CyberArk Endpoint Privilege Manager enhanced with new deception feature
Today, at RSA Conference 2020 in San Francisco, CyberArk released the industry’s first privilege-based deception capabilities designed to defend against credential theft on workstations and servers.
Local administrator rights are often left on endpoints, making them attractive targets for attackers who can use these credentials to elevate privileges and launch into other parts of the network.
An enhancement to CyberArk Endpoint Privilege Manager, the new deception feature enables defenders to quickly detect and proactively shut down in-progress attacks. CyberArk helps break the attack chain at the initial point of entry by providing a deliberate and controlled way to track and mislead potential attackers, mitigate the exploitation of privileged credentials, and reduce dwell time.
New research from CyberArk Labs examines characteristics and patterns of emerging credential stealing malware families, like Raccoon, which can give attackers the ability to steal secrets from more than 60 different application types. CyberArk Labs examined the operational methods of successful credential stealers, as well as their operation methods and found that attackers utilize this malware to harvest credentials on the endpoint to enable the escalation of privileges and lateral movement.
“Privileged credentials on the endpoint remain a gold mine for attackers,” said Doron Naim, cyber research manager, CyberArk Labs. “Credential stealing malware is readily available and easy to deploy – and more importantly, is extremely successful. Deception techniques are becoming increasingly popular and effective at helping to understand the movement and mindset of an attacker while also providing the power to immediately and proactively shut down attack progression.”
Part of the CyberArk Privileged Access Security Solution, Endpoint Privilege Manager is a SaaS-based solution that allows organizations to reduce the risk of unmanaged administrative access on Windows and Mac endpoints. Additional capabilities include:
Just-in-Time Elevation and Access: Just-in-time capabilities enable organizations to mitigate risk and reduce operational friction by allowing admin-level access on-demand for a specific period of time with a full audit log and the ability to revoke access as necessary.
Enforcement of Least Privilege: Implementing least privilege strategies, organizations reduce the attack surface by eliminating unnecessary local administrator privileges and allowing only enough access to perform the required job, no more no less.
Credential Theft Blocking: Advanced protection against credential theft enables an organization to detect and block attempted theft of endpoint credentials and those stored by the operating system, IT applications, remote access applications and popular web browsers.