UAM captures user actions, including the use of applications, windows opened, system commands executed, checkboxes clicked, text entered/edited, URLs visited and nearly every other on-screen event to protect data by ensuring that employees and contractors are staying within their assigned tasks, and posing no risk to the organization.
[1] The need for UAM rose due to the increase in security incidents that directly or indirectly involve user credentials, exposing company information or sensitive files.
[3] The main populations of users that UAM aims to mitigate risks with are: Contractors are used in organizations to complete information technology operational tasks.
According to the Verizon Data Breach Incident Report, “The first step in protecting your data is in knowing where it is and who has access to it.”[2] In today's IT environment, “there is a lack of oversight and control over how and who among employees has access to confidential, sensitive information.” [5] This apparent gap is one of many factors that have resulted in a major number of security issues for companies.
Using these corresponding logs and images, the visual forensics component of UAM allows for organizations to search for exact user actions in case of a security incident.
In the case of a security threat, i.e. a data breach, Visual forensics are used to show exactly what a user did, and everything leading up to the incident.
User activity alerting serves the purpose of notifying whoever operates the UAM solution to a mishap or misstep concerning company information.
User behavior analytics add an additional layer of protection that will help security professionals keep an eye on the weakest link in the chain.
Some examples of items logged are names of applications run, titles of pages opened, URLs, text (typed, edited, copied/pasted), commands, and scripts.
Unlike normal log or SIEM tools, UAM can help speed up an audit process by building the controls necessary to navigate an increasingly complex regulatory environment.
The ability to replay user actions provides support for determining the impact on regulated information during security incident response.
These agents capture user activity and reports information back to a central console for storage and analysis.