User Behavior

User Behavior provides reports that evaluate user behavior when interacting with senhasegura's resources.

Functionalities

• Establishment of standard behavior: the system analyzes a user's behavior while interacting with senhasegura's resources and establishes a behavioral standard for that user. Actions that deviate from this standard are considered suspicious.

• User scoring: suspicious actions may result in the loss of points for the user. The more compliant the user's behavior is with security policies, the higher their score will be.

• Continuous identification: the Continuous identification feature can be configured to prompt the user to re-authenticate after performing suspicious actions, such as those related to sessions or password viewing.

• Log generation: User Behavior allows for the generation of detailed logs, which can be consumed by Security Information and Event Management (SIEM) systems.

Applicability

The User Behavior module is useful in various scenarios.

• Configuration of audited commands

Administrators can define the commands that will be audited during a session and the actions to be taken when the user executes such commands.

• Continuous identification and identity verification

In the system's parameter configuration, the administrator can set specific scores. When these scores are reached, the Continuous Identification feature is triggered, requiring the user to re-authenticate to continue using senhasegura. Additionally, a detailed report called Re-authentication Logs can be viewed, providing information on all re-authentication requests, aiding in the analysis of suspicious actions and security management.

• Individualized logs

In the User Posture section, you can select a specific user and view dashboards with all their relevant and suspicious interactions.

• Prioritization of high-risk users

The report available in the Users rating section displays users and their behavioral risk, starting from the most suspicious to the least suspicious, facilitating proactive measures to mitigate data security threats.

• Detailed view of user behavior

The reports available in the Behavior analysis section provide a detailed analysis of users' interactions with the application, identifying suspicious actions related to re-authentication logs, password changes, session events, and credential viewing events.

• Command audit

The Audited Command Logs section records the audited commands executed by users within senhasegura. Through these reports, detailed occurrences can be tracked by command, device, credential, and user. Additionally, all sessions where any type of incident occurred can be observed, enabling comprehensive and precise monitoring of activities performed in the system.

• Strengthening organizational security

Using User Behavior promotes a culture of awareness and responsibility among users, provides valuable insights to enhance security policies and implement preventive measures, and contributes to ensuring the integrity of sensitive data while strengthening the organization's security posture.

Use case

Monitoring suspicious activities

Primary actor: Alex (IT security administrator).

Summary: this use case describes how Alex uses User Behavior to monitor and mitigate potential threats to sensitive data security within a corporate network.

Note: User Behavior is designed to analyze user behavior and identify suspicious activities within senhasegura. This use case is applicable to organizations seeking to strengthen their security posture by identifying and responding to anomalous user behaviors.

Basic flow:

1. Log generation and score visualization:

   • The User Behavior module generates detailed logs, assigning scores to user behaviors based on suspicious or anomalous actions.
   • Alex views these logs and scores to gain an initial understanding of user activities.

2. Analysis and identification of scenarios requiring action:

   • Alex analyzes the logs and scores generated by User Behavior to identify scenarios involving suspicious behaviors or security violations.
   • This includes attempts to access during unusual hours, frequent password changes, or uncommon credential accesses.

3. Configuration of audited commands and continuous identification:

   • Based on the analysis, Alex creates specific audited commands to monitor critical activities.
   • He also configures the Continuous identification feature to prompt users to re-authenticate when performing suspicious actions or reaching a certain score.

4. Post-configuration action monitoring:

   • After configuration, Alex monitors actions taken by users, reviewing updated logs and scores following the implementation of new security measures.

5. Investigation and action:

   • Alex investigates actions that continue to be suspicious or trigger alerts in the system.
   • Based on these investigations, he takes proactive measures to mitigate potential threats, such as blocking sessions, suspending users, or implementing additional security policies.

Post-condition:
Alex uses User Behavior to efficiently monitor, identify, and respond to suspicious user behaviors. These actions strengthen the organization's security posture, protecting sensitive data and mitigating potential threats proactively.

Conclusion

User Behavior from senhasegura is a crucial tool for enhancing organizational security, providing detailed reports that analyze user behavior and detect suspicious activities. By understanding user behavior patterns, senhasegura enables administrators to assign scores to anomalous behaviors and prioritize high-risk users. This allows administrators to take proactive measures to mitigate potential security threats, configure system parameters, and individually monitor user interactions. User Behavior fosters a culture of awareness and responsibility, playing a key role in protecting sensitive data and strengthening the organization's security posture.