How Customers are Using Preempt
Real-time response to prevent threats
Daily threats and breaches such as APTs, malicious insiders, and employee mistakes create tremendous security alerts and false positives. Preempt provides you with real-time breach and insider threat prevention that also helps you gain more visibility and insights, protects sensitive applications and improves security team effectiveness. Here are some examples of how our customers are using the Preempt to better secure their organization, applications and employees.
Download our data sheet to learn more about how customers are using Preempt: Preempt – Top Use Cases
Why our Customers Choose Preempt
Real-time Response to Threats
Today many organizations are reluctant to take action based on behavioral analytics. Incidents are often inconclusive or unreliable and enforcement options are limited to crude Block or Allow options. This gives security teams only extreme responses to incomplete information.
The Preempt Behavioral Firewall offers automated responses that continually learn and align with the needs of the business. Suspicious behavior can force a re-authentication or challenge by multi-factor authentication to verify identity. Weak or exposed passwords can force a password change. Users can be demoted, isolated, or ultimately blocked based on risk. All responses can be automated based on policy to ensure that risks are mitigated with minimal impact to users, and without manual intervention from staff.
Proactive Visibility and Management of Risky Behavior
End Users represent the greatest and most unpredictable risk to the security of enterprise data. Whether due to a simple mistake, a malicious insider, or a determined attacker, the path to a breach almost always goes through a user.
The Preempt Behavioral Firewall continuously tracks and scores the behavior of every end user, privileged user, and host in the context of assets being accessed. This multidimensional approach reveals when a user is at risk as well as the impact to the overall risk to the organization. Preempt then provides the option to turn insight into action that reduce the internal attack surface. Insights include:
- Weak Passwords
- Stale Accounts
- Account Sharing
- Management of Privileged Users
- Protection of High-Value Assets
- Additional Insights
Increased Security for Enterprise Applications
Preempt Any App helps organizations quickly turn the job of adding MFA to applications into a simple matter of defining the policy. With the barrier of custom application development being removed, organizations can quickly add secure authentication onto homegrown, legacy and other sensitive applications and retain the flexibility of which authentication solution(s) to use. When a user first connects to an application, the application attempts to verify the user’s identity. Any App proxies this request, and based on the policy, can trigger the organization’s MFA solution to push a challenge to the end user. Once identity is verified, access to the application is granted.
Attackers use compromised credentials to move around your network. Traditional firewalls look into the traffic and either allow or block the traffic. Preempt’s adaptive response technology automatically detects unusual behavior and uses multiple methods to verify the identity of users.
Smart security controls such as multi-factor authentication, re-authentication, 3rd party response orchestration, isolation, notify and more can be implemented based on behavioral risk scoring or policy. This instantly verifies the genuine user identity and provides immediate feedback for security incidents. Using smart security controls ensures that your legitimate business activity is not interrupted, while ensuring that your security isn’t compromised. Validation of the suspicious user behavior is offloaded from your security team and verified by Preempt.
Increased Operational Efficiency
Security Operations teams are overloaded and understaffed, and most User and Entity Behavior Analytics (UEBA) products generate far more alerts than their team can possibly analyze. This often results in mountains of data that is often only analyzed after a breach.
The Preempt Behavioral Firewall helps overstressed teams by providing a layer of automation to verify and triage events and resolve false positives. Instead of putting the burden on humans to hunt and investigate, the solution can verify and validate the threat without manual intervention. This ultimately drives faster, more efficient investigations, alert review, incident response and forensic analysis. Areas where operational efficiency can be improved:
- Event Triage and Prioritization
- Incident Response
- Forensic Analysis
- Automatic Reduction of Alerts