Developers: | Quest Software |
Technology: | Cybersecurity - Authentication |
Change control in Windows infrastructure on the basis of the behavioural analysis
The analytical platform of detection of threats in Windows infrastructure on the basis of behavioural and statistical analysis and also machine learning.
- Increases the accuracy of detecting of suspicious events, reduces the number of false operations.
- Defines potentially dangerous users on the basis of their behavior taking into account historical data.
- It is integrated with the existing modules Change Auditor.
- Does not require change of infrastructure.
Quest Change Auditor это:
- Deep audit and standardization of data from logs and Windows infrastructure magazines.
- Tracking of actions of administrators on the critical systems.
- Protection from unwanted (including accidental) changes of objects of AD, mailboxes, files and folders in Windows.
- Notifications in real time (including by e-mail and the SMS).
- Recovery of single changes.
- Clear interface and role access to a system.
Technologies: pattern-based threat detection
Change Auditor Threat Detection models lines of conduct and traces chains of actions of users to detect the suspicious activity proceeding from malicious users or the compromised accounts.
Change Auditor Threat Detection: how it works?
- Collecting and the analysis of logs (attempts of authorization, change in AD, actions with files);
- Creation of basic behavior models of users (on the basis of 30 days of observation);
- Detection of deviations from basic models and anomalies of behavior;
- Correlation of events and confirmation of incidents;
- Creation of models of risks;
- Prioritizing of risks, tracking of suspicious users.
Actions of the users falling under observation and correlation:
- Non-standard access time to files
- Non-standard or mass addressing files
- Non-standard or mass opening of folders
- Mass movement of files
- Non-standard time for authorization
- Several unsuccessful attempts of authorization in a row
- Simultaneous authorizations in the different systems
- Mass change of the passwords AD
- Mass change of AD attributes