CyberArk Addresses Least Privilege and Infrastructure Integrity at Federal Agencies

New Whitepaper Provides Guidance for Federal Agencies as they Move to Phase 2 of the U.S. Department of Homeland Security Continuous Diagnostic and Mitigation Program

Newton, Mass., March 25, 2015 –  CyberArk Software Ltd. (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today released a white paper that addresses the three critical areas of least privilege control for federal agencies moving to Phase 2 of the Continuous Diagnostics and Mitigation (CDM) program.  The paper, which can be downloaded for free, is in response to a Request for Information issued by the U.S. General Services Administration (GSA).

The CDM program, initiated by the U.S. Dept. of Homeland Security, provides federal agencies with guidance on improving the cyber security of their networks. Phase 2 of the program, called Least Privilege and Infrastructure Integrity, ensures that the principle of least privilege, which limits user access to the minimal level that will allow normal functioning, is enforced on networks. The CyberArk white paper provides federal agencies with guidance on the three key areas of least privilege and the solutions that address the most common privileged account vulnerabilities.

“Unsecured privileged accounts represent the largest security vulnerability government organizations face today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization’s IT infrastructure, disable security controls, steal confidential information, commit fraud and disrupt operations,” said John Worrall, Chief Marketing Officer, CyberArk.  “Enforcing the principle of least privilege outlined in the CDM program is an important step for federal agencies to take to harden their systems and protect against cyber attacks.”

Three Key Areas of Least Privilege

The CyberArk white paper outlines the three most critical areas of least privilege enforcement outlined in Phase 2 of the CDM program and how federal agencies can comply:

  • Manage Security-Related Behavior: To secure against intentional and unintentional actions that inflict damage, federal agencies need to employ expert privileged account security intelligence that can identify previously undetected anomalous privileged account and user behavior.
  • Manage Credentials and Authentication: To reduce the loss of confidentiality, integrity and availability of data through credential exploitation, federal agencies need to secure, manage, and track the use of all privileged credentials – these accounts provide broad access to all applications, systems and devices. Agencies must secure these credentials across all of their forms, including privileged credentials and passwords, SSH keys, and hard-coded and embedded passwords. Agencies must also secure these accounts regardless of location: on premise, in the cloud, across operating systems, databases, application, network devices and other systems.
  • Manage Account Access/Manage Privileges: To minimize the loss of data through poor account management, agencies need to ensure that users granted access to privileged accounts receive only the level of clearance needed for their specific job. Native OS such as Microsoft and Unix cannot delegate privileges and authority with sufficient granularity.

The CyberArk Privileged Account Security Solution is a complete solution to protect, monitor, detect and alert on privileged accounts across the enterprise, cloud and SCADA/OT environments. For more information on how CyberArk addresses requirements in Phase 2 of the CDM program, please visit: http://www.cyberark.com/solutions/regulation/continuous-diagnostics-mitigation-program/.

About CyberArk
CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including 45 percent of the Fortune 100 – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout EMEA and Asia Pacific and Japan. To learn more about CyberArk, visit www.cyberark.com, read the company blog, http://www.cyberark.com/blog/, follow on Twitter @CyberArk or Facebook at https://www.facebook.com/CyberArk.

Future Looking Statements
This release may contain forward-looking statements, which express the current beliefs and expectations of CyberArk’s management. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, performance or achievements to differ significantly from the results, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: changes in the new and rapidly evolving cyber threat landscape; failure to effectively manage growth; fluctuations in quarterly results of operations; real or perceived shortcomings, defects or vulnerabilities in the Company’s solution or the failure of the solution to meet customers’ needs; the inability to acquire new customers or sell additional products and services to existing customers; competition from IT security vendors and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.

###