How Customers are Using Preempt
The Preempt Platform plays a critical role in the modern security architecture. Our technology directly analyzes all enterprise traffic and provides the ability to enforce policy based on identity, behavior, and risk. This includes the ability to detect and stop active threats, ensure secure access to sensitive resources, as well as the proactive discovery of weakness and unsafe behavior. Additionally, by creating policies that automatically respond and adapt, Preempt can deliver security faster while reducing the impact on security staff and need for manual analysis. This makes Preempt an incredibly flexible and powerful tool for protecting the enterprise.
These are just a few of the many ways that organizations are using Preempt to protect their users and assets today. Learn more in the Use Cases Brochure.
Eliminate Breaches and Compromised Credentials
Preempt continuously monitors traffic, logs, metadata and more to identify active threats in the environment. This includes the following:
- Stop Compromised Users, Devices, and Accounts – Preempt uses an ensemble of detection methods to identify when virtually any entity in your environment has been compromised, including your privileged users and service accounts. The solution can also detect a variety of attacks and abuse of the authentication infrastructure such as reconnaissance against Active Directory or Golden Ticket or Pass-the-Hash techniques.
- Responses That Adapt to the Threat – Preempt provides adaptive responses so that you can challenge unusual or risky actions without getting in the way of valid work. For example, generate a multi-factor authentication challenge based on anomalous behavior and only block if the user fails the challenge.
Prevent Insider Threats
Preempt protects your organization from malicious insiders as well as careless users without getting in the way of valid work:
- Stop Malicious Insiders Before Data is Accessed – Preempt can automatically recognize abnormal behavior and challenge the user prior to granting access to the resource.
- Find Risks Introduced by Careless Users – Easily find unsafe user behavior related to the use of password, account sharing, device usage and more. Find your risky users before attackers do.
Monitor and Protect Privileged Accounts
Find, track, and protect your most valuable users:
- Privileged User Management – Automatically discover all privileged users including any stealthy administrators who are outside the common administrator groups. Easily see new privileged users and track changes over time.
- Enforce Appropriate Controls on Privileged Users – Enforce contextual controls on administrators by verifying identity before access to high value assets.
Add Identity-Based Access Controls to Any App or Resource
Preempt extends multi-factor authentication to any enterprise resource:
- Any Application – Easily extend MFA to any application in the enterprise. Ensure secure access for internal, legacy, and custom applications without significant additional time or financial investment.
- Any Resource – Go beyond applications and extend protection to any asset based on policy. Easily add protection to workstations, critical servers, databases or any network asset. MFA challenges can adapt based on context of identity, behavior, and risk.
Proactively Reduce Risk and Support Compliance
Take control of your security posture and compliance reporting:
- Detect and Manage Risky Behavior – Automatically track every user and device in the environment and identify weak password practices, shared accounts, unmanaged devices, stale accounts and more, enabling staff to reduce the attack surface proactively. Risk can be tracked at the organizational unit or down to the individual.
- Simplify Compliance Reporting – Easily generate documentation to support compliance reporting for a wide variety of compliance frameworks such as NIST. Provide documentation for any and all users, accounts, devices, and show how policies protect them in the network.
Improve Incident Response and Forensics Efficiency
Preempt empowers your team by removing extraneous work, reducing alerts, and speeding investigations.
- Accelerated Event Triage and Prioritization – Preempt provides the context to speed through event prioritization. Risk scores prioritize devices based on a combination of user identity and correlated behaviors, while alerts volumes can be automatically reduced through contextual MFA challenges.
- Incident Response and Threat Hunting – Preempt enables fast, conclusive security investigations. Staff can quickly review a chronology of related events to see a complete narrative of user or device history. A dedicated threat hunting page makes it easy to query and correlate across any trait tracked by Preempt.