Eliminate embedded application credentials for improved security and compliance
Application credentials including SSH keys and hard-coded, embedded passwords are easily sought after and exploited by cyber attackers when left unprotected. Securing, managing and automatically rotating these credentials impose significant challenges and overhead costs to IT departments. As a result, many organizations never change application credentials, leaving the organization vulnerable to an attack.
CyberArk Application Identity Manager, part of the CyberArk Privileged Account Security Solution, enables organizations to protect critical business systems by eliminating hard-coded credentials from application scripts, configuration files and software code, and removing SSH keys from servers where they are used by applications and scripts. Application Identity Manager offers agent and agentless deployment options to best meet the security and availability requirements of various business applications. The product is built on the CyberArk Shared Technology Platform, delivering scalability, high availability and centralized management and reporting.
The new approach really improves our ability to manage all access to privileged accounts.
Mike Brannon
Senior Manager of Information Systems
National Gypsum
Features
- Eliminate Hard-Coded Credentials. Organizations can remove embedded passwords and data source credentials from scripts, application code and configuration files, and SSH keys from servers, making them inaccessible to attackers and malicious users.
- Securely Store and Rotate Application Credentials. The CyberArk Digital Vault Technology® is used to store and rotate application credentials and provide numerous underlying security capabilities for authentication, encryption, and data protection. Application passwords and SSH keys can be automatically rotated based on policy without impact to application performance or downtime.
- Authenticate Applications. Application Identity Manager utilizes advanced means to authenticate applications requesting credentials based on application characteristics such as path, hash (signature), OS user and more, ensuring only authorized applications can access required credentials.
- Secure Local Cache of Credentials. Local credential stores ensure the highest availability and performance, independent of network availability, for business critical applications to maintain business continuity.
- Flexible Deployment Options. Application Identity Manager offers agent and agentless deployment options to best meet the security and availability requirements of various business applications.
- Support for Multiple Platforms. Application Identity Manager is designed to support large enterprise environments in which various platforms are being used.
Benefits
- Mitigate Internal and External Threats. Secure critical business systems accessing the most sensitive data by eliminating hard-coded application passwords found in applications, scripts and configuration files, and removing SSH keys from servers, where they are used by applications and scripts.
- Ensure Business Continuity. Replace and rotate application credentials with a solution delivering high availability and reliability to reduce the risk of downtime to applications.
- Reduce Operational Resources. Automate the management and rotation of application credentials to reduce the IT operational resources required to secure application passwords and SSH keys.
- Meet Audit and Compliance Requirements. Comply with internal and regulatory requirements for regularly replacing application passwords and SSH keys and securely monitoring privileged access.