Gone in 12 Minutes: CyberArk Announces Real-Time Detection and Automatic Containment of Cyber Attacks Targeting Active Directory

New Targeted Analytics and Network Monitoring Improve Effectiveness of Incident Response Teams by Focusing on the Data that Matters to Stop In-Progress Attacks

RSA Conference 2016 (Booth #N4301) – CyberArk (NASDAQ:CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today announced new real-time threat detection and containment capabilities to help organizations secure against cyber attacks targeting Microsoft Active Directory infrastructure. Compromising Active Directory empowers attackers to take control of the business.

The new CyberArk Privileged Threat Analytics v3.0 features targeted analytics and the ability to analyze network traffic to better detect indications of an attack early in the lifecycle, including credential theft, lateral movement and privilege escalation. These features enable incident response teams to visualize the threat and shut down in-progress attacks – including Kerberos authentication attacks like “Golden Ticket,” which can lead to a complete network takeover and massive business disruption. CyberArk Privileged Threat Analytics is integrated within the CyberArk Privileged Account Security Solution to deliver a robust Active Directory security offering.

Active Directory infrastructure includes domain controllers, domain administrator accounts, critical servers and workstations. According to Forrester Research, “Microsoft’s Active Directory has evolved into the most widely used enterprise repository for digital identities. Active Directory’s growing importance also means it’s a tempting target for hackers who attack Active Directory infrastructure to elevate privileges and pilfer data.”1 Based on what CyberArk has seen in the field, it can take an attacker who has hijacked a privileged credential less than 12 minutes from initial infiltration to being able to take over a domain controller, which hosts the services that constitute Active Directory.

“A Kerberos ticket attack has the ability to shut down critical business services. It would ultimately mean the loss of trust in all network-connected digital assets. The only remediation would be to re-build the entire network trust model and associated infrastructure,” said Darren Argyle, group chief information security officer (CISO) managing director, Markit.

Effective Incident Response Goes Beyond Detection

It is no longer enough to simply detect an attack. The CyberArk Privileged Account Security Solution goes beyond threat detection to also deliver proactive protection and containment, which are critical to limiting attacker movement, and decreasing damage from an attack. CyberArk Privileged Threat Analytics improves incident response with two key new features:

  • Kerberos Attack Detection: An additional data feed collects and analyzes network traffic to identify indicators of an in-progress Kerberos attack. The solution now collects a targeted set of data from multiple sources including the CyberArk Digital Vault, SIEM solutions, and network taps/switches. Then, the analytics engine applies a complex combination of new statistical and deterministic algorithms, enabling organizations to analyze the “right” data – that associated with privileged account compromise – in order to detect and alert on the most critical attacks.
  • Automated Threat Containment: After identifying a potential attack, CyberArk Privileged Threat Analytics can help organizations automatically respond and contain the attack. CyberArk offers a single platform for proactive protection and threat detection that enables a suspected stolen credential to be invalidated in order to disrupt an in-progress attack – without disrupting business – and block the attacker from continuing.

There are several ways an attacker can exploit Kerberos authentication. Some of the most common Kerberos attacks include PAC manipulation, Overpass-the-Hash and Golden Ticket. A critical step that enables attackers to execute the most threatening Kerberos attacks is hijacking domain administrator credentials. Proactively protecting administrative credentials and preventing attackers from ever reaching these credentials in the first place is essential to every enterprise security strategy. CyberArk Privileged Threat Analytics enables organizations to identify previously undetectable attacks; limit an attacker’s window of opportunity; improve the efficiency of security teams and receive quick time to value.

“Most enterprises are vulnerable to Kerberos attacks and are at risk of complete network takeover, which can happen at an alarming speed. We have witnessed post-breach forensic research in which attackers took control of the network in just 12 minutes,” said Roy Adar, senior vice president, product management, CyberArk. “Taking over Active Directory and leveraging Kerberos attacks such as Golden Ticket is a critical point in an attack enabling attackers to move laterally and operate undetected within the network for months or even years. Insight into these serious threats – those associated with anomalous privileged account activity – must be a high priority. We are proud to offer our customers access to this Active Directory security solution, featuring CyberArk Privileged Threat Analytics, which delivers significant advancement toward proactive attack prevention, earlier detection and more effective incident response.”

Availability and Supporting Materials
CyberArk Privileged Threat Analytics v3.0 is available now. Customers can purchase the solution directly from CyberArk, as well as through the company’s global network of channel partners. Upgrades to v3.0 are provided to current CyberArk Privileged Threat Analytics customers at no charge.

Supporting Materials:

1 – Forrester Research, “Vendor Landscape: Active Directory Security and Governance Solutions,” January 5, 2016 by Merritt Maxim, Andras Cser

About CyberArk
CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including 45 percent of the Fortune 100 – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout EMEA and Asia Pacific and Japan. To learn more about CyberArk, visit www.cyberark.com, read the company blog, http://www.cyberark.com/blog/, follow on Twitter @CyberArk or Facebook at https://www.facebook.com/CyberArk.

Future Looking Statements
This release may contain forward-looking statements, which express the current beliefs and expectations of CyberArk’s management. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, performance or achievements to differ significantly from the results, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: changes in the new and rapidly evolving cyber threat landscape; failure to effectively manage growth; fluctuations in quarterly results of operations; real or perceived shortcomings, defects or vulnerabilities in the Company’s solution or the failure of the solution to meet customers’ needs; the inability to acquire new customers or sell additional products and services to existing customers; competition from IT security vendors and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.

###