News
BeyondTrust Enriches Its Threat Analytics with New Firewall Connectors
July 2015 by Marc Jacob
BeyondTrust® announced BeyondInsight 5.6 has extended the platform’s ability to provide a holistic view of risk with a new Clarity Threat Analytics connector for analyzing Palo Alto Networks firewall data, backed by the addition of real-time threat alerting capabilities.
The new Palo Alto Networks firewall connector enables BeyondInsight to correlate network traffic data from Palo Alto firewalls with behavioral, environmental and risk data from BeyondTrust vulnerability and privileged account management solutions. Customers can then leverage BeyondInsight’s Clarity Threat Analytics capability to reveal advanced persistent threats (APTs) previously overlooked amidst volumes of diverse data.
BeyondInsight 5.6 also adds real-time alerting capabilities to Clarity. IT and security staff can now be notified at the first sign of an APT or other attack. Alerts are available via email, SNMP and Syslog feeds that can flag events such as:
• First-time application launches in the environment.
• Privileged access requests by applications associated with untrusted users or not digitally signed.
• After-hours system access, first-time after-hours access, or simultaneous access to multiple systems after hours.
• Launches of processes, services and applications associated with malware.
• Unique asset vulnerabilities not present anywhere else in the environment.
In addition, BeyondInsight 5.6 includes new asset discovery and vulnerability assessment capabilities for Amazon AWS small and micro instances. Asset discovery is available to all BeyondInsight customers, and vulnerability assessment is available to customers using BeyondTrust Retina CS in the BeyondInsight platform environment. In 2012, BeyondTrust introduced the first cloud connectors for identifying, classifying and assessing the security of assets in Amazon AWS. This industry-unique technology has yet to be duplicated by any other vendor.
