Identity Reconciliation
Identity reconciliation is an operational challenge dealing with discovering existing accounts, the account aliases, and the account privileges. While a given application might be able to find details for a given user precisely, the SOC team might need to know to what extent a given user has access within the entire company across all registered applications. Such insight helps mainly to check security hygiene, or worse, to investigate an unfortunate data breach event. Such data reconciliation has other merits: normalizing the event data and enriching it with user information independent of their account alias present in a particular event and further performing peer group analysis across the team, geo-location, or department.
Data Source
Okta
Oracle Identity
Office 365
Salesforce
Databases
Input Data
Account lists
Login/logout data
Solution Deliverables
Identity matching (deterministic and fuzzy match)
Consolidated view, by:
User across multiple systems
Application
Department
Criticality
Behavioral analytics
Baseline by user, department, organization
Detect anomalies
Forecast
Geospatial analysis
Peer group analysis
Rare access patterns
High privilege accesses