RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Quest Change Auditor Threat Detection

Product
Developers: Quest Software
Technology: Cybersecurity - Authentication

Change control in Windows infrastructure on the basis of the behavioural analysis

The analytical platform of detection of threats in Windows infrastructure on the basis of behavioural and statistical analysis and also machine learning.

  • Increases the accuracy of detecting of suspicious events, reduces the number of false operations.
  • Defines potentially dangerous users on the basis of their behavior taking into account historical data.
  • It is integrated with the existing modules Change Auditor.
  • Does not require change of infrastructure.


Quest Change Auditor это:

  • Deep audit and standardization of data from logs and Windows infrastructure magazines.
  • Tracking of actions of administrators on the critical systems.
  • Protection from unwanted (including accidental) changes of objects of AD, mailboxes, files and folders in Windows.
  • Notifications in real time (including by e-mail and the SMS).
  • Recovery of single changes.
  • Clear interface and role access to a system.

Technologies: pattern-based threat detection

Change Auditor Threat Detection models lines of conduct and traces chains of actions of users to detect the suspicious activity proceeding from malicious users or the compromised accounts.

Change Auditor Threat Detection: how it works?

  • Collecting and the analysis of logs (attempts of authorization, change in AD, actions with files);
  • Creation of basic behavior models of users (on the basis of 30 days of observation);
  • Detection of deviations from basic models and anomalies of behavior;
  • Correlation of events and confirmation of incidents;
  • Creation of models of risks;
  • Prioritizing of risks, tracking of suspicious users.

Actions of the users falling under observation and correlation:

  • Non-standard access time to files
  • Non-standard or mass addressing files
  • Non-standard or mass opening of folders
  • Mass movement of files
  • Non-standard time for authorization
  • Several unsuccessful attempts of authorization in a row
  • Simultaneous authorizations in the different systems
  • Mass change of the passwords AD
  • Mass change of AD attributes

Источник — «https://tadviser.com/index.php/Product:Quest_Change_Auditor_Threat_Detection»

Шестерня

The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article

If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible.

How to create a "smart plant": Key characteristics of a modern digital enterprise
Model Studio CS: How to use BIM to give new impetus to the development of the fuel and energy complex