Silverfort Smart Policy
for Service Accounts
The Smart Policy for Service Accounts
What Is a Smart Policy?
With Silverfort's Smart Policy, customers can automatically create policies for groups of service accounts without disrupting critical services. Once a group or an organizational units (OU) of service accounts is added to its scope, the Smart Policy will continuously look for accounts showing consistent activity over time and extend the right security policy to each. As the Smart Policy is dynamic, it will automatically detect new or removed service accounts from the selected groups in your Active Directory.
Smart Policy enables organizations with many service accounts to apply security policies in bulk, instead of performing the time and labor-intensive process of creating policies one-by-one, monitoring for policy deviations, and manually enforcing deny policies. This allows a greater focus on more complex and dynamic service accounts.
How Does the Smart Policy Work?
The Smart Policy runs in cycles, scanning service accounts for baseline changes, deciding on action, and modifying policies. For each service account in the Smart Policy scope:
Silverfort monitors the last time the account's sources, destinations, or protocols changed.
Once the service account reaches a desired period of consistent behavior, a policy can be automatically activated to notify you of any deviation.
If the account behavior remains consistent for a prescribed time, the policy will automatically change to deny any authentication that deviates from the confirmed baseline behavior.
Silverfort Smart Policy
for Service Accounts
What Is a Smart Policy?
With Silverfort's Smart Policy, customers can automatically create policies for groups of service accounts without disrupting critical services. Once a group or an organizational units (OU) of service accounts is added to its scope, the Smart Policy will continuously look for accounts showing consistent activity over time and extend the right security policy to each. As the Smart Policy is dynamic, it will automatically detect new or removed service accounts from the selected groups in your Active Directory.
Smart Policy enables organizations with many service accounts to apply security policies in bulk, instead of performing the time and labor-intensive process of creating policies one-by-one, monitoring for policy deviations, and manually enforcing deny policies. This allows a greater focus on more complex and dynamic service accounts.
How Does the Smart Policy Work?
The Smart Policy runs in cycles, scanning service accounts for baseline changes, deciding on action, and modifying policies. For each service account in the Smart Policy scope:
Silverfort monitors the last time the account's sources, destinations, or protocols changed.
Once the service account reaches a desired period of consistent behavior, a policy can be automatically activated to notify you of any deviation.
If the account behavior remains consistent for a prescribed time, the policy will automatically change to deny any authentication that deviates from the confirmed baseline behavior.