Sevco Security Shorts: Users

These last few weeks as you’ve seen, we’ve been releasing a series of videos from Chief Strategy Officer, Brian Contos, highlighting how Sevco’s 4D Asset Intelligence platform works, and how organizations can use it to better understand their IT environment. We call them Sevco Security Shorts. 

Now, we’re posting this transcripts of this series for those that would prefer to read the content.

Hey, everybody. When we talk about an asset intelligence platform, there’s a lot of things that feed into that, and we’ve spent a lot of time so far talking about devices. But today we’re going to talk about users.

So this is the device inventory view that we’ve looked at before. This is a live view, and if you click on any one of these devices, you’ll see all the different sources that are feeding into that. We’ve covered this in quite a bit of detail, but one of the things we didn’t really touch on was the associated user name. We see that there’s this user, Tobin associated here, and we also see associated user names listed here. But if we go back into our live inventory view, we can choose not just devices like we’ve been looking at, but users.

Now, when I click on Users, this is pretty neat. This gives me a very similar listing, but instead of looking at devices, I’m looking at user names. In this case, we’re pulling them from Microsoft Active Directory and Azure. 

So let’s click on Allie, because maybe Allie called the help desk and she says, “The last few days my laptop’s really been acting up. What’s going on?” Well, let’s find out what your laptop is. So we click on Allie’s information, and we find out this is Allie’s name, her contact data, et cetera, that we’ve pulled from different sources, her email, but we also see the device that she has, TLYXN. So let’s click on this device associated with Allie, and again, we’re getting source information from all these disparate sources here from Automox, starting with Microsoft Azure.

Now one of the things that you see right away if we look at associated users is Allie’s there as we expected, but there’s somebody else. There’s another user there, Kale. Well what’s that about? So let’s click on Kale, see what device she’s supposed to be associated with. We see there’s actually 271 devices with that user, and if that’s not an administrator or some type of special account, this is definitely an anomaly.

So by correlating all the disparate information from Okta, Active Directory, Azure, different sources, as well as all the device sources, you get this nice cross-asset correlation of information. You can very quickly highlight, “hey, here’s 271 devices that we might need to take a closer look at because somebody might be trying to maintain persistence, evade detection, install malware, and doing other nefarious things.”

Interested in seeing how Sevco can give you this kind of visibility in your own IT environment? Click here to schedule a personalized 1:1 demo with our team.

 

Share This Post:

LinkedIn