New Delhi, India, September 11, 2014: CyberArk, the company securing the heart of the enterprise, has announced CyberArk Privileged Threat Analytics 2.0, an expert system for privileged account security intelligence. The expanded analytics includes new self-learning, behaviour-based algorithms, enabling customers to detect attacks faster by pinpointing malicious privileged account activity previously hidden in the sheer volume of information collected by big data analytics solutions.
Organisations face sophisticated and determined attackers seeking to infiltrate networks. Research shows that most companies believe cyber-attackers are currently on their network, or have been in the past year. Once inside the perimeter, hijacked privileged credentials enable an attacker to hide in plain sight, which is why these accounts are the most sought after target in every advanced attack. CyberArk Privileged Threat Analytics 2.0 collects and analyses privileged account activity data, including pulling feeds from security information and event management (SIEM) systems to identify the most serious of risks.
“Privileged account security needs to be at the top of the agenda for organisations to defend against the rise in advanced attacks,” said Pete Lindstrom, research director, IDC. “With the ability to understand and react to real-time activity that solutions like CyberArk Privileged Threat Analytics deliver, organisations have an opportunity to identify these high-risk incursions and address them before they lead to weeks or months of leaks and losses.”
“While big data threat analytics provide a wealth of information, knowing which data-set is important requires specialised skills most organisations don’t have,” said Roy Adar, vice president, product management, CyberArk. “CyberArk Privileged Threat Analytics 2.0 cuts through the clutter to quickly identify in-progress attacks and enables organisations to shut down the most dominant avenue for moving laterally within a company’s infrastructure.”
Out-of-the-box integration of data feeds from leading SIEM solutions such as HP ArcSight ESM and Splunk Enterprise provides context to the information CyberArk Privileged Threat Analytics collects. This enables customers to pinpoint privileged-based threats amongst the wealth of data their SIEM collects. For example, if an administrator tries to access a server, firewall or other endpoint directly without going through the policy-mandated workflow, CyberArk Privileged Threat Analytics can identify and alert on this, where the SIEM would not catch this as a threat.
New forensics capabilities deliver more visibility and insight into privileged account behaviours. With the ability to view user profiles and system access, organisations can now query on anomalies, view baseline behaviour models, and benchmark for risk levels across the entire privileged account ecosystem within their organisation. Users can drill down into individual privileged account anomalies and behaviour profiles specifically, delivering immediately actionable intelligence that allows incident response teams to immediately respond to an in-progress attack.
Key benefits include:
· Enables organisations to stop an in-progress attack, ensuring a less costly and time-consuming remediation process by identifying unusual privileged account access.
· Cuts through the clutter created through traditional big data analytics, increasing an organisation’s ability to identify malicious activity related to privileged accounts.
· Detects anomalies in the behaviour patterns of individual privileged users and systems in real-time, such as a user who suddenly accesses credentials at an unusual time of day or from an unusual location, demonstrates excessive usage, and other abnormal trends.
· Builds learned system and user behaviour into risk assessments over time to increase efficiency and build targeted analytics.
· Speeds deployment through out-of-the-box data feed integrations with HP ArcSight ESM and Splunk Enterprise.
· Provides full behavioural analytics function as a standalone product or as part of the Privileged Account Security Solution.