CyberArk Privileged Threat Analytics. Solution Brief

Similar documents
Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Next Generation Jump Servers for Industrial Control Systems

Securing Remote Vendor Access with Privileged Account Security

The CyberArk Privileged Account Security Solution. A complete solution to protect, monitor, detect and respond to privileged accounts

Pass-the-Hash. Solution Brief

The CyberArk Privileged Account Security Solution. A complete solution to protect, monitor, detect, alert and respond to privileged accounts

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Continuous Network Monitoring

Stay ahead of insiderthreats with predictive,intelligent security

Privilege Gone Wild: The State of Privileged Account Management in 2015

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Privilege Gone Wild: The State of Privileged Account Management in 2015

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

SANS Top 20 Critical Controls for Effective Cyber Defense

Analyzing HTTP/HTTPS Traffic Logs

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Attack Intelligence: Why It Matters

How To Manage Security On A Networked Computer System

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Compliance Guide: ASD ISM OVERVIEW

Privileged Session Management Suite: Solution Overview

integrating cutting-edge security technologies the case for SIEM & PAM

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

Advanced Threats: The New World Order

High End Information Security Services

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

The Cloud App Visibility Blindspot

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Learn From the Experts: CyberArk Privileged Account Security. Łukasz Kajdan, Sales Manager Baltic Region Veracomp SA

The Sophos Security Heartbeat:

Media Shuttle s Defense-in- Depth Security Strategy

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

The Hillstone and Trend Micro Joint Solution

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

How To Manage A Privileged Account Management

IBM Security QRadar Risk Manager

Caretower s SIEM Managed Security Services

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

Strengthen security with intelligent identity and access management

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

End-user Security Analytics Strengthens Protection with ArcSight

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

The Benefits of an Integrated Approach to Security in the Cloud

Advanced Threat Protection with Dell SecureWorks Security Services

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

IBM QRadar Security Intelligence April 2013

How To Buy Nitro Security

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Breach Found. Did It Hurt?

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Defending Against Cyber Attacks with SessionLevel Network Security

Developing Secure Software in the Age of Advanced Persistent Threats

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

A Case for Managed Security

24/7 Visibility into Advanced Malware on Networks and Endpoints

Securing and protecting the organization s most sensitive data

Security Analytics The Beginning of the End(Point)

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Stop advanced targeted attacks, identify high risk users and control Insider Threats

2012 North American Managed Security Service Providers Growth Leadership Award

Advanced Persistent Threats

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

BeyondInsight Version 5.6 New and Updated Features

PCI Compliance for Cloud Applications

IBM Security QRadar Risk Manager

With Great Power comes Great Responsibility: Managing Privileged Users

Endpoint Threat Detection without the Pain

AMPLIFYING SECURITY INTELLIGENCE

SECURING SENSITIVE DATA WITHIN AMAZON WEB SERVICES EC2 AND EBS

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Combating a new generation of cybercriminal with in-depth security monitoring

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

2012 North American Content Security Product Differentiation Excellence Award

IBM Security Intelligence Strategy

TRITON APX. Websense TRITON APX

Windows Least Privilege Management and Beyond

Overcoming Five Critical Cybersecurity Gaps

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Transcription:

CyberArk Privileged Threat Analytics Solution Brief

Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect and Disrupt In-progress Attacks...4 The right data vs. all the data...4 Privileged users vs. privileged accounts...4 Patented analytic algorithms...5 Real-time alerting vs. forensic analysis...5 Integration with SIEM solutions...6 CyberArk Privileged Threat Analytics : Collect. Detect. Alert. Disrupt...6 Benefits of CyberArk Privileged Threat Analytics...7 Conclusion...7 CyberArk Privileged Account Security Solution...8 About CyberArk...8 Cyber-Ark Software Ltd. cyberark.com 2

