Identity reconciliation is an operational challenge dealing with discovering existing accounts, the account aliases, and the account privileges. While a given application might be able to find details for a given user precisely, the SOC team might need to know to what extent a given user has access within the entire company across all registered applications. Such insight helps mainly to check security hygiene, or worse, to investigate an unfortunate data breach event. Such data reconciliation has other merits: normalizing the event data and enriching it with user information independent of their account alias present in a particular event and further performing peer group analysis across the team, geo-location, or department.
Identity matching (deterministic and fuzzy match)
Consolidated view, by:
User across multiple systems
Baseline by user, department, organization
Peer group analysis
Rare access patterns
High privilege accesses