Real-Time Access Control Automation Using Risk and Intelligence
Gurucul Identity Analytics (IdA) comprehensively manages and monitors identity-based risks and threats across an organization’s siloed environments. Using big data, Gurucul provides a holistic 360-degree view of identity, access, privileged access, and usage in the cloud, on mobile and on-premises. IdA reduces the access plane by detecting and removing access risks, access outliers, and orphan or dormant accounts. This improves an organization’s security posture by significantly decreasing the number of accounts that can be compromised or abused.
Identity Analytics delivers the data science that improves IAM and PAM, enriching existing identity management investments and accelerating deployments. IdA surpasses human capabilities by leveraging machine learning models to define, review and confirm accounts and entitlements for access. It uses dynamic risk scores and advanced analytics data as key indicators for provisioning, de-provisioning, authentication and privileged access management.
The impact of machine learning with Identity Analytics can radically reduce accounts and entitlements. Machine learning models provide 360-degree visibility for an identity, accounts and access, with the ability to compare to peer groups using baselines to determine normal and anomalous access. The objective is to clean up the access plane to enable access only where it should be provided.
Gurucul Identity Analytics Solutions
Discover, risk rank and monitor accounts with privileged access for outlier access and anomalous behavior. System administrator or shared accounts are traditionally managed and controlled by Privileged Access Management (PAM) solutions. However, experts estimate that more than 50% of privilege access risks, including application privileges, reside outside of known lists or PAM vaults. Managing privileged access effectively originates with privileged access discovery at the entitlement level, not the account level. Identity Analytics facilitates the discovery of who has privileged access with privileged entitlements that may have escalated after provisioning or exist within applications and unstructured data. It can find regular accounts with privileged access entitlements and privileged functions without a group association or legacy tracking method. Backdoor access and its misuse will be a thing of the past because undocumented and unnecessary permissions can be eliminated.
Reducing excess access and access outliers is the first step to shore up access risks. Gurucul Identity Analytics automates the access cleanup processes. It identifies dormant and orphan accounts, and detects accounts with outlier access. These accounts can be sent to system owners or administrators for review. Action can be taken, based on their response, to assign the account to an end user, or remove the account from the system. Or, leverage Gurucul’s closed loop API integrations to automatically send de-provisioning requests to provisioning systems where standard workflows can be applied to ensure access is removed appropriately. Removal is validated, and user risk scores are adjusted when Gurucul Identity Analytics receives confirmation back from the provisioning system that access has been removed.
The average user has more than 100 entitlements making certification a time-consuming process for managers. Certifications are typically a quarterly or yearly process leaving organizations at risk with employees having unwarranted extended access. This often results in rubber-stamping certifications and cloning user access rights. Identity analytics uses multiple parameters to drive risk based access certifications, including a user’s overall risk score, entitlement and account level risk score, and outlier scores from a context-rich configurable UI. Detect access outliers leveraging peer groups of users to trigger certifications for outlier access. Automatically send risk based certifications to the business when outlier access is identified. Enable the business (managers, data owners, role owners) to make decisions about removing or retaining outlier access to their assets. Reduce access not associated with job responsibilities and potential account compromise risk. Learn more.
Enable real-time risk based access policy enforcement of authentication levels for user’s access to systems, devices, and applications. Determine access control permissions and restrictions based on a user’s risk score versus hard-coded rules. A real-time risk score is calculated based on user outlier behavior percentage, resident user risk and reputation, and data or transaction risk classification. This score is then used to make real-time authentication and access decisions, while simplifying the user experience and enhancing security.
Existing provisioning systems are role-based and static. Identity Analytics enables zero-day provisioning and automated approval workflows for higher risk access by inspecting inlier analytics. Gurucul’s solution looks at the provisioning access allotted to peers and dynamically provisions access to peer inliers. This happens in real-time using machine learning algorithms, user risk, peer group analytics, existing entitlement combinations, and application classification. Role modeling provides role mining, role consolidation, and role comparison using machine learning algorithms and usage data context. This avoids the issue of over-provisioning users with unnecessary and unneeded access entitlements.
Prevent and detect Segregation of Duties (SoD) or toxic combinations of access and their usage. SoD is an essential control over sensitive transactions. Role-based access often causes unknown conflicts in securing these transactions. Identity Analytics automatically reviews existing roles and entitlements across systems and identifies inter- and intra-application SoD risks. When these risks are identified, access is temporarily disabled, and the business owner is notified. The business owner can choose to accept the risk and allow access or deny access. In both situations, Identity Analytics supports configurations to send updates to the business owner and to the identity management system to ensure a central audit log is maintained.
Gurucul Identity Analytics Benefits
65% Reduction in On-Boarding Time
- Increase productivity using zero-day dynamic access provisioning
- Reduce risk through dynamic remediation
60% Reduction in Manager Time During Certifications
- Focus only on risky and outlier access reviews
- Enhance the user experience and reduce rubber-stamping
- Run contextual searches on IAM data to deliver significant compliance and audit cost savings
50% Reduction in Privileged Access Risk
- Discover privileged access and move to the vault
- Risk score outlier access and anomalous behavior
40% Reduction in Excess Access (Accounts & Entitlements)
- Facilitate the elimination of unwarranted access entitlements
- Amplify the productivity of security analysts
- Reduce the attack surface
5% Reduction in Software Subscription Licenses
- Save on licensing fees for SaaS cloud applications by removing orphan and dormant accounts
Aetna Customer Testimonial “Model Driven Security Story”
Read the Identity Analytics Use Cases Whitepaper
How to Build a Risk Based Authentication Program
Discover & Manage Access Risks in This Global Pandemic
“Identity Analytics forms the foundation of our overall control set at Aetna. We have a risk score for all our users that is derived from Identity Analytics. That risk score is one of the primary factors in many of our downstream controls.”
– Kurt Lieber, CISO, Aetna