Privileged accounts are coveted by cyber-attackers as hijacked privileged credentials can enable an attacker to hide in plain sight. CyberArk Privileged Threat Analytics 2.0 analyses privileged account activity data, including pulling feeds from security information and event management (SIEM) systems. New self-learning, behaviour-based algorithms enable customers to detect attacks faster by pinpointing malicious privileged account activity previously hidden in the sheer volume of information collected by big data analytics solutions.
“While big data threat analytics provide a wealth of information, knowing which dataset is important requires specialised skills most organisations don’t have,” said Roy Adar, VP, product management, CyberArk. “CyberArk Privileged Threat Analytics 2.0 cuts through the clutter to quickly identify in-progress attacks and enables organisations to shut down the most dominant avenue for moving laterally within a company’s infrastructure.”
"Privileged account security needs to be at the top of the agenda for organisations to defend against the rise in advanced attacks," said Pete Lindstrom, Research Director, IDC. "With the ability to understand and react to real-time activity that solutions like CyberArk Privileged Threat Analytics deliver, organisations have an opportunity to identify these high-risk incursions and address them before they lead to weeks or months of leaks and losses."
Out-of-the-box integration of data feeds from leading SIEM solutions such as HP ArcSight ESM and Splunk Enterprise provides context to the information collected by CyberArk Privileged Threat Analytics. For example, if an administrator tries to access a server, firewall or other endpoint directly without going through the policy-mandated workflow, CyberArk Privileged Threat Analytics can identify and alert on this, whereas SIEM would not catch this as a threat.
New forensics capabilities deliver more visibility and insight into privileged account behaviours. With the ability to view user profiles and system access, organisations can now query on anomalies, view baseline behaviour models, and benchmark for risk levels across the entire privileged account ecosystem within their organisation. Users can drill down into individual privileged account anomalies and behaviour profiles specifically, delivering immediately actionable intelligence that allows incident response teams to immediately respond to an in-progress attack.
Key benefits include:
· Ability to stop an ongoing attack, ensuring a less costly and time-consuming remediation process by identifying unusual privileged account access.
· Cuts through the clutter created through traditional big data analytics, increasing an organisation’s ability to identify malicious activity related to privileged accounts.
· Detects anomalies in the behaviour patterns of individual privileged users and systems in real-time, such as a user who suddenly accesses credentials at an unusual time of day or from an unusual location, demonstrates excessive usage, and other abnormal trends.
· Builds learned system and user behaviour into risk assessments over time to increase efficiency and build targeted analytics.
· Speeds deployment through out-of-the-box data feed integrations with HP ArcSight ESM and Splunk Enterprise.
· Provides full behavioural analytics function as a standalone product or as part of the Privileged Account Security Solution.
View a video introduction to CyberArk Privileged Threat Analytics here.
Out-of-the-box integration of data feeds from leading SIEM solutions such as HP ArcSight ESM and Splunk Enterprise provides context to the information collected by CyberArk Privileged Threat Analytics. For example, if an administrator tries to access a server, firewall or other endpoint directly without going through the policy-mandated workflow, CyberArk Privileged Threat Analytics can identify and alert on this, whereas SIEM would not catch this as a threat.
New forensics capabilities deliver more visibility and insight into privileged account behaviours. With the ability to view user profiles and system access, organisations can now query on anomalies, view baseline behaviour models, and benchmark for risk levels across the entire privileged account ecosystem within their organisation. Users can drill down into individual privileged account anomalies and behaviour profiles specifically, delivering immediately actionable intelligence that allows incident response teams to immediately respond to an in-progress attack.
Key benefits include:
· Ability to stop an ongoing attack, ensuring a less costly and time-consuming remediation process by identifying unusual privileged account access.
· Cuts through the clutter created through traditional big data analytics, increasing an organisation’s ability to identify malicious activity related to privileged accounts.
· Detects anomalies in the behaviour patterns of individual privileged users and systems in real-time, such as a user who suddenly accesses credentials at an unusual time of day or from an unusual location, demonstrates excessive usage, and other abnormal trends.
· Builds learned system and user behaviour into risk assessments over time to increase efficiency and build targeted analytics.
· Speeds deployment through out-of-the-box data feed integrations with HP ArcSight ESM and Splunk Enterprise.
· Provides full behavioural analytics function as a standalone product or as part of the Privileged Account Security Solution.
View a video introduction to CyberArk Privileged Threat Analytics here.
No comments:
Post a Comment