IDC MarketScape Names CyberArk a Leader in the Privileged Access Management Market

Leading Analyst Firm Highlights Critical Security Vulnerabilities of Unmanaged Privileged Accounts; Cites CyberArk as PAM Pure-Play Market Leader

Newton, Mass., March 18, 2015 – CyberArk Software Ltd. (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today announced that it was named a leader in the IDC MarketScape: Worldwide Privileged Access Management 2014 Vendor Assessment (doc #253303, December 2014). To download a free excerpt, please visit http://www.cyberark.com/privileged-access-management-market-leader/.

The IDC MarketScape assesses vendors offering products in the privileged access management (PAM) market and notes that, “CyberArk is the PAM pure-play “big gorilla” with the most revenue and largest customer base.”

The compromise and misuse of privileged accounts is a key signature in advanced, targeted cyber attacks. As demonstrated in recent, devastating attacks on businesses, cyber attackers steal and exploit privileged accounts to conduct a hostile takeover of a company’s entire infrastructure. By exploiting privileged access, attackers can conduct internal reconnaissance, move laterally throughout a network without detection and complete the goals of the attack. The IDC MarketScape recognizes the critical need of securing privileged accounts and provides businesses with recommendations for evaluating vendors.

“Attackers typically exploit privileged credentials to accomplish their goals, which is why privileged access management is a crucial aspect of securing the enterprise,” said Pete Lindstrom, research director, Security Products at IDC. “CyberArk has established itself as a privileged access management leader through its breadth of capabilities and commitment to innovation as evidenced by solid revenue numbers and growing customer base.”

The IDC MarketScape report highlights the key functionality businesses should consider when selecting a privileged access management provider, including the ability to:

  • Manage access to shared accounts with sensitive privileges: This includes tracking any shared account usage by controlling password access and logging user activity for anomalous behavior.
  • Remove Windows local administrative functionality: By removing the local administrator privilege from the user account and providing flexibility and functionality for a user’s particular needs, IT can better support individual job needs while protecting against today’s malware threats that target these admin accounts.
  • Enhance visibility of sensitive account activity: Third-party accounts are often shared intentionally or unintentionally among users outside an organization, making them extremely difficult to monitor. With proper PAM solutions in place, visibility into account activity can be elevated beyond basic capabilities for a full view of the network.
  • Restrict privileges for separation of duties: To minimize the potential for a single user to compromise the system, organizations should implement solutions that provide separation of duties and therefore force the need for collaboration among attackers to compromise a system.
  • Manage embedded application and service accounts: Distributed architectures often require some way to establish a presence on a set of resources and embedding static accounts and passwords has been a very common solution. Organizations must manage, protect and secure these accounts, as they pose a significant security risk.

“Protecting against today’s aggressive cyber attacks requires a fundamental shift in security mentality. CIOs and CSOs who are serious about security will build defenses based on the premise that the attackers are already – or will soon be – on the inside of the organization,” said John Worrall, CMO, CyberArk. “By locking down privileged accounts, businesses can prevent attackers from moving freely in the enterprise and stop advanced attacks early in the attack cycle.”

The CyberArk Privileged Account Security Solution is a complete solution to protect, monitor, detect and alert on privileged accounts.  For more information, please visit: http://www.cyberark.com/products/privileged-account-security-solution/.

For a free excerpt of the IDC MarketScape report, please visit: http://www.cyberark.com/privileged-access-management-market-leader/.

About IDC MarketScape: IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT (information and communications technology) suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. IDC MarketScape provides a clear framework in which the product and service offerings, capabilities and strategies, and current and future market success factors of IT and telecommunications vendors can be meaningfully compared. The framework also provides technology buyers with a 360-degree assessment of the strengths and weaknesses of current and prospective vendors.

About CyberArk
CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including 45 percent of the Fortune 100 – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout EMEA and Asia Pacific and Japan. To learn more about CyberArk, visit www.cyberark.com, read the company blog, http://www.cyberark.com/blog/, follow on Twitter @CyberArk or Facebook at https://www.facebook.com/CyberArk.

Future Looking Statements
This release may contain forward-looking statements, which express the current beliefs and expectations of CyberArk’s management. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, performance or achievements to differ significantly from the results, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: changes in the new and rapidly evolving cyber threat landscape; failure to effectively manage growth; fluctuations in quarterly results of operations; real or perceived shortcomings, defects or vulnerabilities in the Company’s solution or the failure of the solution to meet customers’ needs; the inability to acquire new customers or sell additional products and services to existing customers; competition from IT security vendors and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.

###