tenfold Pairs IGA with IDTR through New Auditing & Log Analysis Feature
Attackers no longer break in, they log in. With identity at the frontline of their digital defenses, organizations must bridge the gap between their governance and monitoring efforts to enable effective incident response. To help unify these disciplines, tenfold is expanding its IGA toolset with a new auditing feature that records, stores and filters IT events – allowing organizations to spot suspicious activity on their network and stop attackers in their tracks.
IGA + ITDR: The Perfect Pairing for Strong Identity Security
Identity Threat Detection & Response (ITDR) describes an emerging discipline of cybersecurity that focuses on monitoring user actions and IT events in order to help organizations identify malicious activity. ITDR offers an additional layer of security on top of Identity Governance & Administration (IGA).
IGA keeps user access aligned with job functions through automated on- and offboarding, approval workflows and access reviews, which reduces the risk of privilege abuse by insider threats or compromised accounts.
ITDR monitors network activity to detect privilege abuse or attempts at privilege escalation, for example by creating new accounts, adding users to privileged groups or changing passwords to lock out administrators.
When IGA and ITDR work hand in hand, they provide the foundation for a strong Identity Security strategy. Your governance platform allows you to minimize risk by reducing your attack surface and enforcing Least Privilege Access. Meanwhile, threat detection allows you to prevent unauthorized access by responding quickly to suspicious behavior and locking out attackers.
Event Monitoring and Log Analysis in tenfold
With its new auditing feature, tenfold now allows organizations to keep track of critical events in their environment. Event data is stored in the tenfold database and preprocessed for easier analysis. Events consisting of multiple steps are consolidated into a single entry. User, object and session IDs are broken down to show you who is behind a change. Powerful filters allow you to narrow your search to specific users, systems or time intervals.
The auditing dashboard offers much needed visibility into IT events and allows organizations to make sense of the large amounts of event data their IT systems produce day in and day out. From group policy to logon events, critical changes are now easy to identify – helping you spot the early warning signs of an ongoing attack and act before it is too late.
Our Auditing feature is currently available in a preview stage and limited to Windows events. Additional features such as support for Microsoft 365 events and automated alerting based on customizable thresholds will be added in upcoming releases.