CyberArk, the cybersecurity company, announced on Wednesday (Sept. 14) it was awarded another patent by the U.S. Patent and Trademark Office for security risk detection technology.
In a press release, CyberArk said the patent follows a previously granted patent and demonstrates the company’s expertise in detecting the risks that make it possible for cyberattacks in organizational networks. The patent covers methods and systems to map risks arising from credentials, especially privileged credentials, present on machines in the network that, once compromised, enable attackers to access and compromise other machines in the network.
CyberArk said the technology has been implemented in the CyberArk Discovery and Audit (DNA) tool, which enables security professionals to quantify privileged account security-related risks and gain visibility into the attack surface that exists within enterprises. CyberArk said, once the system is compromised by an attacker, privileged credentials can enable movement to other machines. With CyberArk DNA, companies can pinpoint specific security risks and visualize how attackers could abuse credentials and associated access rights to operate in the network. Some of the security risks companies can identify with CyberArk DNA include those associated with Pass-the-Ticket and Pass-the-Hash attacks.
“CyberArk continues to make strong investments in product research and development, with this latest patent reinforcing the importance of innovation for detecting risks and potential abuse of privileged credentials,” said Andrey Dulkin, director of cyber innovation at CyberArk Labs, in the press release. “Incorporating these technologies into CyberArk DNA has a direct impact on helping organizations understand the risks associated with unmanaged credentials, with risk mapping as an important first step to establishing a proactive privileged account security program.”
The company noted that research from CyberArk Labs found, on average, 40 percent of network machines can give attackers credentials, enabling them to start an attack that could impact the entire network of an organization.