CyberArk released the
industry's first privilege-based deception capabilities designed to defend
against credential theft on workstations and servers.
Local
administrator rights are often left on endpoints, making them attractive
targets for attackers who can use these credentials to elevate privileges and
launch into other parts of the network. An enhancement to CyberArk Endpoint
Privilege Manager,
the new deception feature enables defenders to quickly detect and proactively
shut down in-progress attacks. CyberArk helps break the attack chain at the
initial point of entry by providing a deliberate and controlled way to track
and mislead potential attackers, mitigate the exploitation of privileged
credentials, and reduce dwell time.
New
research from
CyberArk Labs
examines characteristics and patterns of emerging credential stealing malware
families, like Raccoon, which can give attackers the ability to steal secrets
from more than 60 different application types. CyberArk Labs examined the operational
methods of successful credential stealers, as well as their operation methods
and found that attackers utilize this malware to harvest credentials on the
endpoint to enable the escalation of privileges and lateral movement.
"Privileged credentials on the endpoint
remain a gold mine for attackers," said Doron Naim, cyber research manager,
CyberArk Labs. "Credential stealing malware is readily available and easy to
deploy - and more importantly, is extremely successful. Deception techniques
are becoming increasingly popular and effective at helping to understand the
movement and mindset of an attacker while also providing the power to
immediately and proactively shut down attack progression."
Part
of the CyberArk Privileged Access Security Solution, Endpoint Privilege Manager
is a SaaS-based solution that allows organizations to reduce the risk of
unmanaged administrative access on Windows and Mac endpoints. Additional
capabilities include:
- Just-in-Time Elevation and Access: Just-in-time
capabilities enable
organizations to mitigate risk and reduce operational friction by allowing
admin-level access on-demand for a specific period of time with a full
audit log and the ability to revoke access as necessary.
- Enforcement of Least Privilege: Implementing least privilege strategies, organizations
reduce the attack surface by eliminating unnecessary local administrator
privileges and allowing only enough access to perform the required job, no
more no less.
- Credential Theft Blocking: Advanced protection against credential theft enables
an organization to detect and block attempted theft of endpoint credentials
and those stored by the operating system, IT applications, remote access
applications and popular web browsers.
Initial deception capabilities focused on IT
admin credential theft are available now in CyberArk Endpoint Privilege Manager
with additional lures, including browser credentials, coming soon. To learn
more, visit:
https://www.cyberark.com/epm.