Subscribe
  • Home
  • /
  • Computing
  • /
  • CyberArk advances insider threat detection to accelerate incident response

CyberArk advances insider threat detection to accelerate incident response

New CyberArk capabilities detect and alert on high-risk privileged activity during user sessions to help security teams better prioritise threat response.


San Francisco - RSA Conference 2017, 27 Feb 2017

CyberArk (NASDAQ: CYBR), the company that protects organisations from cyber attacks that have made their way inside the network perimeter, today announced advanced insider threat detection capabilities available through the CyberArk Privileged Account Security Solution to automatically detect and alert on high-risk privileged activity during user sessions and enable rapid response to in-progress attacks.

With this release, CyberArk is delivering a new integration that provides deeper insights into privileged activity across an organisation. A new data feed from CyberArk Privileged Session Manager into CyberArk Privileged Threat Analytics, both part of the CyberArk Privileged Account Security Solution, enables security teams to receive customisable, prioritised alerts with granular detail on high-risk privileged activity, watch suspicious sessions in-progress, and terminate potentially malicious sessions to disrupt potential attacks - all from one platform.

By helping to prioritise the review of privileged session logs, CyberArk can also improve efficiency and shorten IT audit cycles to reduce costs.

Analyse high-risk privileged activity to stop insider attacks

An insider who has gained access to privileged credentials can initiate seemingly legitimate privileged user sessions. Without the automated real-time detection and alerting on risky activities within privileged sessions, an inside attacker may operate undetected.

According to the SANS Institute, only 9% ranked their insider threat prevention methods as 'very effective.'1 Most organisations are overwhelmed by alerts, with 93% unable to triage all relevant threats.2

The CyberArk solution improves security teams' ability to respond to external threats and malicious insiders with the flexibility to extend detection beyond initial account logon events. CyberArk allows security operations teams to assign risk levels that are most relevant to their organisation, monitor and analyse actual behaviour during a privileged session, identify activity or commands that may indicate compromise, and prioritise threat response based on alert severity.

Improve productivity, cost savings for audit and compliance

Based on CyberArk's experience working with customers, an average large corporation could have thousands of privileged user sessions running on its IT infrastructure each day. With enormous amounts of security data and privileged session recordings to sift through, it becomes nearly impossible for audit and compliance teams to identify risky or suspicious activity. Furthermore, to meet certain global audit and compliance regulations, dozens of full-time auditors who are focused solely on this task are often required to manually review a certain percentage of all privileged session activity.

CyberArk delivers a new level of automation for compliance and audit teams. The CyberArk solution applies risk scores based on customer-defined policies to live and recorded sessions, empowering auditors to prioritise or deprioritise privileged activity for review. This enables them to work more efficiently, deliver greater value to the business, accelerate audit cycles to reduce total IT audit costs, and create a consistent approach for examining the risks associated with privileged activity.

"By delivering an integrated solution for threat detection based on privileged sessions, we help identify malicious activity hidden in a sea of legitimate data, and enable rapid threat response," said Roy Adar, senior vice-president, product management, CyberArk. "In addition, organisations could potentially save thousands of man hours that would have been spent manually reviewing sessions. These time and cost savings are especially important in context of requirements like those associated with the Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) guidelines and similar global regulations."

Supporting this announcement, cyber security experts from CyberArk Labs and customers' security operations teams identified some examples of commands that are frequently associated with malicious - or accidentally damaging - behaviour. Highly sensitive commands that were frequently cited as being indicative of risk include "mmc.exe, Active Directory Users and Computers" on Windows systems, as well as commands containing the terms "authorized_keys" and "sudoers" on *nix systems.

To learn more, read the CyberArk blog: "Spot Insider Threats: 10 Commands Commonly Used During the Cyber Attack Cycle".

Availability

CyberArk Privileged Session Manager v9.8 and CyberArk Privileged Threat Analytics v3.4 are available now. Contact CyberArk sales to learn more about bundled pricing options.

Additional resources

Video: CyberArk Brief: Detecting & Responding to Insider Threats
eBook: The Danger Within: Unmasking Insider Threats
1 "Insider Threats and the Need for Fast and Directed Response," April 2015
2 "McAfee Labs Threats Report," December 2016

Share

CyberArk

CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world's leading companies - including more than 45% of the Fortune 100 - to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with US headquarters located in Newton, Massachusetts. The company also has offices throughout EMEA and Asia Pacific and Japan. To learn more about CyberArk, visit www.cyberark.com, read the company blog, https://www.cyberark.com/blog/, follow on Twitter @CyberArk or Facebook at https://www.facebook.com/CyberArk.

Editorial contacts