Prevent credential compromise and stop lateral movement
Whether due to malicious behavior or honest mistakes, threats from trusted insiders can be the most difficult to manage. Organizations need the visibility and control to proactively reduce internal risk, detect suspicious behavior, and prevent threats before damage is done.
Preempt continually learns user behavior across the network and cloud applications and is able to create a risk profile (i.e. assets, user access, protocols they use, normal working hours and devices used). By baselining risk, Preempt can detect abnormal behavior and challenge or block risky action.
Whether it is a risky user or a malicious actor, abuse of privileged credentials can cause compromise of critical systems and applications containing sensitive information. In order to stop unauthorized access to your most sensitive data, you need to monitor and control all user access to stop risk behavior.
Malicious insiders laterally move around the network to get to the critical systems and oftentimes leverage common protocols such as NTLM or tools like PsExec. Preempt’s proprietary security analytics and pattern recognition can spot the difference between protocol misuse and triage that with risky behavior detection to help organizations stop lateral movement.
When malicious activity is spotted, remediation such as Multi-Factor Authentication, secondary authorizer, or complete block can be enforced. By spotting threat patterns such as lateral movement and privileged credential misuse, Preempt can trigger the appropriate enforcement to stop a malicious insider in their track.