Privileged threat analytics

First-in-kind solution helps businesses stop advanced, external and insider cyber attacks before they stop business.

  • Tuesday, 19th November 2013 Posted 11 years ago in by Phil Alsop

CyberArk has announced the availability of Privileged Threat Analytics, the industry’s first analytics solution to detect malicious privileged account behaviour and disrupt in-progress attacks before damage is done to a business.

Privileged accounts have been identified as the primary target in internal and advanced external attacks. According to security consultancy firm Mandiant, "APT intruders prefer to leverage privileged accounts where possible, such as domain administrators, service accounts with domain privileges, local administrator accounts, and privileged user accounts." CyberArk Privileged Threat Analytics provides targeted and immediately actionable threat analytics on these critical attack vectors by identifying previously undetectable malicious privileged user behaviour, which enables the incident response team to respond and disrupt in-progress attacks. CyberArk Privileged Threat Analytics is the industry’s only targeted privileged threat analytics solution.

“Privileged accounts are the most powerful accounts in any organisation because of the broad access they can provide. For us, managing and controlling this access is critical to securing the enterprise, and in achieving and maintaining compliance with numerous regulations,” said Erica Beall, IT security systems analyst at The Williams Companies. “Real-time analytics and alerts on privileged user activity will provide management with impactful information to maximise our security posture.”

Key benefits of CyberArk Privileged Threat Analytics include:

• Identifies in-progress external attacks and malicious behaviour of authorised insiders

• Detects a range of anomalies in the behaviour patterns of individual privileged users in real-time, such as a user who suddenly accesses credentials at an unusual time of day. This is a strong indicator of malicious activity or severe policy violations such as password sharing

• Improves effectiveness of SIEM systems and incident response teams by reducing false positives

• Stops an in-progress attack earlier in the kill chain, ensuring a less costly and time consuming remediation process

• Continuously learns user behaviour and adjusts risk assessments based on the authorised privileged user activity patterns

“Privileged user behaviour profiling can be a critical weapon in combating both external and internal threats by discovering abnormal behaviour early,” said Charles Kolodgy, research vice president for IDC's Security Products service. “The key to CyberArk's inventive solution is to analyse the right data – that being the activities of privileged user accounts – providing high value, actionable intelligence on a critical attack vector.”

The new security battleground - inside the network

As the secure perimeter has dissolved, the new battleground for information security is inside the network. CyberArk Privileged Threat Analytics is the latest innovation in CyberArk’s market leading privileged account security solution that secures an organisation’s most critical assets and data. By applying patented analytic technology to a rich set of privileged account behaviour data from its privileged account security solution, along with contextual information from system resources, CyberArk Privileged Threat Analytics provides targeted, high value and actionable intelligence to security teams.

“Organisations must assume attackers have already penetrated the perimeter and once inside, will almost always attempt to take control of privileged accounts to advance their attack,” said Roy Adar, vice president of product management, CyberArk. “Customers are asking for controls on privileged accounts, coupled with the ability to detect suspicious activity to protect their organisations from evolving threats.”

CyberArk Privileged Threat Analytics will be generally available in December 2013.