How Access Analytics Solves Critical Security Controls

Companies are continuously being challenged with providing visibility into access risks. Access analytics uses machine learning and artificial intelligence on big data to automate the identification and cleanup of access risks.

Privileged Access Security Risks

A key aspect of access analytics is Privileged Access Monitoring.  With employees and contractors leveraging a lot of cloud-based SaaS platforms, as well as sanctioned and unsanctioned applications, discovering privileged access and accounts has come to the forefront. After all, privileged accounts are the keys to your cyber kingdom so securing and monitoring these accounts are paramount.

A significant concern for organizations is being able to discover any unknown privileged access on the basis of activity or events. A privileged access management (PAM) system will vault privileged accounts, but there is no privileged access discovery at the entitlement level. Every single PAM vendor operates from the function of a moat or barrier, to give users privilege for a period of time by checking out accounts from a vault. However, that’s inherently limited and flawed. The process must begin with an understanding of who has access with privileged entitlements that may have escalated after provisioning, or exist within applications and unstructured data. Gurucul uses machine learning models to detect privileged access risks at the entitlement level. Then, once identified, organizations can remediate any privileged access misuse, by vaulting some of the unmanaged privileged access, or by notifying an asset owner about the newly discovered privileged access.

Dynamic Access Security Risks

One security concern is, how have organizations been handling the dynamic provisioning of temporary workers during the global COVID-19 pandemic? Now that most of the workforce is working remotely, how do you continuously ensure that employees and contractors have been provisioned with the right access to the right set of accounts? The struggle is to maintain a fine balance between guaranteeing users are onboarded quickly with the right access to necessary assets, and ensuring that all the security controls are maintained.

Gurucul offers a solution for this called dynamic risk based provisioning or Dynamic Access and Role Modeling. Our solution allows you to have automated analytics-based decisions to drive some of those on-demand or policy-based provisioning workflows. The capability can determine access-control permissions and restrictions based on a user’s risk score. Risk scores take into account numerous points of context including user behavior, resource sensitivity, job role, access of the user compared to peers, and the configuration of the devices used to access resources.

Risky Access Discovery and Cleanup

Another security concern from an access standpoint is risky access discovery and cleanup. At the onset of pandemic, a number of organizations had to change their operating model overnight. All of a sudden, they had to provision access to cloud applications for an entire remote workforce. This is on top of an already a broken system. Because a number of organizations have been granting access to their employees for years which has never been cleaned up. Employees have been transferred from various different departments and their access has carried forward. To identify all of that access, and on top of that get new access provisioned, has been overwhelming.

So, what happened? Users gained access in a relatively short timeframe by bypassing some of the security controls because access had to be granted immediately. And all of this caused security nightmares for the security teams. And that’s why Gurucul has provided a solution around Risky Account Discovery and Clean Up. It helps organizations reduce access risks by identifying dormant and orphan accounts, and detecting accounts with outlier access that are routinely missed by conventional IAM tools. Shoring up access risk in the enterprise starts with reducing excess access and access outliers.

Risk Based Access Certifications

Another security enabler from Gurucul is Risk Based Access Certifications or access reviews. Due to the remote workforce, it’s even more difficult for managers to certify user access. Also, with so many different cloud accounts and entitlements being provisioned, it’s problematic for managers to keep track of what provisions or permissions users have access to. Also, setting up conflict access, as well as segregation of duty monitoring amongst all of these various different SaaS applications is becoming very, very tricky for organizations. Risk based access certifications help alleviate some of these concerns because it’s all analytics driven. Now managers can only focus on looking at manually certifying risky access based on various different risk profiles, SOD violations, and behavioral analytics. All of that is taken into consideration to determine what are the highest risk entitlements or permissions. And low-risk can be auto certified. This solution can reduce the total number of manual access certifications by 90%.

Risk Based Authentication

Now with employees and contractors logging in from various different locations, standard authentication techniques, as well as multi-factor authentication, is not able to provide the seamless user experience, while ensuring that organizations have good security controls. MFA’s are great, but it could be a burden on the end user from an experience standpoint, if you keep on prompting them for a one-time password. So that’s why Gurucul offers Risk Based Authentication. Gurucul leverages its model driven security enforcement to address a range of users and entities, including consumer authentication, vendor partner distributor authentication, and any device level authentication for IOT. It helps leverage risk aggregation to drive some of these authentication decisions. It also helps with the end user experience as well as overall productivity increases.

Gurucul Identity & Access Analytics is The Product

All of these access analytics solutions or use cases are powered by Gurucul Identity & Access Analytics. We have over 11 years of experience solving access control issues at scale with identity analytics. Get real-time visibility into access risks and automate dynamic provisioning/deprovisioning decisions with Gurucul’s machine learning and AI.