Automated responses that continually learn and align with the needs of the business keep Preempt’s Behavioral Firewall at the vantage point of a potential threat. Suspicious behavior can force multi-factor authentication with the user, weak or exposed passwords can force a password change, and users can be demoted, isolated, or ultimately blocked based on a predefined set of risk factors. This feature ensures that risks are mitigated with minimal impact to users and without manual intervention from staff. Additionally, the risk factors associated with every user, account, and device in the network are scored to deliver adaptive actions for verifying and eliminating threats automatically. “Behavior of careless users, malicious insiders, and attackers, such as compromised accounts or devices, and attempts to escalate privileges are exposed by the system providing real-time, automated, and appropriate threat enforcement,” says Sancheti. This multi-dimensional approach reveals when an individual user is at risk as well as the impact on the overall risk of the organization. Preempt then provides the option to turn insight into action to reduce the internal attack surface.
To put things into perspective, Sancheti cites an incident where a large oil exploration firm was infiltrated by crime perpetrators trying to log into the facility through brute-force attacks and push DoS programs into the network. Their goal was to feed random password combinations, so user accounts become locked.
Behavior of careless users, malicious insiders, and attackers, such as compromised accounts or devices, and attempts to escalate privileges are exposed by the system
Preempt placed their security mechanism at the front of the domain controllers and identified the source through which the users were logging in. Thus, legitimate traffic went through, but the brute-force attack got blocked as Preempt identified the compromised endpoints that were not associated with the users, based on machine learning algorithms.
Furthermore, Preempt provides the overloaded and understaffed security operations teams with an automation layer to automatically verify and triage events and resolve false positives, which eventually drives dynamic investigations utilizing proactive alert reviews, faster incident responses, and forensic analyses. At its core, the solution is built on a policy engine that allows organizations to match users, their behaviors, and assets with a rule set that meets their security requirements. Based on these criteria, a wide range of responses can be invoked by an organization, which ensures that action can be taken to strike the appropriate balance between security and enablement.
Preempt is particularly focused on catering to the finance, healthcare, and law firms, which in turn helps the organization build patterns considering what matters most to their customer verticals. Having spent 20 years in the IT security landscape, Sancheti believes that in the times to come, behavioral technology will drive all enterprise products and policies. He mentions, “We want to be at the forefront of this transformation and change the way enterprises combat malicious breaches and insider threats.”