Protect your Data
Data breaches or theft are in 99% of the cases caused by abuse of privileged accounts, such as (domain) administrators, Root, DBA etc. Hackers always go after these accounts because they know they have a lot of access. Today's perimeter defense is not good enough to protect your data. Preventive controls such as firewalls, proxies, etc. are required to keep the bad guys out, but we also know they can be breached.
Once a malicious someone can get hold of a privileged account, you cannot trace them anymore because they will look legitimate, you need proactive controls such as the CyberArk solution.
The CyberArk Privileged Account Security solution is built to manage all privileged accounts such as administrators, root accounts, device accounts, cloud accounts, etc. The solution is designed to store the passwords in a highly secured patented Digital Vault and to automate the lifecycle management for passwords of such accounts.
Once these privileged accounts are under control of the CyberArk solution, a process can be installed to manage the use of these accounts for administrative purposes.
This process can exist out of two variations:
- A (one time) password release mechanism towards a requester with approval steps, providing access to the privileged account’s password
- A session release mechanism towards a requester with approval steps, providing single sign-on access to the privileged account itself
Additionally the solution will track all activities related to a password or session release and provide a full audit trail of all account usage. This audit trail is valuable to auditors and security professionals and provides a significant help to prove compliance either to external regulations, internal policies, adopted best practices or industry standards.
Besides the above-mentioned features, many more valuable options exist in the solution such as, but not limited to:
- The On-Demand Privileges Manager ensures administrators can only execute allowed & defined operating system commands or interfaces, restricting a person’s administrative system access only to their required applications.
- Password management for applications removes the risk of applications and scripts that need credentials with elevated permissions and often have these hard-coded in the software and set to never expire. Thanks to the CyberArk solution it is no longer needed to allow such risks as applications can call the Digital Vault and extract the required user and its current password. This also means these previously static passwords now can be changed on a regular basis and according to the defined password policy.
- Service account passwords are often never changed due to their dependencies, business continuity risks and the required effort to manually change and restart the services. Obviously this also introduces a risk. The CyberArk solution automates the discovery and management of such accounts and as such, passwords used by service accounts can be changed on a regular basis and according to the defined password policy.
- Social media and cloud accounts often need to be shared amongst multiple people responsible for marketing. If such a person would leave the company, he or she would still be able to connect to the corporate social media account as it’s publicly reachable on the internet and potentially damage the corporate image and brand. The CyberArk solution can manage, change or even hide the use of these social media and cloud passwords.
- Integration with other parties such as IAM, service desks, SIEM solutions and vulnerability management systems to deliver extra value and fit into your enterprise.
On top of this, CyberArk delivers a Privileged Threat Analytics solution that will help you to spot on the fly suspicious behavior of people using privileged accounts. Remember, once an attacker can get a hold of a privileged account it’s 5 to 12, time to react !