The New Security Battleground: Inside Your Network The new battleground for information security is inside your network. Perimeter security, such as firewalls and anti-malware, remain a necessary and important component of every security strategy. However, the perpetrators of advanced, targeted threats are aggressively breaking through the perimeter. Patient, cunning and armed with the resources to succeed, they will eventually find their way inside your organization. In addition, a rogue insider with legitimate access may abuse trusted privileges. Whether the threat originates externally or with a malicious insider, attackers will lay in wait as long as necessary to gain access to valuable assets, resulting in damaged reputations, financial losses and stolen intellectual property. How do advanced attackers find their way to the heart of your enterprise? The pathway is the privileged account. According to information security firm Mandiant, advanced persistent threat attackers prefer to leverage privileged accounts where possible, such as domain administrators, service accounts with domain privilege, local administrator accounts, and privileged user accounts. Mandiant found that of 141 companies attacked by Chinese cyber attackers, 90% of breaches involved privileged pathways. 2 243 Median number of days advanced attackers are on the network before being detected 1 1 https://www.mandiant.com/ threat-landscape/# Privileged Account Security To mitigate the risks of a serious breach, enterprises must adopt a security posture that specifically addresses their privileged account exposure. The key to privileged account security is to implement defense in depth: build layers of protection, recognizing that no single measure is enough to keep determined attackers out. Best-practice privileged account security takes the following approach: 1. Discovery Automate discovery of privileged accounts found in every networked device, hypervisor, database, application, server and social media account on-premise, in the hybrid cloud, and in OT/SCADA systems. 2. Proactive Protection Protect against the risks of shared credentials by eliminating shared logins, securing and encrypting privileged passwords, requiring strong authentication to privileged resources, and enforcing least-privilege access. 3. Isolation, Recording and Monitoring Isolate privileged accounts to prevent the spread of malware to sensitive systems. Use session recording to provide an audit trail of all activity for privileged accounts, and implement live monitoring to track the activity that occurs during privileged user sessions. 4. Real-time Analytics Detect in-progress attacks with real-time privileged account intelligence and respond immediately to alerts of suspicious behavior. 2 Mandiant, Exposing One of China s Cyber Espionage Units, February 2013 Cyber-Ark Software Ltd. cyberark.com 3

CyberArk Privileged Threat Analytics: Detect and Disrupt In-progress Attacks CyberArk Privileged Threat Analytics is an expert system for privileged account security intelligence. The solution provides targeted, immediately actionable threat alerts by identifying previously undetectable, malicious privileged user activity. As the industry s only targeted privileged threat analytics solution, CyberArk Privileged Threat Analytics calls attention to the most menacing of threats - those aimed at privileged accounts. By applying patented analytic alogrithms to a rich set of privileged account behavioral data, the solution produces highly accurate and immediately actionable intelligence, allowing incident response teams to disrupt and respond directly to the attack.. Figure 1. The CyberArk Dashboard: Visual representations of incidents make it easy to quickly identify unusual behavior The right data vs. all the data CyberArk Privileged Threat Analytics focuses on the data that counts: privileged account user data. In an enterprise IT organization, countless security events occur daily. These include innumerable false positives, causing organizations to struggle to know how to respond appropriately to the real threat. CyberArk Privileged Threat Analytics focuses on privileged accounts, where the highest risk for extensive damage, and the greatest opportunity to stop in-progress attacks, lies. Privileged users vs. privileged accounts Privileged accounts are typically shared accounts they are not tied to an individual user. This prohibits traditional analytics solutions from attributing activity to a single user. CyberArk Privileged Threat Analytics analyzes account behavior at the individual user level, delivering precise, context-aware, and immediately actionable alerts. The alerts may indicate that an external attacker or a rogue insider a trusted user abusing privilege, has taken over a privileged account. The alert could also indicate that a trusted user has made an unintentional error that could cause harm. Cyber-Ark Software Ltd. cyberark.com 4

Patented analytic algorithms Using proprietary algorithms that learn the behavior of the privileged user, CyberArk Privileged Threat Analytics compares real-time privileged account activity to historical privileged user behavior in order to detect anomalies as they occur. These anomalies are then correlated to immediately determine whether they reveal malicious intent. Are the incidents tied to one user? Do they target the same network asset? What action was taken? A greater correlation between incidents indicates a greater threat. Example: Access at an unusual time of day CyberArk Privileged Threat Analytics can detect a privileged user who accesses a credential at an unusual time of day. By comparing the baseline behavior profile, which determines the regular hours that the user accesses the system, to real-time activity, CyberArk Privileged Threat Analytics will send an alert on any usage that occurs outside of regular hours. The importance of this example was highlighted in the following excerpt from the February 2013, Mandiant APT1 Report. we were able to identify their working hours. Here is the average working hours for a week (the hour on the graph is UTC+1): Generally, the attackers worked between 2AM and 10AM from Monday to Saturday. (Exhibit A) The data indicates that the attacks came from China, which is after hours in Europe and the US. 00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 UTC+1 M T W T F S S Exhibit A Figure 2: CyberArk Privileged Threat Analytics dashboard, illustrating anomalies in time-of-day access. (Data from an actual CyberArk customer) Real-time alerting vs. forensic analysis Traditional forensic analysis on volumes of latent data brings insight into an organization but does not alert in real-time on active threats. CyberArk Privileged Threat Analytics provides alerts in real-time, sending intelligence to the product dashboard or to an existing SIEM and allowing organizations to take immediate action. E-mail notifications provide details of the incident and can be customized according to threat level, empowering security teams to disrupt attacks in progress. Cyber-Ark Software Ltd. cyberark.com 5

