Identity Security Insights
What is Identity Security Insights?
BeyondTrust’s Identity Security Insights (Insights) gives organizations real-time visibility into potential security risks associated with user identities and access permissions. It helps track and monitor accounts, detect abnormal or suspicious activities, and manage risks related to user access and privileges.
How is this integration useful?
The integration of Insights in Entitle provides a unified view of identity data, enabling real-time risk detection and management within Pathfinder.
Prerequisites
- Have an Insights account with admin privileges.
- Have an Entitle user with admin privileges.
- Have Entitle and Insights users both set up on the same site on Pathfinder.
- Make sure Entitle has activated a unique feature flag for your organization.
Definitions of main concepts
Detections
A detection in Insights refers to an identified event or activity that deviates from normal behavior, potentially indicating a security risk related to an identity. Detections are automatically generated through real-time monitoring of user actions and access patterns.
- Each detection has risk (severity) and sensitivity (privilege value), shown by respective indicators. Hovering over the risk indicator displays the risk level, while the sensitivity indicator shows the sensitivity level.
- Some users may have a general sensitivity (privilege value) without detections, meaning sensitive access might not trigger any detections. In such cases, hovering over the sensitivity indicator won’t show any active detections.
- For example, a detection could have a low risk but high sensitivity, or vice versa, depending on the event. However, hovering over the sensitivity indicator will not display a detection if no detections are associated with a user.
- Clicking on a detection will redirect you to Insights, where you can view more detailed information about the specific detection.
Note
See Detections in Insights for further information.
Risk and sensitivity levels
Entitle and Insights have different names for the following concepts:
| Entitle | Insights |
|---|---|
Risk  | Severity |
Sensitivity  | Privilege value |
-
Risk level: This represents the actions that made the detection risky on a scale of 1 to 4:
-
Risky (red) - 3-4.
-
Caution (orange) - 1-2.
-
Both (grey) - shows all users that have either risky/caution risk levels.
Note
A user's risk level is calculated according to the detection with the maximum risk.
-
-
Sensitivity level: This represents the sensitivity of the detection on a scale of 1 to 4.
-
High (red) - 3-4.
-
Medium (orange) - 1-2.
-
Both (grey) - shows all users that have either high/medium sensitivity levels.
Note
A user’s sensitivity level is received through a pre-made calculation by Insights.
-
User nodes
User nodes represent individual user accounts with associated permissions, roles, and access rights, used for managing and securing access to resources. In different screens within Entitle, such as the Permissions or Requests screen, they will appear as a list of users, for example:
Log in to Entitle through Pathfinder
-
Log in to Pathfinder and click the Entitle tile.
-
From the top left of the page, click
> Permissions.The Permissions screen displays
View risk and sensitivity indications in Entitle
Reminder
- Risk and sensitivity indications will be visible in Entitle only if accessed through the BeyondTrust platform, with a user who has admin privileges in both Entitle and Insights.
- Entitle’s regular web app does not support this visibility.
Risk and sensitivity indications appear in Entitle in two main ways:
- As part of the existing user nodes in Entitle.
- As part of the Permissions graph.
View detection details in Insights
-
Hovering over the risk or sensitivity icon will summarize the risk/sensitivity details. In the example below, the cumulative risk level is 1.
-
Clicking on a detection will redirect you to Insights, where you can view more detailed information about the specific detection.
Updated 1 day ago