CyberArk announced at RSA Conference 2017 advanced insider threat detection capabilities available through the CyberArk Privileged Account Security Solution, to automatically detect and alert on high-risk privileged activity during user sessions and enable rapid response to in-progress attacks.
With this release, CyberArk is delivering a new integration that provides deeper insights into privileged activity across an organization. A new data feed from CyberArk Privileged Session Manager into CyberArk Privileged Threat Analytics, both part of the CyberArk Privileged Account Security Solution, enables security teams to receive customizable, prioritized alerts with granular detail on high-risk privileged activity, watch suspicious sessions in-progress, and terminate potentially malicious sessions to disrupt potential attacks – all from one platform.
By helping to prioritize the review of privileged session logs, CyberArk can also improve efficiency and shorten IT audit cycles to reduce costs.
Analyze high-risk privileged activity to stop insider attacks
An insider who has gained access to privileged credentials can initiate seemingly legitimate privileged user sessions. Without the automated real-time detection and alerting on risky activities within privileged sessions, an inside attacker may operate undetected.
The CyberArk solution improves security teams’ ability to respond to external threats and malicious insiders with the flexibility to extend detection beyond initial account logon events. It allows security operations teams to assign risk levels that are most relevant to their organization, monitor and analyze actual behavior during a privileged session, identify activity or commands that may indicate compromise, and prioritize threat response based on alert severity.
Improve productivity and cost savings for audit and compliance
Based on CyberArk’s experience working with customers, an average large corporation could have thousands of privileged user sessions running on its IT infrastructure each day. With enormous amounts of security data and privileged session recordings to sift through, it becomes nearly impossible for audit and compliance teams to identify risky or suspicious activity. Furthermore, to meet certain global audit and compliance regulations, dozens of full time auditors who are focused solely on this task are often required to manually review a certain percentage of all privileged session activity.
CyberArk delivers a new level of automation for compliance and audit teams. The CyberArk solution applies risk scores based on customer-defined policies to live and recorded sessions, empowering auditors to prioritize or deprioritize privileged activity for review. This enables them to work more efficiently, deliver greater value to the business, accelerate audit cycles to reduce total IT audit costs, and create a consistent approach for examining the risks associated with privileged activity.
Supporting this announcement, cyber security experts from CyberArk Labs and customers’ security operations teams identified some examples of commands that are frequently associated with malicious – or accidentally damaging – behavior.