AI Driven Auditing Demo
Delinea’s AI-Driven Auditing transforms privileged session monitoring by quickly analyzing recorded sessions to detect and highlight anomalous activity significatly reduces the time spent on manual reviews. The summarized activity and alerts, accelerates investigations and proactively mitigates risks before they escalate into serious threats.
See for yourself how the advanced feature works across your environment to streamline the detection of unusual activity enabling a more proactive and efficient approach to security.
Hello, and welcome to this demonstration of some modern identity security capabilities that the Linear has introduced into its platform.
We'll kick things off with a short summary of the challenges that AIDA addresses and how using AIDA can benefit you by reducing the impact of those challenges. Then we'll take a look at AIDA in action through a short demo.
The challenges you see on this slide have been a thorn in the sides of IT, security, operations and audit, risk and compliance teams for decades.
As a number of workloads in your infrastructure grows, especially if you expand to multi-cloud environments, the number of session recordings grows as well.
And humans are the bottleneck.
There's never enough staff to process all this data to efficiently analyze it or recognize all the myriad tactics and techniques that threat actors use to compromise your systems.
Delinea has been working very hard to use AI to solve real problems and provide our customers with material benefit they can measure. AIDA is one of several such capabilities.
OK, let's take a quick look at how Delinea has implemented this new capability. AIDA is a shared service that we've built into the Delinea platform. That means it's power can be leveraged by any and all Delinea offerings that run on the platform. For example, Privilege Control for servers and Secret server. They can both take advantage since they manage and control privileged sessions and both can record session activity.
So here I am, logged into my Delinea tenant. I can access session recordings through the Insights menu. The status column here highlights which recordings have already been analyzed by AIDA, and you can configure AIDA analysis to be automatic or manual.
So let's take a look at a window session followed by a Linux session. Now you can use standard controls to view the session things we're all familiar with, play, pause, rewind, etc. And you can move the playback head to scrub through the recording and jump to specific places.
But therein lies the challenge. Unless you know exactly what you're looking for, this becomes a hunt and Peck process, hoping to stumble on evidence of anomalous behavior. This is where AIDA comes into play.
I'll click the analyze session button. AIDA then begins a two-step process where it begins by transcribing the session, doing optical recognition of what's on the screen, and then, based on thousands of scenarios we've trained it with, the AI will look for anomalous activity.
AIDA has completed its analysis and now in the activity panel you see the results and these results can be searched and they're also indexed to the recording. So clicking on any one of them takes you to that point in time within the recording.
Now if I go to the recording and I hover my mouse over it, you now see a heat map at the bottom inserted by AIDA that highlights different activities that was detected by AIDA such as keystrokes, processes, and of course anomalous activity.
Now that top row of darker blocks represents the anomalies. Clicking on them jumps you straight to that section of the recording, so you can review just that. Now with AIDA, you now have the visual markers that can take you straight to activity that it's found to be suspicious. You no longer need to visually review all the rest of the recording.
That's essentially noise. For a better view, you can of course expand the screen or go to full screen.
So that's the Windows.
Let's see what the Linux experience looks like. We'll start the process once again by clicking the button. AIDA transcribes the recording and then applies its AI to the results. You can filter the list as you see here.
So the experience is the same whether you're analyzing Windows or Linux sessions.
Using AIDA, you isolate indicators of compromise and streamline investigations to more quickly validate, identify root cause, and reduce dwell time if it is an attack in progress.
So that wraps it up for this demo where we've given you a taste of how AI can be used to materially benefit your SEC OPS teams during an investigation and help IT and audit teams when validating and demonstrating compliance. Thanks very much indeed for watching.
