The new Palo Alto Networks firewall connector enables BeyondInsight to correlate network traffic data from Palo Alto firewalls with behavioral, environmental and risk data from BeyondTrust vulnerability and privileged account management solutions. Customers can then leverage BeyondInsight’s Clarity Threat Analytics capability to reveal advanced persistent threats (APTs) previously overlooked amidst volumes of diverse data.
BeyondInsight 5.6 also adds real-time alerting capabilities to Clarity. IT and security staff can now be notified at the first sign of an APT or other attack. Alerts are available via email, SNMP and Syslog feeds that can flag events such as:
· First-time application launches in the environment.
· Privileged access requests by applications associated with untrusted users or not digitally signed.
· After-hours system access, first-time after-hours access, or simultaneous access to multiple systems after hours.
· Launches of processes, services and applications associated with malware.
· Unique asset vulnerabilities not present anywhere else in the environment.
“Internal threats and APTs represent some the most serious security risks to enterprises today,” said Brad Hibbert, CTO, BeyondTrust. “BeyondInsight 5.6 extends the platform’s ability to deliver visibility across the internal and external risk landscape, while enabling IT and security leaders to take decisive action against threats.”
In addition, BeyondInsight 5.6 includes new asset discovery and vulnerability assessment capabilities for Amazon AWS small and micro instances. Asset discovery is available to all BeyondInsight customers, and vulnerability assessment is available to customers using BeyondTrust Retina CS in the BeyondInsight platform environment. In 2012, BeyondTrust introduced the first cloud connectors for identifying, classifying and assessing the security of assets in Amazon AWS. This industry-unique technology has yet to be duplicated by any other vendor.