Privileged account threat analysis system

Abstract

The invention discloses a privileged account threat analysis system, which comprises an intelligent threat auditing unit, a real-time threat monitoring unit and an overall configuration management unit which are connected with one another, and is characterized in that the intelligent threat auditing unit is used for auditing and monitoring account threat abnormal behaviors, and an administrator performs auditing analysis from different security dimensions and performs visual display. The privileged account threat analysis system can be compatible with structured and unstructured data of various operating systems, applications, databases, network equipment, security equipment and the like, can solve the data island problem existing in privilege threat analysis of a traditional system or tool, effectively carries out unified centralized management on external and internal threat behavior audits of the privileged account, realizes real-time omnibearing monitoring and association analysisof privileged account behaviors, can actively send the detected suspected privileged account threat behaviors to related personnel for real-time alarm, can improve the real-time protection capability,and can reduce further loss caused by the privileged account threat behaviors in an enterprise to the greatest extent.

Description

technical field [0001] The invention relates to the field of threat analysis of privileged accounts, in particular to a threat analysis system of privileged accounts. Background technique [0002] In the security protection of today's society, compared with defending against external attacks such as hackers, enterprises pay much less attention to internal attacks and adopt technical practices, and once internal threats occur, the damage caused by them is usually greater than that of external attacks. Much larger, external attackers or malicious internal users have privileged accounts, they can control the IT structure of the enterprise, turn off security protection functions, steal important information, and even interrupt the business of the enterprise, causing huge losses and impacts. Data breaches are almost always the result of privileged credentials being stolen, abused or misused. [0003] At this stage, the threat analysis products for privileged accounts are mostly ...

AI Technical Summary

Problems solved by technology

[0002] In the security protection of today's society, compared with defending against external attacks such as hackers, enterprises pay much less attention to internal attacks and adopt technical practices, and once internal threats occur, the damage caused by them is usually greater than that of external attacks. Much larger, external attackers or malicious internal users have privileged accounts, they can control the IT structure of the enterprise, turn off security protection functions, steal important information, and even interrupt the business of the enterprise, causing huge losses and impacts. Data breaches are almost always the result of privileged credentials being stolen, abused or misused

[0003] At this stage, the threat analysis products for privileged accounts are mostly simple external threat analysis contained in the account management system, which has relatively large limitations; corporate privileged accounts involve too wide a range, variety, quantity and change, and it is easy to form data islands. This makes traditional tools or systems auditing and monitoring the threat behavior of privileged accounts very complicated and difficult to be compatible at the same time; in addition, traditional tools or systems have no strict audit analysis model or logic for threats from internal privileged accounts, and threat events cannot be sent in time Message notification, after the event, the threat information cannot be associated and displayed in detail, so that when a privileged account threat occurs, the threat cannot be detected in time, and the threat can be reduced in time to cause further losses to the enterprise

Images