User and Entity Behavior Analytics

The architecture of the Kron PAM UEBA - Threat Analysis Module consists of two key components: the ML-based Threat Analytics and Response Engine, and Kron PAM itself.

Kron PAM serves as the privileged access management product that collects and sends logs to the ML-based Threat Analytics and Response Engine. This engine analyzes user and entity behaviors, utilizing advanced machine learning algorithms to calculate a risk score. The risk score is determined based on session time, commands executed in a session, user and session count, and more.

The incident responder component automatically acts by using the calculated risk score and threshold configurations set within Kron PAM. It can block a user or device or terminate the user's sessions to mitigate potential security threats. This proactive response mechanism helps organizations effectively manage and respond to security incidents in real time.

By combining the power of Kron PAM's privileged access management capabilities with the ML-based Threat Analytics and Response Engine, organizations can strengthen their security posture, identify potential threats, and initiate appropriate actions to safeguard critical assets.