CyberArk Integrates Privileged Threat Analytics with McAfee’s Next Generation SIEM


Cyberark LogoCyberArk , the company that protects organisations from cyber attacks that have made their way inside the network perimeter, has announced the integration of CyberArk Privileged Threat Analytics with McAfee Enterprise Security Manager (ESM). The integrated solution empowers customers to pinpoint and immediately act against privileged-based threats in their security information and event management (SIEM) data.

Privileged accounts, which consist of IT administrative credentials, default and hardcoded passwords, application backdoors and more, are targeted in nearly every significant cyber attack. External attackers and malicious insiders exploit unprotected privileged accounts to move laterally and anonymously across the network, to access critical systems and exfiltrate data.

CyberArk Privileged Threat Analytics 2.0 collects and analyses privileged account activity data to provide organisations with visibility into potentially malicious behaviour. McAfee Enterprise Security Manager collects, correlates, and analyses intelligence and event data in real time and orchestrates adaptive protection to disrupt the attack chain and prevent data loss. Leveraging the McAfee data exchange layer (DXL), CyberArk’s full integration with McAfee Enterprise Security Manager will provide customers with more context to the information CyberArk Privileged Threat Analytics collects, while increasing the real-time visibility and the precision of actions that can be driven by the McAfee SIEM.

“Securing privileged accounts plays a critical role in protecting against advanced threats. Attackers exploit these powerful accounts to conduct network reconnaissance against security infrastructure and execute their attacks, often without detection,” said Roy Adar, vice president, product management, CyberArk. “The integration of CyberArk Privileged Threat Analytics with McAfee Enterprise Security Manager will help incident responders cut through the clutter of big data security analytics to pinpoint and enable action on previously undetected malicious privileged behaviour and disrupt in-progress attacks.”

CyberArk Privileged Threat Analytics reports on malicious privileged behaviour in real time over the McAfee DXL messaging bus, making it available to all McAfee products. McAfee Enterprise Security Manager reads the CyberArk Privileged Threat Analytics event data, and issues alerts, response and remediation activity in real time to threat response teams, and enables watch lists that can monitor and mine event data to detect related future and historical events.

Prompt action is part of how organisations shift from data historians to real-time incident management. For example, once a privileged user account is determined by CyberArk Privileged Threat Analytics to be associated with suspicious activity, McAfee Enterprise Security Manager can help disable, restrict, suspend, or reset the privileges of that user and the host. McAfee Enterprise Security Manager will also push security event information from critical systems to CyberArk Privileged Threat Analytics. This data will be analysed and correlated with privileged account information to detect anomalous privileged behaviour and user activities. The solutions will alert each other in real time about security events.

“Abuse of privileged credentials is a common thread between recent headline grabbing security breaches,” said Ed Barry, vice president, Global Technology Alliances at McAfee, part of Intel Security. “Timing is everything when dealing with advanced threats and having visibility into behaviour across the entire range of privileged account use greatly improves detection and remediation efforts. The integration with CyberArk’s product offering will enable our customers’ threat response teams to focus on privileged activity, detect suspicious events earlier in an attack chain, and have peace of mind that all endpoints and users are secure. We are excited to have CyberArk be one of the first Security Innovation Alliance partners to participate in the DXL ecosystem.”

The integration uses an innovative real-time messaging bus called the McAfee data exchange layer (DXL). Unlike point-to-point integrations that are expensive to implement and fragile, this new model provides more access to more information more quickly and reduces integration maintenance effort and dependencies. This data sharing and resilience enhances an organisation’s overall visibility and ability to adapt as threats change. By becoming “DXL-ready,” CyberArk Privileged Threat Analytics will also be able to selectively publish its data to and subscribe to updates from other products from McAfee and Security Innovation Alliance partners, without the cost and overhead of direct integrations. Organisations gain flexibility and simplicity as part of a more resilient security infrastructure.

Key benefits of the CyberArk/McAfee integration include:

  • Enables organisations to stop an in-progress attack before serious damage is done by focusing on privileged accounts, enabling a less costly and time-consuming remediation process.
  • Detects a range of anomalies in the behaviour patterns of individual privileged users in real time, such as a user who suddenly accesses credentials at an unusual time of day.
  • Extends effectiveness of McAfee Enterprise Security Manager by enabling incident response teams to identify anomalous privileged account user behaviour and prioritise incidents that involve privileged accounts.
  • Builds learned user behaviour into risk assessments over time to increase efficacy and build targeted analytics.

For more information, please visit

To view a video introduction to CyberArk Privileged Threat Analytics, please visit: