KuppingerCole Report
Executive View
By Ivan Niccolai

CyberArk Privileged Threat Analytics

CyberArk’s latest major release of Privileged Threat Analytics is a capable and focused solution for the mitigation of threats caused by the abuse or misuse of privileged system accounts and entitlements. With the addition of several key features, Privileged Threat Analytics now provides real-time network threat detection and automated response capabilities.
By Ivan Niccolai

1 Introduction

KuppingerCole analysts have, for some time now, been cognizant of the limitations in the defensive capabilities of Security Information and Event Management (SIEM) solutions. While expectations for SIEM to deliver have been high, research from real world implementations has shown that these solutions are not as effective as had been hoped. This is largely due to the difficulties in calibrating the overwhelming quantity of log and event information collected by SIEM systems in order to separate innocuous events from others that correspond to serious security incidents and merit a rapid response. This difficulty has made SIEM tools more useful for auditing and compliance requirements than as a reliable tool for responding in real time to serious attacks.

In response to these challenges with SIEM an evolution of its defensive benefits was termed Real-Time Security Intelligence (RTSI). RTSI, like SIEM tools, also relies on the collection, aggregation and correlation of activity information from key systems within an organisation. Yet unlike SIEM, which typically relied on manual calibration and classification of anomalous activity, RTSI makes use of the latest advances in analytics from the big data and business intelligence fields and is thereby able to use sophisticated algorithms and shared intelligence to perform continuous self-calibration. Modern RTSI solutions should not only be able to now detect serious threats, but should also be capable of automatic mitigation responses to perceived threats.

While ideally no system within an organisation should be considered exempt from security monitoring and anomalous activity detection, the key importance of protecting privileged system access cannot be overstated. Instead of taking an all-or-nothing approach, risk mitigation should start with those accounts, systems or entitlements that have the potential to cause the greatest detrimental impact to an organisation should they be compromised. In most cases these high-risk privileges, which grant unfettered access to information systems are known as administrator or root access credentials. It is here that risk mitigation should begin.

Far from being a niche market anymore, Privilege Management (PxM) is more and more becoming a mandatory component of any enterprise security infrastructure. Many vendors now offer integrated solutions for automated discovery of privileged accounts, storing and managing privileged account credentials in a secured vault, and monitoring of privileged access to servers, databases and network devices. Some vendors go further and implement real-time analytics to detect and/or prevent malicious activities. For a detailed overview of the leading PxM vendors, please refer to the KuppingerCole Leadership Compass on Privilege Management[^#](Leadership Compass: Privilege Management (#70,100)) .

CyberArk has been a leading vendor in the PxM market for some time now, and has grown steadily since its founding in 1999 by focusing specifically in the monitoring and control of privileged access. It has released a major update to its threat analytics solution that specifically focuses not only on detection by analysing abnormal and potentially malicious use of privileged accounts, but now offers real-time, automated remediation response capabilities. CyberArk Privileged Threat Analytics provides a complete view of and analytics on privileged credential and account use, covering devices within as well as outside of the company’s Privileged Account Security Solution management.

When anomalous activity is detected, the solution generates immediately actionable threat alerts and can trigger an automated response. The product integrates with leading Security Information and Event Management (SIEM) solutions and can operate independently, as part of the larger CyberArk solution. This integration allows customers to extend their SIEM investment by feeding it logs and evidence of the detected threat and the response taken by Privileged Threat Analytics, allowing SIEM to act as a monitoring, detection and compliance tool across an entire enterprise’s infrastructure, while Privileged Threat Analytics performs its key task of detecting, alerting, and responding to malicious privileged access.

CyberArk Privileged Threat Analytics delivers advanced analytics, based on patent-pending behavioural and deterministic algorithms, which detect anomalies when they occur. This is done by comparing the historical patterns of privileged access with the current behaviour and use of privileged accounts. While there are other, broad security analytics solutions on the market, such as SIEM and the upcoming, Real-time Security Intelligence[^#](Advisory Note: Real-Time Security Intelligence - 71033) solutions, having a specialized product offering targeted monitoring and rapid response of the misuse of privileged account usage provides an RTSI approach to privilege management that is ahead of the curve compared to more generalised approaches available today.

2 Product Description

CyberArk Privileged Threat Analytics is a focused solution for the monitoring of privileged accounts, entitlements and systems. Its primary focus is i ...

Login Get full Access

3 Strengths and Challenges

CyberArk Privileged Threat Analytics provides a simple, intuitive user interface and well thought-out dashboards for that analysis. It is easy to use ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.