Freely subscribe to our NEWSLETTER

Privileged accounts, which consist of IT administrative credentials, default and hardcoded passwords, application backdoors and more, are targeted in nearly every significant cyber attack. External attackers and malicious insiders exploit unprotected privileged accounts to move laterally and anonymously across the network, to access critical systems and exfiltrate data.

CyberArk Privileged Threat Analytics 2.0 collects and analyzes privileged account activity data to provide organizations with visibility into potentially malicious behavior. McAfee Enterprise Security Manager collects, correlates, and analyzes intelligence and event data in real time and orchestrates adaptive protection to disrupt the attack chain and prevent data loss. Leveraging the McAfee data exchange layer (DXL), CyberArk’s full integration with McAfee Enterprise Security Manager will provide customers with more context to the information CyberArk Privileged Threat Analytics collects, while increasing the real-time visibility and the precision of actions that can be driven by the McAfee SIEM.

CyberArk Privileged Threat Analytics reports on malicious privileged behavior in real time over the McAfee DXL messaging bus, making it available to all McAfee products. McAfee Enterprise Security Manager reads the CyberArk Privileged Threat Analytics event data, and issues alerts, response and remediation activity in real time to threat response teams, and enables watch lists that can monitor and mine event data to detect related future and historical events.

Prompt action is part of how organizations shift from data historians to real-time incident management. For example, once a privileged user account is determined by CyberArk Privileged Threat Analytics to be associated with suspicious activity, McAfee Enterprise Security Manager can help disable, restrict, suspend, or reset the privileges of that user and the host. McAfee Enterprise Security Manager will also push security event information from critical systems to CyberArk Privileged Threat Analytics. This data will be analyzed and correlated with privileged account information to detect anomalous privileged behavior and user activities. The solutions will alert each other in real time about security events.

"Abuse of privileged credentials is a common thread between recent headline grabbing security breaches," said Ed Barry, vice president, Global Technology Alliances at McAfee, part of Intel Security. "Timing is everything when dealing with advanced threats and having visibility into behavior across the entire range of privileged account use greatly improves detection and remediation efforts. The integration with CyberArk’s product offering will enable our customers’ threat response teams to focus on privileged activity, detect suspicious events earlier in an attack chain, and have peace of mind that all endpoints and users are secure. We are excited to have CyberArk be one of the first Security Innovation Alliance partners to participate in the DXL ecosystem."

The integration uses an innovative real-time messaging bus called the McAfee data exchange layer (DXL). Unlike point-to-point integrations that are expensive to implement and fragile, this new model provides more access to more information more quickly and reduces integration maintenance effort and dependencies. This data sharing and resilience enhances an organization’s overall visibility and ability to adapt as threats change. By becoming "DXL-ready," CyberArk Privileged Threat Analytics will also be able to selectively publish its data to and subscribe to updates from other products from McAfee and Security Innovation Alliance partners, without the cost and overhead of direct integrations. Organizations gain flexibility and simplicity as part of a more resilient security infrastructure.

Key benefits of the CyberArk/McAfee integration include:

· Enables organizations to stop an in-progress attack before serious damage is done by focusing on privileged accounts, enabling a less costly and time-consuming remediation process.

· Detects a range of anomalies in the behavior patterns of individual privileged users in real time, such as a user who suddenly accesses credentials at an unusual time of day.

· Extends effectiveness of McAfee Enterprise Security Manager by enabling incident response teams to identify anomalous privileged account user behavior and prioritize incidents that involve privileged accounts.

· Builds learned user behavior into risk assessments over time to increase efficacy and build targeted analytics.