CyberArk & Proofpoint Integration: Real-Time Response to Suspicious Privileged User Activity

Share and earn Cybytes
Facebook Twitter LinkedIn Email

As attack sophistication and frequency increase, the likelihood of an attacker breaching an organization’s defense has never been higher. Increasingly successful in their attempts, attackers seek privileged accounts to achieve their mission. Privileged accounts proliferate throughout an organization’s IT environment, granting access to highly sensitive resources and paving the path of successful cyber attacks. To prevent a threat from escalating into a full-blown security breach, security teams must prioritize alerts for privileged accounts, quickly investigate these critical threats and take immediate action to stop attackers in their tracks.

By integrating the CyberArk Privileged Account Security Solution with Proofpoint Threat Response, security analysts can rapidly disrupt critical, in-progress attacks involving privileged accounts. Here is a high-level overview of how our technology integration empowers organizations to focus their efforts and resources on the highest priority targets to identify the most significant risks.

Overcoming Alert Fatigue

Today’s security professionals are overwhelmed with alerts that require manual analysis (and ultimately, time) to validate and prioritize. This time presents an opportunity for attackers to exploit a system and gain privileged access—all before a complete investigation can be conducted.

Once a privileged account, such as domain or database administrator, is captured, an attacker can move laterally at-will, disabling security controls to avoid detection and persist long term. In fact, valid privileged access is one of the most effective tools an attacker can add to his/her arsenal. To mount an effective defense, security programs must be bolstered with automation capabilities to increase incident response efficiencies and decrease response time. This provides the visibility, context and response that matters most to an organization.

The Need for an Integrated Solution

Security teams seek solutions that provide context and enriched insight, as well as the tools needed to investigate, contain and remediate incidents. Multiple joint customers of CyberArk and Proofpoint requested we combine the incident response and automation of Proofpoint Threat Response together with the Privileged Account Security of CyberArk—and we listened. The way our integrated solution works is both simple and effective.

Real-Time Response to Suspicious Privileged User Activity

Proofpoint Threat Response is an incident response automation platform that provides analysts with alert enrichment, forensic collection and comparison as well as the ability to contain users, hosts and malicious emails—automatically or at the push of a button—without complex playbooks or custom scripts. In this joint solution with CyberArk, Proofpoint Threat Response receives an alert about malicious activity, from a correlated search in Splunk, for example, then automatically enriches the alert data with critical intelligence-driven context. Threat Response then validates the user account by email address or associated IP address, providing the full user identity and attributes such as department, job title or network access and takes action by synchronizing with relevant security groups in Active Directory.

The CyberArk Privileged Account Security Solution provides privileged credential protection, session security, least privilege and application control and continuous monitoring to rapidly detect threats and report on privileged account activity. In this integration, CyberArk automatically retrieves the user group affiliation from Active Directory and provides controls to access privileged accounts according to an organization’s policy. CyberArk also provides security teams the ability to provision custom access policies for restricted users. For example, blocking a user from accessing specific databases containing sensitive cardholder data, while access to less sensitive databases are still valid.

The CyberArk solution can implement an organization’s policies that restrict a user’s access to critical assets only through CyberArk Privileged Session Manager, while blocking all other access options. The CyberArk Privileged Session Manager is a secure proxy server that separates endpoints from target systems and isolates privileged sessions to help prevent the exploitation of the critical system. This level of granularity provides an appropriate level of protection without significantly impacting operations or preventing employees from being productive.

Today’s security teams must do more with less and gain maximum benefit from the tools they already have. The partnership between CyberArk and Proofpoint provides joint customers with a combined best-in-class privileged account security solution and incident response automation and orchestration platform, stopping attackers before they stop business. The best part is this integrated solution is available to joint customers today—at no additional cost.

To learn more, watch our recent webcast/demo: “Proofpoint & CyberArk: Detect, Prioritize and Block Attacks from Escalating on Privileged User Machines.”

Editor’s Note: Tim Sullivan is a Threat Response Solutions Engineer at Proofpoint.

The post CyberArk & Proofpoint Integration: Real-Time Response to Suspicious Privileged User Activity appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.
Promoted Content
Advanced cyber attacks involve compromised privileged accounts. Cyber attackers target them because they represent the keys to the IT kingdom. Effective enterprise security includes proactively protecting privileged accounts. Industry experts have identified practices that increase an organization’s vulnerability to a cyber attack. How many of these are common at your organization?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?