CyberArk Privileged Account Security Solution …...CyberArk has partnered with LogRhythm to deliver...

2
CyberArk has partnered with LogRhythm to deliver a real-time privileged activity monitoring solution. By combining the CyberArk Privileged Account Security Solution with LogRhythm’s Security Intelligence Platform, security analysts and audit teams can access the information they need to identify and respond to the most critical incidents—those involving privileged accounts—and meet demanding compliance requirements. Cyber attackers target privileged accounts in order to reach the heart of the enterprise and gain access to sensitive, valuable data. To protect these accounts and the critical resources to which they provide access, organizations require comprehensive controls to effectively monitor, detect, and respond to all privileged account activity in realtime. By integrating CyberArk’s Privileged Account Security Solution with LogRhythm’s Security Intelligence Platform, security teams are able to monitor and protect privileged activity and gain unified, real-time visibility across the organization to identify critical security threats. The solution generates exceptionally detailed forensic evidence, including tracking and reporting on all privileged activity, meeting audit and compliance requirements. Centralized Privileged Account Activity Collection and Incident Response Orchestration The CyberArk Privileged Account Security Solution is an enterprise-class, unified solution that manages and secures all privileged accounts. It secures credentials, including passwords and SSH keys, controls access to these accounts, isolates and records privileged sessions for auditing and forensics analysis. Built on a single platform, the CyberArk Privileged Account Security Solution centralizes all privileged activity and provides a rich and highly focused feed of privileged user activity to LogRhythm’s Security Intelligence Platform. CyberArk enhances LogRhythm’s centralized visibility into privileged account threats by sending all privileged activity as syslog messages to the LogRhythm platform. Integrating the CyberArk Solution enables LogRhythm to continuously monitor and archive all privileged user and account activities. This includes individual user activity when using shared accounts, as well as application log-ins. LogRhythm performs automated analytics leveraging rich CyberArk data—correlating privileged user activity and other collected environmental information to identify the most critical security threats while minimizing false positives. Once an incident is detected and qualified, LogRhythm’s incident response orchestration helps security teams dramatically reduce response times to minimize the risk of experiencing a high-impact cyber breach. LogRhythm also enables powerful pivot, search and drilldown across all forensic data, including privileged user activity within the console. LogRhythm Security Intelligence Platform Figure 1. CyberArk and LogRhythm Security Intelligence Platform joint solution for enterprise-wide privileged activity monitoring and compliance Highlights § Identify high-risk privileged account activity in realtime by corroborating privileged account activity with all other machine data collected across the enterprise § Prioritize alerts for privileged accounts and quickly investigate and respond to critical threats § Drill down into CyberArk to replay privileged user sessions for forensics analysis § Secure, manage, and control privileged accounts across the organization CyberArk Privileged Account Security Solution Integrated with LogRhythm Security Intelligence Platform

Transcript of CyberArk Privileged Account Security Solution …...CyberArk has partnered with LogRhythm to deliver...

Page 1: CyberArk Privileged Account Security Solution …...CyberArk has partnered with LogRhythm to deliver a real-time privileged activity monitoring solution. By combining the CyberArk

CyberArk has partnered with LogRhythm to deliver a real-time privileged activity monitoring solution. By combining the CyberArk Privileged Account Security Solution with LogRhythm’s Security Intelligence Platform, security analysts and audit teams can access the information they need to identify and respond to the most critical incidents—those involving privileged accounts—and meet demanding compliance requirements.

Cyber attackers target privileged accounts in order to reach the heart of the enterprise and gain access to sensitive, valuable data. To protect these accounts and the critical resources to which they provide access, organizations require comprehensive controls to effectively monitor, detect, and respond to all privileged account activity in realtime.

By integrating CyberArk’s Privileged Account Security Solution with LogRhythm’s Security Intelligence Platform, security teams are able to monitor and protect privileged activity and gain unified, real-time visibility across the organization to identify critical security threats. The solution generates exceptionally detailed forensic evidence, including tracking and reporting on all privileged activity, meeting audit and compliance requirements.

Centralized Privileged Account Activity Collection and Incident Response Orchestration The CyberArk Privileged Account Security Solution is an enterprise-class, unified solution that manages and secures all privileged accounts. It secures credentials, including passwords and SSH keys, controls access to these accounts, isolates and records privileged sessions for auditing and forensics analysis. Built on a single platform, the CyberArk Privileged Account Security Solution centralizes all privileged activity and provides a rich and highly focused feed of privileged user activity to LogRhythm’s Security Intelligence Platform.

