CyberArk And Inside-Out Defense Are Partnering To Solve The Hidden Cybersecurity Dangers Stemming From Privilege Abuse
July 31, 2023
min read

Global IT staffs grapple with an ever-accelerating scenario of user privilege sprawl in any organization with rapid SaaS adoption. It is almost impossible to understand a user's footprint, privileges, and associated activities across the organization when you include all the users, such as human, non-human, third-party, contractors, and APIs.

According to Verizon’s Data Breach Investigation Report of 2023, privilege abuse is today's number one threat vector. It takes many forms, such as ransomware, data exfiltration, and reconnaissance attacks, which often begin by obtaining valid identity credentials through phishing, pretexting, and other methods. These attacks are complicated for IT staff to stop, as they are typically launched using valid credentials and often only fully understood afterward through post-attack audits.

While identity protection and session risk management have been widely adopted as crucial components of a comprehensive cybersecurity strategy, the inherent challenges of privilege abuse and abusive access persist despite the diligent application of these traditional measures.

Traditional methods of identity protection primarily focus on verifying user identities and managing access to systems and applications. These approaches involve multi-factor authentication, password policies, and role-based access controls. While they play a vital role in user accounts and preventing unauthorized access, they do little to stop malicious activity once access has been granted to an application or cloud environment.

Traditional identity protection tools generally assume that once a user is authenticated and authorized, their actions within the system are legitimate and trustworthy. This assumption is faulty and very dangerous in today’s world of extensive credentials hacking and MFA spoofing.

Given that, understanding the unique risks of privileged accounts is especially important. Privileged accounts are identities that possess elevated permissions that grant users extensive control over critical systems, sensitive data, and network infrastructure.

However, in today’s world, with federated access tools and users who wear multiple hats across the modern work environment, every user is effectively a privileged user. Given the constantly changing needs of organizations, today’s users acquire elevated privileges very quickly and often in perpetuity.

This ‘privilege creep’ happens while traditional identity protections are severely weakened by the rapid growth and effectiveness of various credentials hacking methods, including methods to neutralize secondary identity protections like multi-factor authentication. A significant risk is the potential for severely damaging malicious behavior from internal or external threat actors using compromised privilege accounts or even ‘regular’ employee accounts with elevated privileges.

To tackle the pervasive issue of privilege abuse, organizations require a specialized solution beyond traditional identity protection mechanisms that understand the context of user behavior and activity. Traditional identity protection mechanisms need more technology and architecture to effectively understand the context of the behavior and determine user intent.

Towards this mission, CyberArk and Inside-Out Defense are partnering to solve the hidden dangers of privilege abuse in organizations by identifying malicious behaviors inside applications and remediating them in real-time with a risk-adjusted response to block these activities.

CyberArk Privilege Threat Analytics helps organizations enhance their security posture by providing proactive threat protection and reducing the risk associated with privileged access. By monitoring privileged account activity, PTA helps organizations identify potential security breaches or insider threats before they cause significant damage.

Inside-Out Defense has built a proactive, real-time, automated privilege abuse intervention solution. Inside-Out Defense monitors user behavior and access privileges in real-time inside all environments, including SaaS, cloud, hybrid, and legacy deployments. When the platform detects any user activity which exhibits hacking behavior or deviates from the established user behavior profile, Inside-Out Defense can limit, challenge, or block the user activity inside the application or environment in real-time.

Inside-Out Defense compliments CyberArk’s Privilege Threat Analytics (PTA) by detecting malicious privilege abuse beyond what PTA can observe. For example, if a malicious user gained access to PTA with stolen credentials, Inside-Out Defense would detect activities outside normal behaviors or indicative hacking behaviors. Inside-Out Defense could notify PTA administrators and block additional activity inside the CyberArk session. The bi-directional integration allows Inside-Out Defense to achieve faster detection and remediation of privilege abuse behaviors by ingesting PTA payload (user session analysis) and providing PTA with real-time detection of abusive behaviors.

The partnership’s mission is to enable customers to:

  • Detect privilege abuse behaviors in real-time
  • Remediate privilege abuse in-line through a risk-adjusted and automated response
  • View real-time forensics of malicious user behaviors and activities
  • Get the context behind user activities (Who gets to do What, When, Where, and Why?)