U.S. government looks to CyberArk innovation and Merlin’s experience to advance digital modernization and protect identities

Summary

Merlin Cyber has formed a strategic partnership with CyberArk to expand the use of the CyberArk Identity Security Platform to protect critical infrastructure and citizen services as government agencies transition from legacy to modern technologies.

Company profile

Merlin Cyber has worked with the U.S. government for 25 years providing federal civilian, defense, state, local and education customers with access to innovative, public sector-ready cybersecurity solutions that meet government requirements and mission priorities. Merlin does this by selectively partnering with best-in-class cybersecurity brands, investing in visionary emerging technologies, accelerating partner growth, and enabling the U.S. Government to successfully keep ahead of today’s critical threats, accelerate modernization initiatives, and defend the nation.

Challenges

U.S. federal government agencies have vast amounts of confidential data and are arguably one of the most desirable cyber-attack targets for adversaries. These agencies face a continuous bombardment of attacks that threaten federal, state and local government authorities and organizations, including businesses operating in critical infrastructure sectors. As such, the U.S. government is one of the largest buyers of IT in the world and spends approximately $30 billion of its annual budget on cybersecurity to enable them to provide essential services to its citizens. These services and infrastructure include homeland defense, taxes, social security benefits, healthcare, water supply, transportation, telecommunications and the government itself, and protecting them is of the utmost priority.

“There are many nation states, criminals, gangs and individuals that do not like to see the U.S. succeed,” said Miguel Sian, Senior VP of Technology at Merlin Cyber, a business that provides IT and, in particular, cybersecurity solutions to the U.S. government. “The government is looking for accelerated innovation to deal with its massive technical debt because government is, and will continue to be, a highly attractive target for adversaries.”

The challenge for government and the public sector is no different to the rest of the private sector. Bad actors are continuously innovating to find new ways to infiltrate their targets’ networks. These networks can be complex with an array of siloed and legacy applications, systems and data centers built up over many years, are mission critical but nearing end of life. Government agencies are adopting a cloud-first and cloud-smart strategy with their modernization initiatives to overcome the technical debt. The reality is that the attack surface is increasing and expanding rapidly as government embraces new technologies like cloud computing and AI to improve delivery of services. Governments are trying to get ahead of these technologies and steer their operations to be able to better defend their assets and citizens.

Recently, the U.S. government launched its National Cybersecurity Strategy which marshals many security policies and initiatives to strengthen protection for its digital ecosystem. But governments cannot do this alone, so one of the key pillars of the strategy is public/private partnership. “Companies like CyberArk have the innovation, speed, and skillsets that are more than ready to help the government protect U.S. citizens and the services they use,” commented Sian. He added that a 2022 Data Breach Investigations Report by Verizon showed that over 80% of breaches result from the compromise of credentials, and CyberArk’s leadership in identity security and privilege control are important elements to improve identity security posture.

Solutions

For 25 years, Merlin has helped the U.S. government – including federal civilian, defense, state, local and education customers – access innovative cybersecurity solutions. A critical part of the Merlin business model is building best-in-class market-ready solutions. The U.S. government is risk averse, so it looks to industry leaders for guidance, which is why Merlin wanted to partner with CyberArk.

In 2017, Merlin formed a strategic partnership with CyberArk to use its identity security solutions and services to help the government improve cybersecurity capabilities around identity security and privileged access management (PAM).

“Merlin has a fantastic partnership with CyberArk. We work very closely with CyberArk sales and the technical champions, and the client success team to help our government agencies derive and extract value from the technology. Because the government trusts Merlin and CyberArk, together we have standardized privileged access management and identity security in government using CyberArk technology.”
– Miguel Sian, Senior VP of Technology, Merlin Cyber

Merlin resells all the capabilities of the CyberArk Identity Security Platform. From the leading CyberArk Privileged Access Manager solution and the best-in-class CyberArk Endpoint Privilege Manager, CyberArk Secrets Manager and CyberArk Workforce Identity to some of the most innovative solutions in the market such as CyberArk Secure Cloud Access and CyberArk Workforce Password Manager. And because Merlin builds market-ready solutions, it can extend the value of CyberArk technology with the ecosystem of ISVs that CyberArk certifies. For example, Sian described how Merlin helped an airport authority protect its IoT (internet of things) equipment using CyberArk. Working with a Phosphorous IoT security specialist and a federal transportation agency, the airport uses the Phosphorous and CyberArk Secrets Manager integration to find default passwords on thousands of IoT devices at airports, vault them, and rotate them in CyberArk.

Results

Government networks are complex and require multiple areas of discipline like visibility, analytics, automation and orchestration. CISOs responsible for protecting these environments need to be able to apply Zero Trust holistically across many threat areas. Technology vendors need to offer products and solutions that are interoperable and support standards and open Application Programming Interfaces (APIs). This is a key factor that makes CyberArk ideal for protecting federal infrastructure.

“CyberArk provides Merlin with the opportunity to have productive conversations with government about extending the value of its investment in CyberArk to support government’s Zero Trust initiatives. The technologies readily integrate with existing vulnerability scanning, network firewalls or robotic process automation. CyberArk is a partner that we can rely on to ensure that those integrations are supported and are available in the long run.”
– Miguel Sian, Senior VP of Technology, Merlin Cyber

Sian further shared that there is a trend in government to consolidate and rationalize vendors to simplify and save costs. Government agencies look for vendors that they can trust, and ones that can address various cybersecurity needs. “Privileged access management has been the domain of CyberArk,” explained Sian. “Now CyberArk has expanded the aperture to protect all identities, both human and non-human, and all identities can be privileged whether it applies to the knowledge worker, the domain or database admin. Companies like CyberArk, that are innovating and using its technology to address a broader set of identities, are very important for government.”

“For us, it is important to partner with companies like CyberArk that understand that the mission of the federal government is to provide critical services that citizens rely on each day,” concluded Sian. “Merlin really shines in the federal government space. We provide access to innovation, the right contracts and mechanisms, and acquire the right technology that meet government’s requirements. We provide solutions that meet the security controls mandated by the U.S. government, and that includes the toolsets that address the identity security principles CyberArk evangelizes.”

Key benefits

• Standardizes privileged access management (PAM) in government
• Provides innovation needed to adopt new technologies
• Assists with initiatives such as Zero Trust, Identity and Cloud Modernization
• Secures applications and non-person entities’ secrets and API keys
• Protects against cyberattacks on expanding attack surface