Detect and Disrupt In-progress Attacks

Once inside the network, advanced external or internal attackers can operate undetected for months by impersonating authorized users. This inside access enables them to do irreparable harm resulting in damaged reputations, financial losses and stolen intellectual property.  As a result, monitoring and analyzing privileged activity is a critical component of a comprehensive solution.  Targeted analytics solutions empower organizations to quickly detect damaging threats and disrupt in-progress attacks.

Privileged Threat Analytics, part of the CyberArk Privileged Account Security Solution, is an expert system for privileged account security intelligence, providing targeted, immediately actionable threat alerts by identifying previously undetectable malicious privileged user and account activity. The solution applies patent pending analytic technology to a rich set of privileged user and account behavior collected from multiple sources across the network. CyberArk Privileged Threat Analytics then produces highly accurate and immediately actionable intelligence, allowing incident response teams to respond directly to the attack.

  1. Features
  2. Benefits
  • Patent pending algorithms learn the behavior of the privileged users and accounts. Privileged Threat Analytics compares real-time privileged account activity to historical behavior in order to detect anomalies as they occur.
  • Self-learning analytic engine adjusts over time to account for behavioral pattern changes.
  • Threat scores are assigned to each individual anomaly, incident, or group of events to help prioritize events that pose the greatest risk.
  • Targeted, actionable alerts include detailed event information to enable incident response teams to respond directly to an attack.
  • Email notifications on alerts are sent in real-time for immediate response. Alert intelligence is available via the Privileged Threat Analytics dashboard and can be sent to an existing SIEM solution.
  • Convenient dashboard provides a visual representation of incidents and threat levels enabling incident response teams to quickly review historical events and take immediate action if necessary.
  • Two-way integration with SIEM solutions enables security teams to leverage existing SIEM deployments to aggregate data for targeted analytics and to send alerts for prioritization of events that involve privileged accounts.
  • Detailed forensic capabilities provide unmatched visibility and insight into privileged activity across the entire network.
  • Rapidly detect attacks with analysis based on patented pending algorithms, eliminating the dependence on prior knowledge of attack signatures or sandboxing.
  • Adapt threat detection to a changing environment with self-learning algorithms that continuously adjust the baseline behavior profiles as the environment evolves.
  • Dramatically shorten an attacker’s window of opportunity and reduce damage with accurate and prioritized real-time alerting of in-progress attacks.
  • Accelerate remediation with immediate access to detailed information about the attack.
  • Quickly assess baseline profiles and anomalies in convenient, easy-to-read graphs and tables.
  • Enhance effectiveness of SIEM systems by enabling incident response teams to identify anomalous privileged activities and prioritize incidents that involve critical accounts.
  • Improve auditing processes with forensic capabilities that deliver informative data on privileged user activities.