Skip to main content
News

Optimize Your Cybersecurity Strategy with CyberArk PTA and FortiSIEM

By May 30, 2024No Comments

In cybersecurity, unstructured threat hunting is a proactive method for identifying network irregularities that may signal security breaches. Unlike structured hunts following specific frameworks like MITRE and target particular attack types, unstructured hunting takes a broader approach.

Optimize Your Cybersecurity Strategy with CyberArk PTA and FortiSIEM

In cybersecurity, unstructured threat hunting is a proactive method for identifying network irregularities that may signal security breaches. Unlike structured hunts following specific frameworks like MITRE and target particular attack types, unstructured hunting takes a broader approach. It emphasizes trend analysis, seeking anomalies such as a surge in outbound connections or logins occurring outside regular hours. The focus lies on identifying activities deviating from the network’s typical behavior.

CyberArk Privileged Threat Analytics (PTA) provides comprehensive detection capabilities for identifying various anomalies within privileged access. These include detecting privileged access to the Vault occurring during irregular hours, instances where a user retrieves a privileged account password at an unusual time, or when privileged accounts are accessed more frequently than usual. Additionally, PTA can flag situations where a user accesses the Vault from an unusual IP address or subnet, identifies activity from a dormant user, and detects accounts logging on to a high number of machines within a relatively short time frame.

FortiSIEM enables the creation of custom widget dashboards where data from reports can be presented in formats like line charts. Generating FortiSIEM reports for all anomalies detected by CyberArk PTA can be integrated into these dashboards, providing insightful trend analysis into
privileged account usage. These charts serve as an invaluable starting point, pinpointing specific activities for further investigation.

Leveraging the combined power of CyberArk PTA and FortiSIEM empowers organizations to strengthen their cybersecurity posture, identify potential threats early, and mitigate risks proactively.