Change Auditor Threat Detection offers a unique approach to user threat
detection by modeling individual user behavior patterns to detect anomalous
activity that might indicate suspicious users or compromised accounts. By
analyzing user activity, using proprietary advanced learning technology, user
and entity behavior analytics (UEBA), and sophisticated, scoring algorithms,
Change Auditor Threat Detection ranks the highest risk users in your
organization, identifies potential user threats and reduces the noise from
false positive alerts. Overcome the gaps left behind by native auditing tools
and keep your environment secure.
Quickly and easily discover threats including:
Easily identify compromised users or accounts attempting to steal or destroy
Quickly recognize malware attempts to take over user accounts and privileges.
Privileged account misuse
Locate when a program or script has taken control of user credentials.
Identify attackers by correlating repeated security events to related alerts.
Spot improper privilege elevation by highlighting events and related user
Abnormal AD activity
Quickly identify suspicious user activity in AD.
Locate attackers by comparing patterns of abnormal behavior to user baselines.
Inappropriate system or resource access
Raise alerts on users attempting to access unnecessary data.
Threat detection features
Audit log analysis
Real-time audit log analysis
Efficiently analyze a high volume of audit data in real-time,
including AD changes, authentications and file activity. Build user
baselines from these raw activity events and proactively detect when
users’ behavior appears anomalous so you’re immediately
aware of potential suspicious activity.
Automated user behavior analytics
Model user activity patterns with no administrator input or
configuration required. User behavior baselines are automatically
created using unsupervised advanced machine learning, modeling every
aspect of a user’s activity, including their logon patterns,
administrative activity and file and folder access.
Sophisticated behavioral anomaly detection
Identify abnormal user activity by automatically comparing every user
action against that user’s behavioral baseline. Sophisticated
threat indicator detection and multi-level risk scoring ensure that
only the most egregious anomalies are highlighted, representing the
riskiest user behaviors.
User threat detection
Pattern-based user threat detection
Rather than rely on rules to detect specific activities,
automatically analyze user activity as it happens. Identify the most
suspicious users through advanced user behavior pattern detection.
Sophisticated global modeling ensures that only the most critical and
concerning patterns of user behavior are highlighted, significantly
reducing the noise caused by isolated activities and false positives.
View security alerts in context
View all suspicious user activity alerts in the context of the threat
indicators that were discovered as part of the alert. Every behavioral
anomaly is presented in the context of the user’s baseline
activity and with all of the raw events that triggered the alert,
clearly indicating why the alert was raised and simplifying the
investigation and follow-up.