Analytics

This feature is currently available only to customers participating in a Public Preview. For details, see Preview Program.

Analytics covers Platform events and Secret Server Cloud events (if fully integrated Using Platform Integration Center). On-premises installations are not supported.

Analytics on the platform empowers PAM (Privileged Access Management) owners to prevent, detect, and stop breaches by continually monitoring alerts across the organization to identify early signs of threats.

Analytics focus on two key areas:

  • Suspicious behavior

  • Authentication breach

By analyzing the platform audit logs, the Delinea Platform provides predefined security monitoring based on events such as secret usages, login activities, session lunchs and more. These events are used to establish the baseline of each user and identify deviation from regular patterns.

User Risk

The user risk associated with each platform user is a result of our analytics alerts. Our near-real-time risk assessment aggregates the different alerts (aka risk indicators) on each user to a combined risk score, which can be used to control access to the platform and helps to identify risky users.

See Analytics Findings and Risk.

Identifying Alerts

Alerts identify any deviations from expected configuration or a baseline of your Delinea Platform tenant. The mechanism that identifies alerts runs continuously in your environment. Alerts help administrators and other staff members learn to recognize trends and better respond to security threats.

Based on the data available in activities like IP address and user agent, the platform can determine anomalous locations or user agents. By tracking those activities over time and correlating them with user historical data and actions, the platform can determine a baseline of user activity for their common locations, IP addresses, browsers used, and so on.

The data can also be used to identify authentication attack attempts like brute force and MFA bombing. While analytics generate alerts to highlight those findings each time something is detected, the end result is user risk. The risk assessment reflects the sensitivity of the account based on those findings.