Earlier this year SecureAuth released a Splunk dashboard that allows Splunk users to get fantastic visualization of their authentication data. (Download free Splunk) Recently when visiting with one of the nation’s most respected children’s hospitals we talked with Mike Brunell on the IT Security team about how they are using the SecureAuth Splunk dashboard to gain actionable data about their environment. He was able to share illustrations that show the two products in action.
This first illustration (Fig. 1) is the dashboard overview that shows what applications are being logged into most frequently, what time of day login volumes are the greatest, and the geography that the users are logging in from. This gives the hospital great top level insight into their SecureAuth environment. If their staff decides to investigate a specific user, it’s as simple as typing a username into Splunk’s search window and getting immediate visibility into all the login events for that particular user.
The second illustration (Fig. 2) shows the multi-factor methods being utilized within their organization. From this, the hospital is able to have great insights into not only what multi-factor methods users are choosing but also how often SecureAuth’s device fingerprinting (DFP) is allowing users a disruption free log-in process. Organizations can also utilize data like this to determine where they may need to perform greater user education on the authentication methods available to them.
This next illustration (Fig. 3) shows the performance of the SecureAuth application within the hospital’s environment. Security personnel are able to use this view to get a quick glimpse at the responsiveness of the SecureAuth application to ensure their users are receiving the performance needed.
There are multiple different views that allow administrators to investigate login failures and determine what looks like suspicious behavior. This allows administrators to adjust their adaptive analysis rules to block more cyber attackers from even hitting the login page. The page (Fig. 4) below shows failed login attempts for the hospital in a geographical view. Failed logins can also be viewed by threat type.
Utilizing a SIEM such as Splunk in combination with SecureAuth provides organizations with actionable data to improve not only their authentication security but also their users’ experience.
SecureAuth is committed to improving identity security while minimizing disruptions to the end-user and providing convenient access to organizational resources. Dashboard visualizations and SIEM integration are simply a few ways we are securing the new identity perimeter. We offer cloud-based or on-premises solutions that combine adaptive authentication, multi-factor authentication, single-sign-on, and user self-service tools. Learn more about our other Healthcare customers or see the many other industries that have also chosen to trust SecureAuth.
Request a demo and see how SecureAuth prevents the misuse of stolen credentials