Newsroom

CyberArk Unveils Master Policy; Revolutionary Approach to Privileged Account Security Turns Business Policy into Global Controls

September 25, 2013

New Policy Engine Sets Industry Standard for Securing Privileged Accounts to Improve Audit and Compliance, Control and Enforcement; Mitigates the Risk from Insider and Advanced Threats

Newton, Mass. – September 25, 2013 – CyberArk, the company securing the heart of the enterprise, today announced the availability of Master Policy, a bold new ‘policy engine’ that enables customers to set, manage and monitor privileged account security in a single, simple, native language interface. The once complex process of transforming business policy and procedures into technical settings is now easily manageable and understandable to an organization’s stakeholders, including security operations, risk officers and auditors. Master Policy is embedded at the core of all of CyberArk’s privileged account security products, providing simplified, unified and unequaled policy management. The release is available in version 8.0 of CyberArk’s privileged account security solution released today and will ship with all new installations of CyberArk’s Privileged Identity Management (PIM) and Privileged Session Management (PSM) suites.

Privileged accounts have been identified as the primary target in internal and advanced external attacks, and have been implicated in 100 percent of breaches1. As the risk of advanced threats increases, compliance regulations like PCI DSS, Sarbanes Oxley, NIST, NERC-CIP, HIPAA and others have become stricter. Master Policy enables organizations to set policy first to better meet their security and compliance needs.

Key benefits of Master Policy include:

  • A simplified process for creating and managing privileged account security policy, that can now be set up in minutes rather than days or weeks;
  • Improved security posture of the organization by approaching privileged account security with policy first;
  • Meets business demands by quickly and accurately translating written policy into privileged account security controls;
  • Enables organizations to meet and demonstrate compliance regulations like PCI DSS, Sarbanes Oxley, NIST, NERC-CIP and more;
  • Allows enterprise global policy to be set while providing controlled, granular level exceptions to meet the unique operational needs of the business;
  • Decreases resource strain by empowering security risk and audit teams to enforce policy in their native language.

“Policy is the foundation of a sound security infrastructure. It has been difficult to enforce written policy throughout the enterprise, as it is time-consuming and difficult to translate that written policy to technical settings for operational departments,” said Sally Hudson, Research Director, IDC. “With today’s advanced threat landscape, the enterprise can no longer afford to overlook the importance of accurate policy settings and enforcement. Simplifying this process gives control back to the security, risk and audit teams and allows them to use their expertise to mitigate the risks posed by insider and outsider threats and comply with strict regulations.”

In addition to Master Policy, CyberArk’s version 8.0 includes the Universal Connector, empowering organizations to extend privileged session monitoring to virtually any component of their IT infrastructure, including networks, servers, hypervisors, databases, applications and more.  Using customizable solutions, efficient automation and offering 200+ existing connectors, CyberArk is able to support nearly all current enterprise systems.

“With the introduction of the Master Policy engine, as well as the extended capabilities of the Universal Connector, CyberArk continues its leadership to remain at the forefront of security,” said Roy Adar, vice president of product management, CyberArk. “We are proud to be the only solution that ties together uncompromised core security with a deep understanding of policies and regulations. As privileged accounts continue to be exploited by cyber attackers and rogue insiders, it is our goal to put an end to this vulnerability by arming our customers with the strongest possible defense.”

Version 8.0 of CyberArk’s privileged account security solution, including the Privileged Identity Management and Privileged Session Management suites, is available today.

2013 CyberSheath Report, APT Privileged Account Exploitation