CyberArk (NASDAQ: CYBR), the global leader in privileged access management, today released the industry’s first privilege-based deception capabilities designed to defend against credential theft on workstations and servers.
Local administrator rights are often left on endpoints, making them attractive targets for attackers who can use these credentials to elevate privileges and launch into other parts of the network. An enhancement to CyberArk Endpoint Privilege Manager, the new deception feature enables defenders to quickly detect and proactively shut down in-progress attacks. CyberArk helps break the attack chain at the initial point of entry by providing a deliberate and controlled way to track and mislead potential attackers, mitigate the exploitation of privileged credentials, and reduce dwell time.
New research from CyberArk Labs examines characteristics and patterns of emerging credential stealing malware families, like Raccoon, which can give attackers the ability to steal secrets from more than 60 different application types. CyberArk Labs examined the operational methods of successful credential stealers, as well as their operation methods and found that attackers utilize this malware to harvest credentials on the endpoint to enable the escalation of privileges and lateral movement.
“Privileged credentials on the endpoint remain a gold mine for attackers,” said Doron Naim, cyber research manager, CyberArk Labs. “Credential stealing malware is readily available and easy to deploy – and more importantly, is extremely successful. Deception techniques are becoming increasingly popular and effective at helping to understand the movement and mindset of an attacker while also providing the power to immediately and proactively shut down attack progression.”
Part of the CyberArk Privileged Access Security Solution, Endpoint Privilege Manager is a SaaS-based solution that allows organizations to reduce the risk of unmanaged administrative access on Windows and Mac endpoints. Additional capabilities include:
Just-in-Time Elevation and Access: Just-in-time capabilities enable organizations to mitigate risk and reduce operational friction by allowing admin-level access on-demand for a specific period of time with a full audit log and the ability to revoke access as necessary.
Enforcement of Least Privilege: Implementing least privilege strategies, organizations reduce the attack surface by eliminating unnecessary local administrator privileges and allowing only enough access to perform the required job, no more no less.
Credential Theft Blocking: Advanced protection against credential theft enables an organization to detect and block attempted theft of endpoint credentials and those stored by the operating system, IT applications, remote access applications and popular web browsers.
Initial deception capabilities focused on IT admin credential theft are available now in CyberArk Endpoint Privilege Manager with additional lures, including browser credentials, coming soon. To learn more, visit: https://www.cyberark.com/epm.
To hear more from CyberArk Labs, attend these sessions at RSA Conference: “5 Ways to Break the Cloud (And How to Mitigate Against Them)” on Tuesday, February 25 at 11:00 AM PT and “Compromising Kubernetes Cluster by Exploiting Weak RBAC Permissions” on Wednesday, February 26 at 8:00 AM PT.
CyberArk (NASDAQ: CYBR) is the global leader in privileged access management, a critical layer of IT security to protect data, infrastructure and assets across cloud and hybrid environments and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including more than 50 percent of the Fortune 500, to protect against external attackers and malicious insiders. A global company, CyberArk is headquartered in Petach Tikva, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan. To learn more about CyberArk, visit www.cyberark.com, read the CyberArk blogs or follow on Twitter via @CyberArk, LinkedIn or Facebook.