Advanced Threat Analytics Reveals Hidden Risks: Introducing BeyondInsight Clarity

An application is launched for the first time. An administrator logs in at 2am. A server has unpatched vulnerabilities. Seen individually, these events may be written off as low-risk blips. When combined on a single system, in a single time period, they add up to a red alert. Advanced persistent threats often go undetected because traditional security analytics solutions are unable to correlate diverse data to discern hidden risks. Seemingly isolated events are often written off as exceptions, filtered out, or lost altogether in a sea of data. The intruder continues to traverse the network, and the damage continues to multiply. BeyondInsight Clarity, now shipping standard with BeyondInsight v5.4, enables our customers to detect critical IT security threats previously lost amidst volumes of data, while identifying specific users, accounts and assets exhibiting patterns of risky activity. Other new features in BeyondInsight v5.4 include:

• BeyondTrust PowerBroker Password Safe management updates: including expanded platform support, plus filtering and API enhancements
• Reporting support for NIST 800-53 Revision 4 and PCI Data Security Standard (DSS) 3.0
• Threat Intelligence Connector for ServiceNow: import BeyondTrust Retina vulnerability data, launch Retina vulnerability scans, and generate incident response tickets in ServiceNow service automation solutions
• Several additional usability and reporting enhancements

Check out the New Features Overview for more details, or read on for a closer look at the new Clarity threat analytics capabilities ... How BeyondInsight Clarity Reveals Previously Overlooked IT Security Threats BeyondInsight Clarity is an advanced threat analytics capability that enables IT and security professionals to identify the data breach threats typically missed by other security analytics solutions. A standard capability of the BeyondInsight IT Risk Management Console, Clarity pinpoints specific, high-risk users and assets by correlating low-level privilege, vulnerability and threat data from a variety of BeyondTrust and third-party solutions. It does this via a six-step process: Aggregate: Gather, Centralize and Baseline Asset and User Activity The BeyondInsight IT Risk Management Platform delivers a centralized view of all assets and users in your environment. The BeyondInsight database contains information gathered via powerful onboard discovery capabilities, combined with data feeds from a variety of privilege and vulnerability management solutions. BeyondInsight Clarity taps into this rich database to set baselines for normal behavior, observe changes, and identify anomalies that signal critical threats. Correlate: Connect Disparate Evidence to Reveal Hidden Risks Like a good detective, Clarity is proficient at gathering disparate evidence, making connections, and uncovering would-be data breach culprits. For instance, Clarity can recognize that an administrator opening ports on a vulnerable server at 2am probably means trouble. Clarity is uniquely able to analyze privileged user and account activity along with asset characteristics, such as vulnerability count, vulnerability level, attacks detected, risk score, applications, services, software and ports. Through advanced threat analytics, Clarity correlates the data, connects the evidence, and reveals clear cases of user and asset risk. [caption id="attachment_20951" align="aligncenter" width="674"] BeyondInsight Clarity correlates and analyzes diverse asset and user data to identify critical threats in your IT environment.[/caption] Measure: Detect Changes Signaling In-Progress Threats Examining an asset or user’s current state isn’t always enough to reveal risk, making it critical to constantly measure and compare profile data over time. For instance, today, an asset may be running a seemingly normal set of services. Tomorrow, it might be running a markedly different set of “normal” services, while similar assets remain unchanged. Clarity measures asset characteristics and user behaviors from one day to the next, noting the scope and speed of any changes. By comparing an asset or user’s “change velocity” to that of similar assets or users, Clarity enables you to see deviations that you may have otherwise missed. Isolate: Spotlight Users and Assets Posing the Greatest Risks BeyondInsight Clarity is deft at flagging any users or assets that deviate from the norm. Clarity constantly organizes users and assets into like groups based on their profiles and behaviors. Whenever changes occur that cause a specific user or asset to break from the pack, BeyondInsight shines a spotlight on the outlier and offers complete drill-down capabilities to speed investigation and remediation. Report: Align IT and Security for Smarter Decision Making BeyondInsight’s powerful reporting engine keeps IT security and IT operations teams aligned and focused on business goals – whether that means complying with industry regulations like PCI and HIPAA or simply reducing the risk profile by employing least privilege where it makes the most sense. With Clarity, BeyondInsight expands its reports library to over 270 templates, with new templates for pinpointing users, assets and activities with high threat levels. As a result, IT operations and security staff can quickly identify and remediate threats, while sharing vital risk and compliance data to both technical- and non-technical audiences within the organization. Optimize: Increase the Value and ROI of Existing Security Investments BeyondInsight Clarity adds value to existing security investments by revealing risks normally buried within volumes of data. Clarity collects, correlates and analyzes user and asset activity data from supported privilege and vulnerability management solutions, including:

• PowerBroker for Windows: user and account activity data from desktops and servers
• PowerBroker for UNIX & Linux: user and account activity from servers
• PowerBroker Endpoint Protection Platform: IPS, IDS, anti-virus and firewall log data
• Retina CS Enterprise Vulnerability Management: vulnerability data
• Third-Party Vulnerability Scanners: imported data from Qualys, Tenable, and Rapid7

Because of BeyondInsight’s tight integration with the above solutions, Clarity has access to deep, granular levels of data. As a result, you benefit from the most accurate and informed threat analytics available today. Learn More Clarity advanced threat analytics capabilities are included with all BeyondInsight-supported solutions. See what's new in version 5.4, learn more about BeyondInsight, and request a demo.