Anomaly detection on Cloud Entitlements revolves around identifying unusual or suspicious activities related to user and machine identities, and their access rights (entitlements). This process helps organizations detect potential security threats, unauthorized access, or misconfigurations that could lead to breaches or data leaks. Cloud Entitlements provides continuous entitlement discovery and GenAI-powered anomaly detection.
Continuous Discovery tracks near real-time changes to identities, entitlements, policies, permissions, trusts, and new related risks or misconfigurations, and GenAI Anomaly Detection (via our Segura Intelligence engine) identifies key risks. This dual capability ensures CIEM analyses use current data. GenAI-driven anomaly detection provides early warnings of threats or policy violations.
All the alerts are delivered via SIEM integration (Syslog), email, and Slack. This enables proactive risk mitigation and a stronger cloud security posture.
Use cases
Anomalous entitlement acquisition
Sudden or unusual privilege escalations and high-risk grants.
Abnormal entitlement usage
Deviations from behavioral baselines like first-time entitlement use or activity inconsistent with an identity's profile.
Quarantine anomalies
After detecting an anomaly, Cloud Entitlements automatically move anomalies to quarantine, revoking accesses, locking compromised accounts, or isolating affected resources to prevent further risks. To restore the accesses, accounts, or resources, only the admin can remove the identity from quarantine.