Integration with SIEM solutions In addition to a proprietary dashboard built into the system, data and alerts from CyberArk Privileged Threat Analytics can be integrated into an organization s existing SIEM system. This enhances the value of information delivered by the SIEM system, focusing on targeted privileged account risks and fine-grained user behavior. CyberArk Privileged Threat Analytics: Collect. Detect. Alert. Disrupt. 1. Establish profile of privileged user behavior CyberArk Privileged Threat Analytics automatically constructs a behavioral profile and maintains a baseline of every privileged user in the system. As a user s typical behavior changes over time, the baseline profile adjusts to these changes. 2. Identify anomalies Privileged user data is continuously fed into the CyberArk Privileged Threat Analytics Engine in real time. Using sophisticated logic, the system automatically looks for deviations from the baseline user profiles. 3. Correlate incidents and assign threat levels Privileged Threat Analytics assigns scores to each individual anomaly, incident, or group of events, and to the system as a whole. Patented algorithms are used to analyze these anomalies and then correlate them to determine the threat level. 4. Disrupt and stop attacks Alerts based on threat level can be sent immediately via email notifications that include details about the incident, and a link that allows the recipient to drill down and further review it. In addition, all data can be reviewed on the built-in dashboard or fed into an organization s existing SIEM solution. Privileged User Data Systems Data Collect System Administrators 3rd Party Applications Select Social Service Business Networking Providers Users Acct Mgrs Virtual Servers Servers Databases Applications Network & Security Detect Privileged Threat Analytics Engine Alert CyberArk Dashboard SIEM Fig. 2 - CyberArk Privileged Threat Analytics process Cyber-Ark Software Ltd. cyberark.com 6

Benefits of CyberArk Privileged Threat Analytics Detect and disrupt attacks with analysis based on user behavior, eliminating the dependence on prior knowledge of attack signatures or sandboxing Dramatically shorten an attacker s window of opportunity and reduce damage with accurate, real-time alerting of in-progress attacks Quickly assess privileged user activity and anomalies in convenient, easy-to-read graphs and tables Enhance the value of existing SIEM solutions with out-of-the-box integrations. Reduce false positives by focusing on the critical privileged users, not shared accounts Accelerate remediation with immediate access to detailed information about the attack, including specific user, activity and current account state Adapt threat detection to a changing risk environment with self-learning algorithms that continuously adjust the baseline behavior profiles as the accepted behavior changes over time Improve auditing processes with informative data on user patterns and activities. Conclusion Defense-in-depth is an approach that organizations must adopt to combat the increasingly aggressive threat landscape. Though perimeter security will keep out low-level attacks, and next generation firewalls will slow attacks down, determined attackers will get inside the network. Privileged accounts are the most direct pathway to an organization s most valuable assets. Privileged account security intelligence is a key component in defending against advanced attacks by providing targeted, intelligent analytics that empower organizations to disrupt in-progress attacks. Recognizing that attackers are already on the inside, analyzing and alerting on unusual privileged user behavior is a critical component to protect against serious damage. CyberArk Privileged Threat Analytics provides targeted and immediately actionable threat analytics on privileged accounts, the number one critical attack vector, by identifying previously undetectable malicious privileged user behavior. CyberArk Privileged Threat Analytics is an essential part of an organization s overall security strategy that enables the incident response team to respond and disrupt in-progress attacks. Cyber-Ark Software Ltd. cyberark.com 7

CyberArk Privileged Account Security Solution CyberArk is the trusted expert in privileged account security. We have more experience with privileged account security than any other vendor and we put that expertise to work for our customers in a clear and effective approach to managing the risks associated with privileged accounts. In addition to Privileged Threat analytics, CyberArk offers the following products for proactive privileged account security. The products provide the comprehensive protection, monitoring, detection, and reporting that are a mandatory requirement to thwart the malicious insider and advanced attacker. Enterprise Password Vault - Protection, management and audit of privileged credentials Application Identity Manager - Protection, management and audit of embedded application credentials Privileged Session Manager - Isolation and control, session recording and live session monitoring On-Demand Privileges Manager - Least privilege access control for UNIX, Linux and Windows About CyberArk CyberArk is the only security company laser-focused on striking down targeted cyber threats; those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the world s leading companies including 40 of the Fortune 100 to protect their highest-value information assets, infrastructure, and applications. For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArk s security solutions master high-stakes compliance and audit requirements while arming businesses to protect what matters most. With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 1,400 global businesses, including: 40 of the Fortune 100 17 of the world s top 20 banks 8 of the world s top 12 pharmaceutical companies 75 of the leading energy companies Global brands in retail, manufacturing and telecommunications/cloud For additional information, visit www.cyberark.com. Cyber-Ark Software Ltd. cyberark.com 8

All rights reserved. This document contains information and ideas, which are proprietary to Cyber-Ark Software Ltd. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, without the prior written permission of Cyber-Ark Software Ltd. 2000-2013 by Cyber-Ark Software Ltd. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information