Bridging the Gap to Third Party Devices, Applications and Operating Systems
March 22, 2018 | Security and Risk | Corey O'Connor
The overall strength of a privileged account security solution can be measured by a typical set of standard benefits including performance, scalability and ease-of-use. One key characteristic that should not be overlooked is the ability to seamlessly integrate with third-party devices, applications and operating systems. When done correctly, this can provide organizations the ability to manage privileged credentials and secrets without significant development cycles, which can consume valuable resources in the process.
The average large enterprise can have hundreds (if not thousands) of different devices, (e.g. workstations, servers, network devices) all of which have privileged accounts that need to be protected and managed. In many cases, there is no centralized approach to managing privileged accounts for these disparate devices. Moreover, these devices are often added or upgraded on a regular cadence, which in turn, creates a never-ending scramble to protect all of the assets users and applications interact with – assets that reside both within and outside the four walls of the organization. The sooner an organization can get a handle on protecting these assets, the sooner they mitigate the risk against today’s advanced threats.
In the past, CyberArk has provided different methods to enable organizations to create their own integrations. The most commonly used format was a development framework that could create third-party plug-ins using scripts such as PowerShell and Python, .NET applications and web browser recording methodologies. The one caveat to be able to utilize this framework was the requirement of basic developer skills and some level of training in order to successfully create custom plug-ins.
In an effort to simplify the way our customers can integrate with other solutions, CyberArk introduced a new tool that delivers a straightforward and intuitive user experience for creating a credential management plug-in. The tool, the Plugin Generator Utility (PGU), streamlines the workflow in a ‘wizard-like’ process.
The first release of the PGU allows for the recording of a plug-in for network devices and appliances (based on Unix/Linux) as well as support for SSH and Telnet protocols – with plans to provide support for cloud and web applications in the not-too-distant future. The tool can also plug into IoT devices to protect and prevent the network it’s connected to from becoming compromised.
Figure 1: The Plugin Generator Utility recording the process to verify the account password.
We deliberately designed the tool to be used by anyone – the tool does not require a developer’s experience and skillset. Users only need to understand the process and the set of commands required to perform the verification of a password, change a password and reconcile the accounts (e.g., administrative synchronization). Users can generate plugins for accounts that have the ability to log into devices directly, as well as devices that require a traditional logon account. Leveraging the PGU not only saves a significant amount of development time but also reduces operational overhead and eliminates the need for a professional services engagement.
The engine within the PGU detects different prompts for different operating systems (which are SSH related) and once a plugin is recorded, the tool generates a package that can be easily imported into the CyberArk Privileged Account Security Solution. Customers can now create and develop plugins on the fly. Beta testing determined a reduction in development time from ~90 days to 10 minutes! Download this free tool from the CyberArk Support Vault and start creating your own custom plugins today.