following actions by using behavioral analytics:
Detect compromised account and bots
Detect insider threats
Detect compromised network, host, and devices
Detect unknown threats