- Role-Specific Solutions
CrowdStrike Completes Acquisition of Preempt Security
If you can’t see all your users or know what they are doing and accessing, it’s difficult to control risks and prevent threats. The Preempt Platform takes a modern approach to the problem and puts you back in the driver’s seat.
Preempt empowers organizations to easily reduce user risk on their attack surface and preempt threats in real time with Conditional Access. Our patented technology continuously analyzes, adapts and responds to threats based on identity, behavior and risk to auto-resolve insider threats and targeted attacks.
Continuous. Automated. Risk-Based Conditional Access.
Organizations often have incomplete views of who is accessing what, when, where and how across multiple security solutions and platforms. Preempt solves this by auto-discovering all users, privileges, accounts, devices and behavioral access patterns whether on premises, in the cloud, or in hybrid environments.
Preempt provides a continuous health and risk assessment revealing password problems, privileged access, stale accounts, stealthy admins, Active Directory (AD) configuration issues and more. Actionable insights allow your security team to easily reduce risk and your attack surface making it easier to pass your next audit.
Credential based attacks continue to be the number one way organizations are compromised. Preempt approaches threat detection differently, with sophisticated behavior analysis and risk scores for every user and endpoint in the network. Trusted and untrusted accesses are baselined through analysis of live authentication traffic combined with SSO, Cloud Directories, VPN, supervised and unsupervised learning and more.
By combining analytics that are focused on identity, behavior and risk, with real-time traffic (either passive/sniffer mode or inline), it provides greater fidelity in attack detection.
Uniquely, Preempt allows organizations to detect and gain more control over misuse of protocols and malicious use of tools. This helps reduce risk of improper tool use, credential forwarding, password cracking and other credential-based attacks such as Pass-the-Hash and Golden Ticket.
Reconnaissance and attack tools
Deeply inspect real time authentication protocol usage
The Platform’s Threat Hunter interface lets analysts select and search across any attribute without needing to craft arduous string-based queries. This lets analysts dial in exactly what they are looking for and quickly test hypotheses without getting bogged down pouring over logs.
Threat Hunter Searches Include:
Authentication Type (e.g. LDAP, SSO)
Service Access Type (e.g. Fileshare, Remote Desktop)
Account Events + Time Range
User Attributes (e.g. High Risk, Weak PW)
Privileges (e.g. By group membership, by delegation)
Location (e.g. CIDR, Site, Geo)
Threats aren’t black or white, so responding to possible threats with a simple block or allow won’t work. Whether it’s simply adding MFA in front of your most sensitive applications or responding in real-time to suspicious behavior, Preempt’s Conditional Access gives you the flexibility to respond in real-time to prevent threats without disrupting real business.
When suspicious or risky behavior is detected, the Platform’s Conditional Access capabilities step in to help you proactively respond to threats without getting an analyst involved or disrupting valid users. Preempt’s adaptive policies can progressively interact with users to verify legitimate access and block untrusted authentications in real-time. Fine-grained actions allow you to match the level of response to the risk, and can automatically adapt based on changing context.
Protecting internal applications from credential compromise is easy with Conditional Access. With a highly-adaptable policy engine, enterprises can quickly snap on step up authentication, such as multi-factor authentication (MFA), to applications without interfering with the application itself. Organizations can gain more value out of their existing MFA deployments (Okta MFA, SecureAuth, PingIdentity, Duo and more) and also provides the flexibility to seamlessly change MFA or use a variety of vendors.
Adaptive MFA Benefits
Any Application or Resource
No Device Agents
No modifying the application or the endpoint
Eliminate need for segmentation
Policy-based or Prescriptive
Cloud or On Premises
Preempt works with your authentication infrastructure to provide consistent insights, threat detection, and risk-based Conditional Access across your organization. The two-tier platform architecture allows you to get up and running quickly, and easily access just the features you need.
Self-Install Within 2 Hours
Immediately understand your authentication footprint and the Identity health posture
Conditional Access Anywhere
Apply Conditional Access across complex Enterprise environments (On-Premises, Hybrid and Cloud)
Increase Efficiency of Security Operations
Preemptive blocking and auto-remediation, without logs, reduces risk and the number of incidents to investigate
The Preempt Platform supports teams of all sizes and maturity levels and will adapt with your organization as it grows and changes whether it be on premises or in the cloud.
Preempt has a two tier architecture: Central Management deployed either on premises or on AWS/Azure and Sensors on Domain Contollers (DC) to enable real-time threat detection and prevention.
Preempt increases your company’s identity store security hygiene and reduces the overall attack surface without impacting the resiliency and integrity of your IT infrastructure.