Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.

Do You Understand the Meaning of Behavior-Based Profiling?

Posted by in Xpandion
  • Font size: Larger Smaller
  • Hits: 7448
  • Print

Xpandion creates “behavior-based profiling” for business applications. Sounds impressive, huh? However, do you know what it means, exactly?

b2ap3 thumbnail Xpandion-Behavior-Based-Profile 20130910-143853 1


Our customers often understand the benefits of our products: how they save time, increase security and lower costs. However when it comes to the hows, they go numb. We’ll hear, “Yes, I’m sure it’s all very interesting, but let’s talk about the benefits now, shall we?” and then they dive right into implementing the ProfileTailor Suite software. Well, I can’t blame them for being focused on their job and their immediate goals, but sometimes I think to myself that if some of our smart listeners would take one minute to understand what we do, they might find solutions to other needs that they might not even be aware of. Often, once customers are using our products to solve a certain issue, say redesigning their SAP authorizations or reviewing their employees’ permissions, they begin to understand the potential of the software and realize that this same approach of business profiling can solve problems that they didn’t know they had, like identifying irregular user activity. So, let’s talk about how the magic is made using Xpandion’s ProfileTailor Suite.

What is “Behavior” in Business Applications?

Behavior, at least in Xpandion’s eyes, is the “intelligent summary” of the business activities a person performs in a given application. Magnify this from a single application to an organization-wide scope of applications, you will find that an employee’s behavior is the “intelligent summary” of his activity in all the business applications. What does “business activity” mean? At Xpandion, we’re not really focused on such issues as which URLs a person is accessing, or even if he’s gambling through his time at work, but more on issues that directly influence the business: Is he transferring money and how much? Does she see other people’s salary and why? In short, the “business profile” of each user is a sum of all their business-related activities, minus accidental mistakes, and plus the implied and normal activities of the position. Of course, business profiles are dynamic and continuously changing, although quite slowly because after the initial learning phase, the changes are relatively small.

Here’s where it gets interesting…

Behavior-Based Profiling From a Security Point of View

Comparing the real-time activity of users with their business profiles can detect potential fraud. For example, the system just discovered that Don in accounting, who is responsible for new G/L accounts, is suddenly transferring money. The software compares this sensitive activity with his business profile and scores up the event as a “red flag” because it’s new to his regular business profile, it’s not being performed during his regular working hours, and it’s also not being performed from his regular computer. The score is high enough to alert the CISO and the security team about irregular activity and point them to the IP address where the activity came from.

Behavior-Based Profiling From an Authorizations Point of View

Having business profiles can assist in creating “job profiles,” meaning, authorization roles and groups that fit for a specific job. The task of gathering all the required authorizations for a job can be really quick if you have all the de-facto business profiles of people that do this same job. How quick? When redesigning their authorizations structure, organizations have told us that they’ve saved about 80% of their total time by using our behavior-based tools.

We can also look at people’s authorization requests and identify if they are “normal” or “suspicious.” By comparing their requests with those of their colleagues and their own business profile, we can identify if the requests have a high risk factor. For example, if an Account Manager asks for permissions in HR, the system with mark this as a high risk request which will also be sent automatically to the CISO or security team for further inspection.

Behavior-Based Profiling From a Licensing Point of View

“Are all of the licenses in the organization being utilized correctly?” This is what a customer asked us back in 2009 once they understood the concept of business-profiling. Since then, we’ve developed a licensing module that can identify the most suitable license type for each person based on their business profile. With a business profile, it’s simple to recognize that a person who updates only his own time sheet doesn’t require a “Professional” license, so you can lower his license type to “Employee.” It is almost impossible to do so if you don’t have business-profiles.

Behavior-Based Profiling Can Cover Lots of Ground

During the years, customers have brought us many ideas of how business profiling can help their companies. Through behavior-based profiling, we assisted a company in determining the appropriate training solutions for their employees, and helped a large hospital establish a rule set for their employees in response to medical regulations. We’ve covered a lot of ground. If you think we can help with your requirements, just ask

Yoav Michaeli joined Xpandion in 2008 as a team leader, and in 2010 Mr. Michaeli began managing the entire Research & Development group of the company. Prior to joining Xpandion, Mr. Michaeli served in an elite technological unit of the Israeli Defense Forces as a team leader for various key military projects. Among other achievements, he was instrumental in pioneering the use of advanced .NET technologies for large scale distributed systems. Mr. Michaeli is an expert in programming, agile development, application security and specialized programming techniques.


  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest 21/07/2017


in XpandionPosted by Dror Aviv

If It Ain’t Broke, Don’t Fix It

I, for one, feel confident when implementing new software on a client’s server or on our secured cloud; nonetheless I can’t necessarily say the same about the customer... Sometimes I feel that customers are a bit nervous when I’m around, especially when I ask questions about their SAP authoriza...
in XpandionPosted by Dror Aviv

Does Your Software Suit You?

When you go to a tailor to purchase a suit, do you prefer a suit that fits you 100%, in size and taste? Or would you rather get a semi-fitted suit, which is not quite your size (baggy…) and only close to the color you wanted? I’m pretty sure the unanimous answer is a 100% tailored suit – nothing les...
in XpandionPosted by Moshe Panzer

Xpandion and the Cloud: Compliance in Loosely-Connected Environments

For the last couple of years, the cloud has proven to be both an obstacle and an opportunity for enterprises. Even the largest Fortune 500 Companies who like to have their data on their own servers can't ignore the cloud anymore and are forced to create a policy for using it. Even if they aren't m...
in XpandionPosted by Yoav Michaeli

Optimize Licensing Costs. Increase Security

These are amongst some of the most worrying words that enterprises and managers can hear.  And, yet, they are a part of day to day terminology- whether whispered behind  soundproof board room doors, discussed openly by upper management or colleagues addressing them casually over the wate...
in XpandionPosted by Yoav Michaeli

Office Space- A funny movie about hackers or a real life security threat?

Though most SAP programmers are reliable, serious professionals, there are a few who are intent on harming their organizations – and because of these few, we are rightfully afraid of the power of SAP Programmers. They almost always have a significant number of authorizations in the production system...



157 Yigal Alon Street,

Tel Aviv 67443, Israel


US Office


3310 W Braker Lane Suite 300-253

Austin, TX 78758, USA


India Office


C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India