Our website uses cookies. To find out more information on the cookies we use, please head to our privacy policy.OK

Privileged User Analytics

As part of the PxM Platform, you can view how your users are behaving. The ability to view user behaviour provides an opportunity to highlight any anomalous activity that could indicate an insider attack and privileged account compromise.

Our real-world analysis has made it clear that SysAdmins do a lot of work outside working hours, especially during incidents, but analysis of privileged user analytics can also help indicate a security breach or insider attack.

Although the start time of connections can be an indicator of malicious behaviour, for instance if someone is logging in outside of work hours, we have found that factors such as which systems are used and the length of time of the connection often have more correlation.

We built our analytics functionality around key factors like:

  • Start time
  • Session length
  • Accounts used
  • Originating IP addresses

All of these data points link back to Osirium’s reporting. Graphs show the trends, but reporting holds the specifics.

Its all about behaviour; these analytics show how individuals are working with the group. Using the PxM Platform’s privileged account analytics, you can see how the server and network team behave. Taking different views lets you see the outlying data points quickly.

Analytics Summary Page

The analytics summary page on the PxM Platform gives you an overview of all the logins or privileged users accounts, along with all the sessions they had with devices. By running the mouse over the sessions, a detail panel will appear giving the system, role and duration of the session.

The session IPS shows you which IP addresses were used to initiate sessions to systems and devices. The information is very much dependent on the DHCP policy and how addresses are reused, but you can generally tell the originating subnets, and where leases are long it can reveal account sharing.


If you’d like to find out more about the PxM Platform and privileged account analytics, check out our Product page, or Contact us.

Related Articles

term->name is Privileged Access Management

What is Privileged Access Management (PAM)?

There are a lot of assumptions about PAM and all the related terms like PPA, PEM, IAM and much more. Here’s a simple guide to the jargon.… Read Post

Fault-Tolerant, Highly-Available Privileged Access Management

Privileged Access Management (PAM) should be a critical part of your security infrastructure. It’s good to know that PXM Platform is always… Read Post