The compromise and abuse of user credentials provides the quickest way into an enterprise network and its most valuable assets. According to the 2018 Verizon Data Breach Investigations Report, compromised credentials continue to top the list of causes for data breaches. To combat against such credential threats, organisations need to focus on data-driven solutions that use advanced analytics to identify and monitor user and device access risk.
Exabeam Security Management Platform integrates with SecureAuth IdP to provide a seamless security solution that uses machine learning to gather all the evidence necessary to quickly investigate and detect identity-based threats.
Exabeam's Smart Timeline tracks normal and abnormal user behaviour such as account switching, remote logins, database logins and administrative asset logins, and assigns a dynamic risk score. SecureAuth leverages that risk score to apply authentication rules with adaptive authentication. Working together, SecureAuth + Core Security and Exabeam can restrict access to application and data for accounts displaying risky or abnormal behaviour stepping up with multi-factor authentication for additional verification or denying access altogether.
"Credential-based attacks are typically difficult to detect because attackers impersonate legitimate users. To protect against these types of attacks, organisations need to rethink their enterprise security strategy and move to an identity-centric approach based on a Zero Trust model," said Ted Plumis, VP of Worldwide Channels at Exabeam. "We are excited to partner with SecureAuth + Core Security to deliver a streamlined, orchestrated security solution for customers who need to identify suspicious activity to quickly remediate threats in their environment."
"The critical need to integrate identity and security is clear. Whether it is a continual risk and trust assessment or Zero Trust model, organisations must put in place a framework that allows for the continual evaluation of risk and trust and then offers the ability to take appropriate actions," said Robert Block, SVP of Product Strategy at SecureAuth + Core Security. "This relationship and the solution integrations provide the flexibility customers require to substantively elevate identity security now and in the future. "
The integration provides security teams the ability to gain unified, real-time visibility across the organisation and identify critical identity threats. Pre-built incident timelines help analysts quickly understand the scope and nature of detected attacks by automating what was previously a manual investigation process. The joint solution is a part of the Connected Security Alliance and has gone through rigorous interoperability testing that can help customers implement quickly and painlessly.