US 9,813,422 B2
Detecting unauthorized risky or inefficient usage of privileged credentials through analysis of task completion timing
Matthew T. Peterson, Lindon, UT (US); Daniel F. Peterson, Pleasant Grove, UT (US); and Jordan S. Jones, Spanish Fork, UT (US)
Assigned to Quest Software Inc., Aliso Viejo, CA (US)
Filed by Dell Software, Inc., Round Rock, TX (US)
Filed on Apr. 30, 2015, as Appl. No. 14/700,502.
Prior Publication US 2016/0323288 A1, Nov. 3, 2016
Int. Cl. G06F 7/04 (2006.01); G06F 15/16 (2006.01); G06F 17/30 (2006.01); H04L 29/06 (2006.01)
CPC H04L 63/102 (2013.01) [H04L 63/0281 (2013.01); H04L 63/1441 (2013.01)] 20 Claims
OG exemplary drawing
1. A method, implemented by a privileged account management system that comprises at least one processor and memory, for detecting unauthorized, risky, or inefficient usage of admin credentials, the method comprising:
maintaining, by the privileged account management system, a database that defines, for each of a plurality of reason codes, a normal amount of time for performing a task associated with the reason code;
receiving, from a first administrator using a client device, a request for admin credentials to be used to access a first server, the request including a first reason code that identifies a first task that the first administrator intends to perform on the first server;
in response to the request, checking out the admin credentials to the first administrator to enable the first administrator to access the first server;
accessing the database to identify a first normal amount of time that is defined for the first reason code;
tracking an elapsed time over which the admin credentials are checked out to the first administrator;
comparing the elapsed time to the first normal amount of time; and
when the elapsed time exceeds the first normal amount of time by a defined threshold, taking an action to mitigate harm to the server.