DXL is a real-time messaging exchange. Unlike point-to-point integrations that are expensive to implement and fragile, this new model provides more access to more information more quickly and reduces integration maintenance effort and dependencies. This data sharing and resilience enhances an organisation’s overall visibility and ability to adapt as threats change.
By becoming “DXL-ready,” CyberArk Privileged Threat Analytics will also be able to selectively publish its data to and subscribe to updates from other products from McAfee and Security Innovation Alliance partners, without the cost and overhead of direct integrations. Organisations gain flexibility and simplicity as part of a more resilient security infrastructure.
“Securing privileged accounts plays a critical role in protecting against advanced threats. Attackers exploit these powerful accounts to conduct network reconnaissance against security infrastructure and execute their attacks, often without detection,” said Roy Adar, VP, product management, CyberArk. “The integration of CyberArk Privileged Threat Analytics with McAfee Enterprise Security Manager will help incident responders cut through the clutter of big data security analytics to pinpoint and enable action on previously undetected malicious privileged behaviour and disrupt in-progress attacks.”
“Abuse of privileged credentials is a common thread between recent headline grabbing security breaches,” added Ed Barry, VP, Global Technology Alliances at McAfee, part of Intel Security. “Timing is everything when dealing with advanced threats and having visibility into behaviour across the entire range of privileged account use greatly improves detection and remediation efforts. The integration with CyberArk’s product offering will enable our customers’ threat response teams to focus on privileged activity, detect suspicious events earlier in an attack chain, and have peace of mind that all endpoints and users are secure.”
The integrated solution empowers customers to pinpoint and immediately act against privileged-based threats in their security information and event management (SIEM) data. CyberArk Privileged Threat Analytics 2.0 collects and analyses privileged account activity data to provide organisations with visibility into potentially malicious behaviour. McAfee Enterprise Security Manager collects, correlates, and analyses intelligence and event data in real time and orchestrates adaptive protection to disrupt the attack chain and prevent data loss. Leveraging the McAfee DXL, CyberArk’s integration with McAfee Enterprise Security Manager will provide customers with more context to the information that CyberArk Privileged Threat Analytics collects, while increasing the real-time visibility and the precision of actions that can be driven by the McAfee SIEM. For example, once a privileged user account is determined by CyberArk Privileged Threat Analytics to be associated with suspicious activity, McAfee Enterprise Security Manager can help disable, restrict, suspend, or reset the privileges of that user and the host. McAfee Enterprise Security Manager will also push security event information from critical systems to CyberArk Privileged Threat Analytics. This data will be analysed and correlated with privileged account information to detect anomalous privileged behaviour and user activities. The solutions will alert each other in real time about security events.
Key benefits of the CyberArk/McAfee integration include:
· Enables organisations to stop an in-progress attack before serious damage is done by focusing on privileged accounts, enabling a less costly and time-consuming remediation process.
· Detects a range of anomalies in the behaviour patterns of individual privileged users in real time, such as a user who suddenly accesses credentials at an unusual time of day.
· Extends effectiveness of McAfee Enterprise Security Manager by enabling incident response teams to identify anomalous privileged account user behaviour and prioritise incidents that involve privileged accounts.
· Builds learned user behaviour into risk assessments over time to increase efficacy and build targeted analytics.
View the associated video here.
Key benefits of the CyberArk/McAfee integration include:
· Enables organisations to stop an in-progress attack before serious damage is done by focusing on privileged accounts, enabling a less costly and time-consuming remediation process.
· Detects a range of anomalies in the behaviour patterns of individual privileged users in real time, such as a user who suddenly accesses credentials at an unusual time of day.
· Extends effectiveness of McAfee Enterprise Security Manager by enabling incident response teams to identify anomalous privileged account user behaviour and prioritise incidents that involve privileged accounts.
· Builds learned user behaviour into risk assessments over time to increase efficacy and build targeted analytics.
View the associated video here.
No comments:
Post a Comment