Xpandion creates “behavior-based profiling” for business applications. Sounds impressive, huh? However, do you know what it means, exactly?
Our customers often understand the benefits of our products: how they save time, increase security and lower costs. However when it comes to the hows, they go numb. We’ll hear, “Yes, I’m sure it’s all very interesting, but let’s talk about the benefits now, shall we?” and then they dive right into implementing the ProfileTailor Suite software. Well, I can’t blame them for being focused on their job and their immediate goals, but sometimes I think to myself that if some of our smart listeners would take one minute to understand what we do, they might find solutions to other needs that they might not even be aware of. Often, once customers are using our products to solve a certain issue, say redesigning their SAP authorizations or reviewing their employees’ permissions, they begin to understand the potential of the software and realize that this same approach of business profiling can solve problems that they didn’t know they had, like identifying irregular user activity. So, let’s talk about how the magic is made using Xpandion’s ProfileTailor Suite.
What is “Behavior” in Business Applications?
Behavior, at least in Xpandion’s eyes, is the “intelligent summary” of the business activities a person performs in a given application. Magnify this from a single application to an organization-wide scope of applications, you will find that an employee’s behavior is the “intelligent summary” of his activity in all the business applications. What does “business activity” mean? At Xpandion, we’re not really focused on such issues as which URLs a person is accessing, or even if he’s gambling through his time at work, but more on issues that directly influence the business: Is he transferring money and how much? Does she see other people’s salary and why? In short, the “business profile” of each user is a sum of all their business-related activities, minus accidental mistakes, and plus the implied and normal activities of the position. Of course, business profiles are dynamic and continuously changing, although quite slowly because after the initial learning phase, the changes are relatively small.
Here’s where it gets interesting…
Behavior-Based Profiling From a Security Point of View
Comparing the real-time activity of users with their business profiles can detect potential fraud. For example, the system just discovered that Don in accounting, who is responsible for new G/L accounts, is suddenly transferring money. The software compares this sensitive activity with his business profile and scores up the event as a “red flag” because it’s new to his regular business profile, it’s not being performed during his regular working hours, and it’s also not being performed from his regular computer. The score is high enough to alert the CISO and the security team about irregular activity and point them to the IP address where the activity came from.
Behavior-Based Profiling From an Authorizations Point of View
Having business profiles can assist in creating “job profiles,” meaning, authorization roles and groups that fit for a specific job. The task of gathering all the required authorizations for a job can be really quick if you have all the de-facto business profiles of people that do this same job. How quick? When redesigning their authorizations structure, organizations have told us that they’ve saved about 80% of their total time by using our behavior-based tools.
We can also look at people’s authorization requests and identify if they are “normal” or “suspicious.” By comparing their requests with those of their colleagues and their own business profile, we can identify if the requests have a high risk factor. For example, if an Account Manager asks for permissions in HR, the system with mark this as a high risk request which will also be sent automatically to the CISO or security team for further inspection.
Behavior-Based Profiling From a Licensing Point of View
“Are all of the licenses in the organization being utilized correctly?” This is what a customer asked us back in 2009 once they understood the concept of business-profiling. Since then, we’ve developed a licensing module that can identify the most suitable license type for each person based on their business profile. With a business profile, it’s simple to recognize that a person who updates only his own time sheet doesn’t require a “Professional” license, so you can lower his license type to “Employee.” It is almost impossible to do so if you don’t have business-profiles.
Behavior-Based Profiling Can Cover Lots of Ground
During the years, customers have brought us many ideas of how business profiling can help their companies. Through behavior-based profiling, we assisted a company in determining the appropriate training solutions for their employees, and helped a large hospital establish a rule set for their employees in response to medical regulations. We’ve covered a lot of ground.