CyberArk has announced new behavioral analytics to block and contain advanced threats targeting credential theft at the endpoint. CyberArk Viewfinity, with enhanced threat protection features, is now available as CyberArk Endpoint Privilege Manager.
CyberArk also released new research from CyberArk Labs today demonstrating security weaknesses in Windows operating systems that allow attackers with local administrator rights to steal and use encrypted service credentials to achieve lateral movement and full domain compromise.
This research supports a recent FBI flash alert that recommends prioritizing credential protection, including implementing least privilege and restricting local accounts, to limit a threat actor’s ability to gain highly privileged account access and move throughout a network.
CyberArk Endpoint Privilege Manager protects against advanced threats that exploit privileged credentials by interlocking three core capabilities: privilege management, application control and new targeted credential theft detection and blocking to stop and contain damaging attacks at the endpoint.
According to testing done by CyberArk Labs on more than 150,000 ransomware samples, the removal of local administrator rights, combined with application control and greylisting, was 100 percent effective in preventing this ransomware from encrypting files. Despite recognition that the removal of local administrator rights on the endpoint is an established best practice, a recent survey highlighted that an alarming 62 percent of organizations have not taken steps to remove them.
“Even if malware disappeared tomorrow, attacks and breaches would still occur. Organizations need to be thinking about long term solutions, not just addressing the latest threat in the headlines,” said Adrian Sanabria, senior security analyst, 451 Research. “With attackers getting better and better at evading short-term prevention methods, organizations must also focus efforts on reducing endpoint attack surface and hardening, including defending admin privileges against malicious abuse.”
Reducing the Attack Surface with Privilege Security on the Endpoint
CyberArk Endpoint Privilege Manager now helps organizations detect and block credential theft attempts by malicious users and applications including Windows credentials, remote access application credentials and those credentials stored by popular web browsers such as corporate network and cloud applications. CyberArk is also able to block hash harvesting at the endpoint to prevent Pass-the-Hash, an attack leveraging stolen credentials.
New targeted behavioral analytics are based on cyber threat detection technology acquired from Cybertinel last year, combined with continuous research from CyberArk Labs focused on identifying common privileged account-based attack patterns and malware behavior to further reduce the risk of emerging threats.
CyberArk Endpoint Privilege Manager, previously CyberArk Viewfinity, will be available in Q4 2016 via direct sale or through CyberArk’s network of global channel partners. The product is available as a single agent and part of the CyberArk Privileged Account Security Solution. CyberArk Endpoint Privilege Manager is available as a SaaS or on-premises solution.