In the case of a suspected credential theft security event, the PTA (Privileged Threat Analytics) can perform automatic remediation actions. One common and immediate action to mitigate potential damage is session termination. This action will immediately cut off any ongoing activities that the suspected user might be performing, thereby preventing any further unauthorized access or malicious actions. Password change, password reconciliation, and session suspension, while useful, do not provide the immediate cessation of potentially harmful activity that session termination does.