CyberArk enhances LogRhythm’s centralized visibility into privileged account threats by sending all privileged activity as syslog messages to the LogRhythm platform. Integrating the CyberArk Solution enables LogRhythm to continuously monitor and archive all privileged user and account activities. This includes individual user activity when using shared accounts, as well as application log-ins. LogRhythm performs automated analytics leveraging rich CyberArk data—correlating privileged user activity and other collected environmental information to identify the most critical security threats while minimizing false positives. Once an incident is detected and qualified, LogRhythm’s incident response orchestration helps security teams dramatically reduce response times to minimize the risk of experiencing a high-impact cyber breach. LogRhythm also enables powerful pivot, search and drilldown across all forensic data, including privileged user activity within the console.

LogRhythm SecurityIntelligence Platform

Figure 1. CyberArk and LogRhythm Security Intelligence Platform joint solution for enterprise-wide privileged activity monitoring and compliance

Highlights

§ Identify high-risk privileged account activity in realtime by corroborating privileged account activity with all other machine data collected across the enterprise

§ Prioritize alerts for privileged accounts and quickly investigate and respond to critical threats

§ Drill down into CyberArk to replay privileged user sessions for forensics analysis

§ Secure, manage, and control privileged accounts across the organization

CyberArk Privileged Account Security Solution Integrated with LogRhythm Security Intelligence Platform

Page 2: CyberArk Privileged Account Security Solution …...CyberArk has partnered with LogRhythm to deliver a real-time privileged activity monitoring solution. By combining the CyberArk

©CyberArk Software Ltd. | cyberark.com

CyberArk and the CyberArk logo are registered trademarks of CyberArk Software in the U.S. and other countries. ©Copyright 2016 CyberArk Software. All rights reserved. Published in the U.S., 2.16.

CyberArk believes the information in this document is accurate as of its publication date. The information is provided without any express, statutory, or implied warranties and is subject to change without notice.

.Partner Products: x LogRhythm Security Intelligence

Platform

CyberArk Products: x CyberArk Privileged Account Security

Solution

Real-Time Privileged Activity Monitoring and Compliance

By accessing privileged account activity data from LogRhythm’s unified dashboard, security analysts get a comprehensive, real-time view of the threats facing their environment. Additionally, forensic analysts can drill down into data tied to a specific user or user group, including privileged user sessions. LogRhythm’s out-of-the-box compliance automation modules helps organizations meet stringent requirements around privileged user monitoring, including real-time alerts when privileged user accounts are falling out of compliance and detailed reporting for review by compliance officers.

Capabilities include:

§ Link events that are triggered through the use of privileged accounts with the individuals who initiated them; reveal who had access to which systems and data, when and for what purpose

§ Quickly investigate alerts by replaying exactly what transpired with video playback that reveals the user’s actions and compiles all related forensic evidence to optimize response times

§ Review command-level data that is sent to LogRhythm when anomalous activity is detected (e.g. credit card information is being copied); remotely locate and monitor the session in real-time via CyberArk Privileged Session Manager and terminate the session if required in order to disrupt the potential attack

§ Monitor changes within the CyberArk Vault by sending activity logs to LogRhythm every time a privileged user accesses the vault to make changes (e.g. creates a new administrator account, etc.)

§ Use LogRhythm’s out-of-the-box compliance reports to identify privileged users who access your most sensitive assets, modify configuration settings and run programs on the network

ConclusionThe integration of the CyberArk Privileged Account Security Solution and the LogRhythm Security Intelligence Platform enables organizations to focus their efforts and resources on the highest-priority targets and identify the most significant risks. The joint solution supports a comprehensive approach to unified visibility with centralized policy-based privileged activity management. Once deployed, the solution arms organizations with the information they need to identify and respond to the most critical incidents targeting their organization and meet demanding compliance requirements.

Joint CyberArk-LogRhythm Security Intelligence Platform Solution:

§ Provides enterprise-wide, real-time visibility to identify and investigate critical security threats associated with privileged activity

§ Enables enhanced forensics analysis and evidence collection by drilling down into privileged user sessions to understand the true nature and scope of the event

§ Meets a diverse set of compliance requirements by combining individual accountability with detailed tracking and reporting on privileged activity

§ Improves security with end-to-end privileged activity monitoring combined with end-to-end threat lifecycle management

§ Enables fast and effective incident response using workflows designed to reduce the risk of experiencing a high-impact security incident

About CyberArk CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to protect against cyber threats before attacks can escalate and do irreparable business damage.

About LogRhythm LogRhythm empowers organizations to detect, respond to and neutralize cyber threats early in the threat lifecycle to prevent damaging data breaches and cyber incidents. LogRhythm solutions also deliver rapid compliance automation and assurance, and enhanced IT intelligence.

LogRhythm’s award-winning Security Intelligence Platform integrates next-gen SIEM and log management with network forensics, endpoint monitoring and multidimensional security analytics. Its collaborative incident response orchestration and patented SmartResponse™ automation framework help security teams perform end-to-end threat lifecycle management. LogRhythm’s unified solution powers the next-gen SOC, accelerating the detection and response to emergent threats across the holistic attack surface.