Use Case
Perform thorough yet fast investigations for abnormal behavior
The Problem
IT and security teams are often tasked with investigating abnormal document access behavior or suspicious activities, such as an employee sharing a bunch of documents with his personal account or with an external domain, or a third-party vendor getting access to company confidential information which is not related to the project.
In most of these cases the investigating team lacks the required tools to do a complete and quick analysis, to uncover the intent, to analyze the issue scope, and to identify the responsible party. Instead investigating teams spend weeks and even months with no results while the probability of a bad event increases.
The Solution
To solve this problem, a tool is needed that can enable you to deep dive into specific documents, accounts or domains, and accurately investigate the abnormal behavior.
The tool should provide the ability to dissect the data based on customized filters to uncover details such as what documents were involved, which individuals took actions, and what actions were taken by the responsible individual(s) (e.g shared critical documents with external domains).
Additionally, you need the ability to tag accounts/domains as suspicious and automatically track and control access activities for those accounts/domains. Finally, the tool should enable you to assign reviews to end-users (such as a department manager) or flag another department (such as HR), to take additional action and avoid any adverse impacts.