FALCON IDENTITY
PROTECTION
Use case examples for IT, security, the end user
and Identity Access Management (IAM)
IT
Know how many accounts are active or stale,
how many unmanaged endpoints exist in the
domain, and in general gain better
understanding of the domain attack surface
Identify unused servers or most accessed
servers by analyzing authentication footprint
Detect use of weak authentication protocols
such as NTLM V1, unencrypted LDAP and
misconfigurations of the domain
IDENTITY ACCESS MANAGEMENT
(IAM)
Build user behavioral profiles that can help
understand the access patterns for human
and programmatic accounts
Detect anomalous user behavior
Identify users segments such as how many
are human, how many are programmatic, how
many are privileged or have stealthy
privileges, and
Apply a policy to prevent some of the issues
continuously
QUICK TIP
Automate enforcement with
simple policies based on
behavioral and deterministic
attributes
Q U IC K
REFERENCE
END-USER
Take active part of the enterprise security
fabric by being able to approve their own
access and help reduce noise levels
Actively get notified on the endpoint when
action is needed
Empowered to continue with their business,
reducing the friction level that security may
introduce
SECURITY
Analysis of the domain security posture with
dynamic objectives such as prep for pen
testing audit or reduction of attack surface
Active threat hunting interface with quick
access to authorization and authentication
events
Real time automatic detection of deviation
from baseline for authenticated users that
may indicate compromised account activity
or take over
Reduction of noise because users can
approve their access when there are
deviations from normal behavior
Orchestrate detection with SOAR via API