The Preempt Platform - Delivering Conditional Access Anywhere

A Modern Approach to Authentication and Securing Identity

Preempt Platform

Conditional Access Anywhere

If you can’t see all the users across your organization and know what they are doing and accessing, it can be almost impossible to control risks and prevent threats. The Preempt Platform takes a new, modern approach to the problem and helps put you back in the driver’s seat — so you can preempt threats before they impact your business.

Preempt empowers organizations to optimize the Identity hygiene of all users, accounts and assets, and preempt threats in real time with Conditional Access. Uniquely, our patented technology continuously analyzes, adapts and responds to threats based on identity, behavior and risk in order to auto-resolve threats and breaches.

The Preempt Platform supports teams of all sizes and maturity levels. As you get started on your journey to real-time threat prevention, Preempt will adapt with your organization as it grows and changes, whether it be on premises or in the cloud. Best of all, the Preempt Platform isn’t a science project so you can get started with in as little as two hours and gain immediate and ongoing benefits. Core components of the Platform include:

  • Identity and Risk Insights
    Discover all users in your network — business, privileged, service — and reduce your attack surface with visibility into weak passwords, stealthy admins, stale accounts, and more

  • Analytics and Threat Detection
    Continuous insights and behavior analytics allow you to detect threats and reduce risk

  • Conditional Access Anywhere
    Adaptive and prescriptive automated response with policy-based enforcement based on identity, behavior and risk

Identity and Risk Insights

Understand Identity Everywhere

Unified Visibility to Reduce Risk

Organizations often have siloed or incomplete views of who is accessing what — and when, where and how — across multiple security solutions and platforms. Preempt solves this by auto-discovering all users, privileges, accounts, devices and behavioral access patterns whether on premises, in the cloud, or in hybrid environments.

With a single management console, the Preempt Platform provides a continuous health and risk assessment revealing password problems, privileged access, stale accounts, stealthy admins, Active Directory (AD) configuration issues and more, so that you can optimize Identity hygiene.

With actionable insights, your security team can more easily reduce risk and your attack surface making it easier to pass your next audit.


Continuously discover all users

  • Regular and Privileged Users
  • Stealthy Admins
  • Stale Accounts
  • Service Accounts

Identify vulnerabilities

  • Weak Passwords
  • NTLM Hashes
  • Inactive Accounts
  • Vulnerable OS
  • Users or Admins with SPNs

Identity health actions

  • Reset Password
  • Demote or Isolate User
  • Disable User or Accounts

Behavior Analytics and Threat Detection

Create Trust Baselines and Detect Threats in Real Time

Real-Time Threat Detection

The Preempt Platform’s User and Entity Behavior Analytics (UEBA) learns the behavior of every user and device on the network, including privileged users and service accounts, and develops risk scoring for each of them. Trusted and untrusted access are baselined through analysis of live authentication traffic combined with SSO, Cloud Directories, VPN, supervised and unsupervised learning, and more.

Credential-based attacks continue to be the number one way organizations are compromised. Preempt approaches threat detection differently. By combining Analytics that are focused on identity, behavior and risk with real-time traffic (either passive/sniffer mode or inline), it allows you to be able to have greater fidelity in attack detection.  

Real-time Threat Detection

  • Risky User Behavior
  • Malicious Insiders
  • Behavioral Anomalies
  • Privileged Access Abuse
  • Compromised Accounts or Devices
  • Lateral Movement
  • Attempts to Escalate Privileges
  • Attacks Against Internal Infrastructure

Tools and Protocols Usage

Uniquely, Preempt also allows organizations to detect and gain more control over misuse of protocols and malicious use of tools. This can help you reduce the risk of improper tool use, credential forwarding, password cracking and other credential-based attacks such as Pass-the-Hash and Golden Ticket.


Reconnaissance and attack tools

  • Mimikatz
  • PowerShell
  • PsExec
  • Bloodhound

Deeply inspect authentication protocol usage in real-time

  • NTLM
  • Kerberos
  • LDAP



Pinpoint Hidden Threats with Threat Hunter

The Preempt Platform also provides a powerful Threat Hunter interface that lets analysts search across any attribute. Instead of crafting arduous string-based queries, analysts can simply select the attributes they are interested in and go. This lets analysts dial in exactly what they are looking for and quickly test hypotheses without getting bogged down pouring over logs.

Searches can include but are not limited to:

  • Authentication Type (e.g. LDAP, SSO)
  • Service Access Type (e.g. Fileshare, Remote Desktop)
  • Account Events (e.g. Privilege Escalation, Locked Account)+ Time Range
  • User Attributes (e.g. High Risk, Weak PW)
  • Privileges (e.g. By group membership, by delegation)
  • Location (e.g. CIDR, Site, Geo)

Conditional Access

Confidently Preempt Threats with Conditional Access

Adaptive Enforcement for Any User

Threats aren’t black or white so responding to possible threats with a simple block or allow won’t work. Whether it’s simply adding MFA in front of your most sensitive applications or responding in real-time to suspicious behavior, Preempt’s Conditional Access gives you the flexibility to respond in real-time to prevent threats without disrupting real business.

When suspicious or risky behavior is detected, the Platform’s Conditional Access capabilities step in to help you proactively respond to threats without getting an analyst involved or disrupting valid users. Preempt’s adaptive policies can progressively interact with users to verify legitimate access and block untrusted authentications in real-time. Fine-grained actions allow you to match the level of response to the risk, and can automatically adapt based on changing context.  

Adaptive Enforcement for Any User

  • Block/Allow
  • Multi-Factor Authentication
  • Notify/Alert
  • Request Authorizer
  • Isolate
  • Reduce Privileges
  • More

Adaptive MFA Anywhere

Protecting internal applications from credential compromise is easy with Conditional Access. With a highly-adaptable policy engine, enterprises can quickly snap on secure authentication, such as multi-factor authentication (MFA), to applications without interfering with the application itself. Organizations can gain more value out of their existing MFA deployments (Okta MFA, SecureAuth, Duo and more) and also provides the flexibility to seamlessly change MFA or use a variety of vendors.

Adaptive MFA Anywhere

  • Any Application or Resource
  • Any MFA
  • No Device Agents
  • No Modifying the Application Or the Endpoint
  • Eliminate Need For Segmentation
  • Policy-Based or Prescriptive
  • Cloud or On Premises

Ease of Deployment

Preempt works with your authentication infrastructure to provide consistent insights, threat detection, and adaptive enforce across your organization. The two-tier platform architecture allows you to get up and running quickly, and easily access just the features you need.

Self-Install Within 2 Hours  
Immediately understand your authentication footprint and the Identity health posture within the enterprise

Conditional Access Anywhere
Apply Conditional Access across complex Enterprise environments (On-Premises, Hybrid and Cloud)

Increase Efficiency of Security Operations
Preemptive blocking and automated resolution of incidents reduces risk and the number incidents to investigate

Request a live demo now!

Sign up for a demo to see how the Preempt Platform can help your organization prevent breaches and improve your enterprise security.

Request A Demo