Powering Up Threat Detection with Privileged Threat Analytics
September 9, 2014 | Security and Risk | John Worrall
By John Worrall
One of the most common and disturbing aspects of the data breaches and cyber-attacks we see on a weekly basis is that attackers typically are on the target company’s network for weeks, months and even years at a time without being detected. According to Mandiant, the median length of time that attackers are on an organization’s network before being detected is approximately 240 days.
Analytics were supposed to be one of the cures for this problem, however, security teams are being overwhelmed by big data, compromising a team’s ability to respond to alerts.
This is why CyberArk today unveiled Privileged Threat Analytics 2.0 – designed to help businesses cut through the clutter to rapidly identify and respond to in-progress attacks. CyberArk does this by focusing on the data sets that matter most when it comes to identifying potential threats: privileged account activity.
As we’ve discussed in the past, the exploitation of privileged accounts is a critical component of all advanced attacks, primarily because of the power it yields to an attacker. Once an attacker makes it inside the perimeter, hijacked privileged credentials enable the attacker to hide in plain sight and move freely on the network, basically turning a company’s infrastructure against itself.
CyberArk Privileged Threat Analytics collects and analyzes privileged account activity, empowering businesses to immediately detect malicious privileged behavior and help shut down the most common avenue for attackers to move laterally on a company’s network.
Key to the new version are two-way, out-of-the-box integrations with leading SIEM vendors like HP ArcSight and Splunk Enterprise. We pull contextual data from what SIEM solutions collect to layer on top of the information our solutions monitors, to enable customers to pinpoint privileged-based threats that can be hidden in the vast troves of information collected by the SIEM systems.
Time and again, it’s been demonstrated that privileged accounts are the key to mitigating advanced attacks. Whether it’s the recent spate of retail/PoS attacks, the continued attacks on critical infrastructure, or attacks on financial and healthcare organizations through default passwords, the common denominator is that the exploitation of privileged accounts is at the heart of every cyber incident.
If attackers are relying on your privileged accounts to perpetrate their attacks, shouldn’t the activity on these accounts be the first thing you monitor? Don’t just rely on data – rely on the data that matters.
For more information, please visit https://www.cyberark.com/products/privileged-account-security-solution/privileged-threat-analytics/.
To view a video introduction to CyberArk Privileged Threat Analytics, please visit: http://youtu.be/SCZYHMrLw6U.