New CyberArk Capabilities Detect and Alert on High-Risk Privileged
Activity During User Sessions to Help Security Teams Better Prioritize
Threat Response
SAN FRANCISCO--(BUSINESS WIRE)--Feb. 14, 2017--
RSA CONFERENCE 2017– Booth #N3209 – CyberArk
(NASDAQ: CYBR),
the company that protects organizations from cyber
attacks that have made their way inside the network perimeter, today
announced advanced insider
threat detection capabilities available through the CyberArk
Privileged Account Security Solution to automatically detect and alert
on high-risk privileged
activity during user sessions and enable rapid response to
in-progress attacks.
With this release, CyberArk is delivering a new integration that
provides deeper insights into privileged activity across an
organization. A new data feed from CyberArk
Privileged Session Manager into CyberArk
Privileged Threat Analytics, both part of the CyberArk
Privileged Account Security Solution, enables security teams to
receive customizable, prioritized alerts with granular detail on
high-risk privileged activity, watch suspicious sessions in-progress,
and terminate potentially malicious sessions to disrupt potential
attacks – all from one platform. By helping to prioritize the review of
privileged session logs, CyberArk can also improve efficiency and
shorten IT audit cycles to reduce costs.
Analyze High-Risk Privileged Activity to Stop Insider Attacks
An
insider who has gained access to privileged
credentials can initiate seemingly legitimate privileged user
sessions. Without the automated real-time detection and alerting on
risky activities within privileged sessions, an inside attacker may
operate undetected.
According to the SANS Institute, only nine percent ranked their insider
threat prevention methods as ‘very effective.’1 Most
organizations are overwhelmed by alerts, with 93 percent unable to
triage all relevant threats.2
The CyberArk solution improves security teams’ ability to respond to
external threats and malicious
insiders with the flexibility to extend detection beyond initial
account logon events. CyberArk allows security operations teams to
assign risk levels that are most relevant to their organization, monitor
and analyze actual behavior during a privileged
session, identify activity or commands that may indicate compromise,
and prioritize threat response based on alert severity.
Improve Productivity and Cost Savings for Audit and Compliance
Based
on CyberArk’s experience working with customers, an average large
corporation could have thousands of privileged user sessions running on
its IT infrastructure each day. With enormous amounts of security data
and privileged
session recordings to sift through, it becomes nearly impossible for audit
and compliance teams to identify risky or suspicious activity.
Furthermore, to meet certain global audit and compliance regulations,
dozens of full time auditors who are focused solely on this task are
often required to manually review a certain percentage of all privileged
session activity.
CyberArk delivers a new level of automation for compliance and audit
teams. The CyberArk solution applies risk scores based on
customer-defined policies to live and recorded sessions, empowering
auditors to prioritize or deprioritize privileged activity for review.
This enables them to work more efficiently, deliver greater value to the
business, accelerate audit cycles to reduce total IT audit costs, and
create a consistent approach for examining the risks associated with
privileged activity.
“By delivering an integrated solution for threat detection based on
privileged sessions, we help identify malicious activity hidden in a sea
of legitimate data, and enable rapid threat response,” said Roy Adar,
senior vice president, product management, CyberArk. “In addition,
organizations could potentially save thousands of man hours that would
have been spent manually reviewing sessions. These time and cost savings
are especially important in context of requirements like those
associated with the Monetary Authority of Singapore (MAS) Technology
Risk Management (TRM) guidelines and similar global regulations.”
Supporting this announcement, cyber security experts from CyberArk Labs
and customers’ security operations teams identified some examples of
commands that are frequently associated with malicious – or accidentally
damaging – behavior. Highly sensitive commands that were frequently
cited as being indicative of risk include “mmc.exe, Active Directory
Users and Computers” on Windows systems, as well as commands containing
the terms “authorized_keys” and “sudoers” on *nix systems.
To learn more, read the CyberArk blog: “Spot
Insider Threats: 10 Commands Commonly Used During the Cyber Attack Cycle.”
Availability
CyberArk Privileged Session Manager v9.8 and
CyberArk Privileged Threat Analytics v3.4 are available now. Contact CyberArk
sales to learn more about bundled pricing options.
Additional Resources
1- "Insider
Threats and the Need for Fast and Directed Response," April 2015
2-
"McAfee
Labs Threats Report," December 2016
About CyberArk
CyberArk is
the only security company focused on eliminating the most advanced cyber
threats; those that use insider privileges to attack the heart of the
enterprise. Dedicated to stopping attacks before they stop business,
CyberArk proactively secures against cyber threats before attacks can
escalate and do irreparable damage. The company is trusted by the
world’s leading companies – including more than 45 percent of the
Fortune 100 – to protect their highest value information assets,
infrastructure and applications. A global company, CyberArk is
headquartered in Petach Tikvah, Israel, with U.S. headquarters located
in Newton, Mass. The company also has offices throughout EMEA and Asia
Pacific and Japan. To learn more about CyberArk, visit www.cyberark.com,
read the company blog, http://www.cyberark.com/blog/,
follow on Twitter @CyberArk or
Facebook at https://www.facebook.com/CyberArk.
Forward-Looking Statements
This release may contain
forward-looking statements, which express the current beliefs and
expectations of CyberArk’s (the “Company”) management. In some cases,
forward-looking statements may be identified by terminology such as
“believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,”
“should,” “plan,” “expect,” “predict,” “potential” or the negative of
these terms or other similar expressions. Such statements involve a
number of known and unknown risks and uncertainties that could cause the
Company’s future results, performance or achievements to differ
significantly from the results, performance or achievements expressed or
implied by such forward-looking statements. Important factors that could
cause or contribute to such differences include risks relating to:
changes in the rapidly evolving cyber threat landscape; failure to
effectively manage growth; near-term declines in the Company’s operating
and net profit margins and its revenue growth rate; real or perceived
shortcomings, defects or vulnerabilities in the Company’s solutions or
internal network system, or the failure of the Company’s customers or
channel partners to correctly implement the Company’s solutions;
fluctuations in quarterly results of operations; the inability to
acquire new customers or sell additional products and services to
existing customers; competition from IT security vendors; the Company’s
ability to successfully integrate recent and or future acquisitions; and
other factors discussed under the heading “Risk Factors” in the
Company’s most recent annual report on Form 20-F filed with the
Securities and Exchange Commission. Forward-looking statements in this
release are made pursuant to the safe harbor provisions contained in the
Private Securities Litigation Reform Act of 1995. These forward-looking
statements are made only as of the date hereof, and the Company
undertakes no obligation to update or revise the forward-looking
statements, whether as a result of new information, future events or
otherwise.
Copyright © 2017 CyberArk Software. All Rights Reserved. All
other brand names, product names, or trademarks belong to their
respective holders.
View source version on businesswire.com: http://www.businesswire.com/news/home/20170214005208/en/
Source: CyberArk
Media Relations Contacts:
fama PR
Brian Merrill,
+1-617-986-5005
cyberark@famapr.com
or
CyberArk
Liz
Campbell, +1-617-558-2191
press@cyberark.com
or
Investor
Relations Contact:
CyberArk
Erica Smith, +1-617-630-6426
ir@cyberark.com