Privileged Account Analytics

Part of your Privileged Access Management solution

Privileged Account Analytics (PAA) integrates data from our Privileged Session Management (PSM) technology, as well as a variety of logs and contextual data points. Our 13 algorithms scrutinize 17 behavioral characteristics, generating user behavior profiles for each individual privileged user that are continually adjusted using machine learning.

Real-Time Threat Detection

Track and visualize user activity in your IT environment in real-time, without pre-defined correlation rules.

Distinguish friend from foe

Use keystroke and mouse data to detect threats and provide continuous authentication for legitimate users.

Reduce Alert Noise

Prioritize events based on user risk and deviation levels. Only investigate the most serious occurrences.

Notify or Suspend

Close down sessions that indicate a malicious presence and notify legitimate users of a potential breach.


How to use PAA effectively
within an
overall PAM

Mitigate against privileged account risks
Get in touch

Real-Time Insight

Using real-time data derived from machine learning algorithms, PAA establishes a profile for every user who can access your network and continuously compares actual activity to baseline activity. By detecting unusual activity in real-time, PAA enables analysts to react immediately.

  • Real-time analysis

    No session closure necessary

  • Constant updates

    Results refreshed every few seconds

  • Fast detection

    Anomalies uncovered within 30 seconds

  • Customize baseline behavior

    Adjust the frequency of baseline behavior updates

Automated Response

High-impact events are often preceded by a reconnaissance phase. So detection and response are critical to preventing damaging activity. Seamless integration with PSM enables automated session termination whenever a highly suspicious event occurs, or malicious behavior is detected. Types of automated response include:

  • Immediate notification

    To either your security analyst or the account holder

  • Session termination

    Stop a privileged user session before it threatens your network

  • Account suspension

    Remove a potentially malicious account from your IT environment

Behavioral Biometrics

Each user has its own idiosyncratic pattern of behavior, even when performing identical actions like typing or moving a mouse. PAA algorithms inspect these characteristics, when they are captured by PSM, using them to identify breaches and serve as continuous, biometric authentication. Inspected traits include:

  • Keystroke dynamics

    Including dwell time, flight time, function key usage and key press time

  • Mouse movement

    Including the changing position of the mouse, speed, idle time between movement and click, and the time between clicks or double clicks

Risk Scoring

PAA categorizes all privileged account activity and events based on risk and deviation levels, enabling security analysts to focus on the most important.
It highlights events where the levels are high, and gives analysts the tools to investigate. It looks at 17 characteristics, including:

  • Time of login and host

  • Type and length of activity

  • IP address and port

  • Protocol

Screen Content Analysis

The Optical Character Recognition engine of PSM can read and understand the screen content of privileged users (including window titles, used applications or issued commands) to enrich behavior profiles. This analysis facilitates the detection of ID thefts.

  • Forbidden or malicious commands

  • All issued commands to build a baseline

  • Window titles / used applications

Privileged Access Management goes beyond password-based authentication to protect your business against privileged access misuse. The PAA component uses data from PSM, helping you to monitor privileged access user behavior against pre-defined, constantly updated profiles. In doing so, you can stop hacks before they happen.

Recent Resources

Audit Reporting in Shell Control Box

Shell Control Box (SCB), Balabit' privileged u er monitoring appliance, feature  a comprehen ive reporting y tem, which...

Best Practice for Incident Forensics

Today ecurity incident are a que tion of when, not if: every company, mall and large, face the threat of being a...

Calibrating anomaly scores

In thi blog po t, we are going to di cu how to calibrate anomaly core to make ure that the core are tru ted...

“Lorem ipsum dolor sit amet, consectetur adipisicing elit. Sint minima earum velit, dolorem fuga impedit onsectetur adipisicing dolorem.”

– Lorem ipsum, Lorem ipsum