Attackers exploit unprotected privileged accounts to move across the network
Identification of malicious privileged behaviour data speeds up detection and remediation
NETWORK security specialist CyberArk said it has integrated CyberArk Privileged Threat Analytics with McAfee Enterprise Security Manager (ESM).
The integrated solution empowers customers to pinpoint and immediately act against privileged-based threats in their security information and event management (SIEM) data, CyberArk said in a statement.
Privileged accounts, which consist of IT administrative credentials, default and hardcoded passwords, application backdoors and more, are targeted in nearly every significant cyber-attack, the company said.
External attackers and malicious insiders exploit unprotected privileged accounts to move laterally and anonymously across the network, to access critical systems and ‘exfiltrate’ data, the company added.
CyberArk Privileged Threat Analytics 2.0 collects and analyses privileged account activity data to provide organisations with visibility into potentially malicious behaviour.
McAfee Enterprise Security Manager collects, correlates, and analyses intelligence and event data in real time and orchestrates adaptive protection to disrupt the attack chain and prevent data loss.
Leveraging the McAfee data exchange layer (DXL), CyberArk’s full integration with McAfee Enterprise Security Manager will provide customers with more context to the information CyberArk Privileged Threat Analytics collects, while increasing the real-time visibility and the precision of actions that can be driven by the McAfee SIEM, CyberArk said.
“Securing privileged accounts plays a critical role in protecting against advanced threats,” said Roy Adar, vice president of product management at CyberArk.
“Attackers exploit these powerful accounts to conduct network reconnaissance against security infrastructure and execute their attacks, often without detection.
“The integration of CyberArk Privileged Threat Analytics with McAfee Enterprise Security Manager will help incident responders cut through the clutter of big data security analytics to pinpoint and enable action on previously undetected malicious privileged behaviour and disrupt in-progress attacks,” he added.
CyberArk Privileged Threat Analytics reports on malicious privileged behaviour in real time over the McAfee DXL messaging bus, making it available to all McAfee products.
McAfee Enterprise Security Manager reads the CyberArk Privileged Threat Analytics event data, and issues alerts, response and remediation activity in real time to threat response teams, and enables watch lists that can monitor and mine event data to detect related future and historical events.
“Abuse of privileged credentials is a common thread between recent headline grabbing security breaches,” said Ed Barry, vice president of Global Technology Alliances at McAfee, part of Intel Security.
“Timing is everything when dealing with advanced threats and having visibility into behaviour across the entire range of privileged account use greatly improves detection and remediation efforts.
“The integration with CyberArk’s product offering will enable our customers’ threat response teams to focus on privileged activity, detect suspicious events earlier in an attack chain, and have peace of mind that all endpoints and users are secure,” he added.
Privileged accounts and insider threats
McAfee says new security solution delivers ‘unprecedented situational awareness’
CyberArk unveils Master Policy, new approach to privileged account security
HP gets serious about security, controversial Autonomy deal bearing fruit
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.