Detect and Disrupt In-progress Attacks
Organizations need to approach security with this thought in mind: Attackers will get inside. And once they do, attackers operate undetected for months by impersonating authorized users. This inside access enables them to do irreparable harm resulting in damaged reputations, financial losses and stolen intellectual property. With targeted analytics, organizations can detect attackers sooner – even when they look like authorized users – enabling security teams to respond immediately and contain in-progress attacks.
CyberArk Privileged Threat Analytics, part of the CyberArk Privileged Account Security Solution, is a security intelligence system that allows organizations to detect, alert, and respond to cyber attacks targeting privileged accounts. The solution is designed to identify an attack in real-time and automatically respond to stop an attacker from continuing to advance the attack. At the core of the solution, the analytics engine runs a sophisticated combination of proprietary algorithms – including both deterministic and behavior-based – on users, entities, and network traffic to detect indications of compromise early in the attack lifecycle. By identifying attackers early, security teams have more of the critical time they need to be able to stop an attack before it stops business.
- Built-in proprietary algorithms conduct Privileged User, Entity and Network Behavior Analytics to detect previously unidentifiable indications of an attack such as suspected credential theft, lateral movement, and privilege escalation.
- Self-learning analytics engine adjusts over time to account for authorized behavioral pattern changes.
- Kerberos attack detection enables organizations to detect and respond to potentially catastrophic attacks that exploit vulnerabilities in the Windows authentication protocol.
- Threat scores are assigned to each individual incident to help prioritize incidents that pose the greatest risk.
- Targeted, actionable alerts include detailed incident information to enable incident response teams to respond immediately to detected suspicious activity.
- Automatic response to detected threats streamlines incident response by enabling security teams to immediately invalidate a suspected stolen privileged credential without requiring human intervention.
- Detailed dashboards provide a visual representation of incidents and threat levels, enabling incident response teams to quickly review historical incidents and take immediate action if necessary.
- Two-way integration with SIEM solutions enables security teams to leverage existing SIEM deployments to aggregate data for targeted analytics and to send alerts for prioritization of incidents that involve privileged accounts.
- Integration with Privileged Session Manager enables security teams to detect – in real time – when high risk activity is occurring during a privileged session and to terminate suspicious live sessions.
- Dramatically shorten an attacker’s window of opportunity and reduce damage by focusing threat detection on privileged account activity and critical attack vectors.
- Rapidly detect attacks with analytics based on built-in algorithms written by and continuously updated by experts in privileged account security.
- Adapt threat detection to a changing risk environment with machine learning algorithms that continuously adjust the baseline behavior profiles as the authorized behavior changes over time.
- Automatically respond to a suspected stolen privileged credential to stop an attacker from continuing to use a compromised credential.
- Accelerate remediation with immediate access to detailed information about detected incidents.
- Receive quick time-to-value by leveraging existing network tap aggregators and end point connectors from SIEM solutions for seamless data collection using existing infrastructure.
- Quickly assess baseline profiles and alerts in convenient, easy-to-read graphs and tables.