For attackers, there's no bigger prize than gain access to accounts belonging to IT administrators and other high-value targets. With the newest release of its enterprise password management solution, Secret Server, Thycotic is using machine learning technology to help organizations spot potentially compromised accounts and insider threats.
The IT security specialist today launched Privileged Behavior Analytics (PBA), a cloud-based tool in Secret Server 10.2 that can detect anomalous behavior in privileged accounts. Given the types of system resources and data these accounts can access, it's important that organizations keep a close eye on them, according to R.J. Gazarek, product marketing manager at Thycotic.
"If privileged access is not monitored, analyzed, and alerted on it can lead to devastating data breaches and abuse from the inside out," Gazarek told eSecurity Planet. "In some cases, the breach may not even be intentional, just someone accessing a system they shouldn't have had access to. Having a tool in place that can detect anomalous and unusual privileged behavior, as it happens, is critical in detecting, stopping, and remediating potential breaches and mistakes."
Thycotic's solution employs artificial intelligence and threat scoring technologies to sound the alarm on activities that exhibit the signs of a breach or insider attack.
"The privileged account behaviors and analytics that PBA extension for Secret Server can detect are, for example, privileged accounts being used outside of normal hours than previously used before, privileged accounts being accessed by employees who have never accessed them previously or privileged accounts which are being used excessively that is deemed abnormal behavior," explained Joseph Carson, chief security scientist at Thycotic. The tool can also be used to help organizations rein in their use of privileged accounts.
"Being able to see privileged account behavior or deviations from normal usage is a huge advantage from a company who wants to add better security controls or to reduce the amount of unused privileged accounts – in turn reducing the privileged account landscape that could be exploited by cyber criminals," Carson added.
Thycotic's Privileged Behavior Analytics allows users to manually set the system's sensitivity based on their unique environments. If a given account happens to hit a threat score threshold, organizations can institute an access challenge that automatically logs out an offending account. Email alerting options deliver notifications to administrators if suspicious behavior is detected.
Secret Server 10.2 with Privileged Behavior Analytics is available now.