Administrators can now configure Avanan to automatically disable users that are detected as compromised.
A compromised internal account controlled by an attacker can cause a lot of damage very fast. To protect against this type of threat, we recently released the ability for administrators to manually disable the user directly from the Avanan dashboard.
However, what organizations prefer is to automatically and immediately handle such cases.
Avanan now includes A new workflow that automatically disables users detected as compromised and terminates all their active sessions.
Administrators continue being alerted of compromised being detected and are able to unblock the user and reset its password manually from the Avanan dashboard.
To configure the new workflow, go to Configuration > Security Engines > Anomaly Detection > Configure > Compromised Accounts Workflow and select Alert admin, automatically block user.
Note – this feature is being deployed gradually. You should see it in your portal in the next week.