Eliminate embedded application accounts for better security and compliance

Hard coded, embedded passwords in high risk applications are easily sought after and exploited by cyber attackers when left unprotected. CyberArk Application Identity Manager, part of the CyberArk Privileged Account Security Solution, eliminates embedded application accounts for better security and IT compliance with no impact on application performance or code changes. The product is built on the CyberArk Shared Technology Platform, delivering scalability, high availability and centralized management and reporting.

Across the enterprise numerous scripts, processes and applications need to access multi-platform resources to retrieve, process, transmit and store sensitive data. Such applications are granted use of privileged accounts, usually allowing unlimited access to sensitive business and customer information stored in corporate databases.

Enterprises can no longer only protect porous perimeters. Instead, they must accept that outsiders are already on the inside. Once inside, they immediately seek to hijack privileged accounts which can be found hard coded and in clear text in business critical applications. Not only are these credentials at risk from an outside attacker but even within the enterprise developers, IT personnel, DBAs, operational teams and more can view them to gain access to sensitive business data. As a result, regulatory bodies including PCI-DSS, SOX and Monetary Authority of Singapore are enforcing directives to secure privileged accounts and ensure strong authentication of the systems requesting the password.

Despite the sensitivity of privileged accounts in applications, enterprises fear to manage them due to the operational consequences such as recompiling, testing and redeploying business applications. Others don’t manage them due to lack of knowledge on the possible consequences and the potential downtime to systems. Without eliminating hard-coded and clear text passwords, changing factory default settings and frequently replacing privileged accounts embedded in application software, enterprises are putting themselves at a high risk of attack.

CyberArk Application Identity Manager enables organizations to protect the data residing in business systems by eliminating hard coded and visible credentials from application scripts, configuration files and software code with the most secure, flexible and robust authentication methods on the market while simplifying large scale projects. Enterprises can address the common challenges resulting from manually managing application-to-application identities including failed audits, elevated security risks and a general lack of accountability with a solution that guarantees service continuity across the enterprise application infrastructure.

The new approach really improves our ability to manage all access to privileged accounts.

Mike Brannon

Senior Manager of Information Systems
National Gypsum

  1. Features
  2. Benefits
  • Eliminates hard-coded passwords from all scripts, application code and configuration files, making them invisible to developers and support staff while automatically replacing credentials based on policy without any impact to application performance or downtime.
  • Delivers high-availability, redundancy and business continuity through secured caching capabilities, addressing high-end enterprise requirements for availability and business continuity for the most critical business applications.
  • Authenticates applications through advanced means to authenticate applications requesting credentials granting access only to trusted applications.
  • Automatic password synchronization improves application security without any interruption to production or need for development, testing and IT support.
  • Automatic password encryption while at rest or in transit to the requesting application.
  • Provides accountability through continuous monitoring each transaction is logged providing auditing and accountability for every password request down to the application level.
  • Secure and manage credentials required by mission critical applications and stored within Application Server Data-Sources without code changes or downtime
  • Integrate with third party applications such as vulnerability scanning solutions or CRM products require privileged credentials in order to access sensitive devices or databases. AIM integrates with third-party products to securely deliver the credential when necessary while automatically managing and replacing these credentials for better protection of IT resources.
  • Centralize management and reporting by integrating with the CyberArk Shared Technology Platform delivers scalability
  • Out-of-the-box integration with CyberArk Privileged Account Security products provides complete management, monitoring, recording and secure single-sign-on for privileged accounts
  • Minimize financial losses and reputational damage by eliminating hard coded and visible credentials from applications and scripts.
  • Enhance application security over multiple platforms and sites as your business grows in size and complexity.
  • Increase business continuity across your data center during application credentials management.