CORE PRIVILEGED ACCESS SECURITY

Secure and Protect Privileged Accounts and Credentials. Everywhere.

BENEFITS

The Core Privileged Access Security Solution unifies Enterprise Password Vault, Privileged Session Manager and Privileged Threat Analytics to protect an organization’s most critical assets.

FOR SECURITY

Secure, rotate and manage privileged credentials to reduce risk; monitor and record all privileged access activity; automated prevention and remediation of high-risk activities.

FOR OPERATIONS

Streamline administrator and end user workflow including just-in-time access; easy and comprehensive integration across the technology stack; support for automation via REST APIs.

FOR AUDIT

End-to-end reporting with full, detailed audit trail of privileged activity across complex and hybrid environments; improve and prioritize audit review cycle times based on risk.

We evaluated other solutions, but we chose CyberArk as the best to meet our cyber security needs. We like the whole concept of CyberArk’s platform and the ability to centralize and securely manage credentials. CyberArk also provides SSH key management - a capability that was critical for us.

Marcos Henrique Igutti – Information Security Officer at FS

CASE STUDY
FS relies on CyberArk Privileged Access Security Solution

STANDARD CORE PAS

Risk-based credential protection and session management to prevent and mitigate attacks involving privileged access.

Continuously scan the environment to detect privileged access, validate privilege by adding discovered accounts to pending queue or automatically onboard and rotate accounts and credentials based on enterprise policy

Organizations can’t secure what they don’t know exists. CyberArk provides several methods for discovering privileged accounts and credentials, including the standalone Discovery & Audit (DNA) Tool and accounts discovery functionality that comes standard with the Core Privileged Access Security Solution. CyberArk scans all distributed networks and discovers both local and domain accounts on Windows systems as well as SSH keys, root and other local accounts on *NIX. All relevant privileged account information is retrieved  (e.g. dependencies, created date, etc.), and are placed in the Pending Accounts page within the CyberArk web portal. Administrators have the ability to set policy that establishes automatic account onboarding via REST API, among others aimed at streamlining workflow efficiency.

Once all privileged accounts have been discovered and on-boarded, policy can be set to establish credential strength (e.g. length and complexity) as well as frequency of rotation. Any shared accounts can also be rotated based on policy, such as credentials being used in multiple locations are not reused or used simultaneously, and are rotated directly after each individual use. Users can also access critical systems “just-in-time” by being added provisionally to a shared local administrator account on Windows servers for a pre-determined amount of time reducing the need for lower priority managed credentials.

Establish a secure control point to prevent credential exposure and isolate critical assets from end users with transparent connections to target systems via a variety of native workflows

Workstations are often a soft target for attackers to penetrate the network and can be leveraged by malicious actors to jump laterally throughout the environment. CyberArk enables secure connections to critical systems through the use of a secure proxy that is fully isolated and thus never exposing privileged credentials directly to the end users or their client applications or devices. This secure control point manages access to these privileged credentials and implements dual-control for a more robust workflow, providing users with customized approval workflows that ensure they are in compliance with accessing the right systems.

End-users can connect securely in a variety of ways, one being directly through the CyberArk web portal for general access. Users who prefer a more native workflow can request a secure connection to CyberArk directly from their workstations using any standard RDP client application for Windows, as well as native command line connectivity to *NIX and other SSH based systems. Additionally, CyberArk provides secure access to a range of as-a-service applications and cloud platforms via the native application login screen, delivering a native and transparent user experience to administrators.

Automatically record and store privileged sessions within a centralized encrypted repository, prioritize the audit of recorded and active sessions with video playback that streamlines the review of the most suspicious activity

In breach scenarios, finding the exact cause and ensuring it can be contained is harder than finding a needle in a haystack. With CyberArk, all privileged sessions are automatically recorded in video and/or text format and stored and encrypted within a tamper-resistant Digital Vault. Log files can be easily accessed by security and audit teams alike to support both compliance and digital forensics. Ad hoc connections can also be brokered to target systems that are unmanaged by the Core Privileged Access Security Solution. Administrators also have the ability to filter any keystrokes or commands like SSH logging or HTTPS that are recorded throughout privileged connections to minimize unwanted audit records, thus reducing the number of audit records stored.

When reviewing sessions, each recording has a clickable table of contents that enables reviewers to go directly to specific activities or commands. To further the operational use of CyberArk, each session is assigned a risk score that can be sorted and viewed by administrators to jump directly to the most critical activities within the environment.

Administrators can view specific activities or keystrokes within video recordings, detect and alert SOC and IT teams of anomalous behavior that bypasses or circumvents privileged controls

Having a viewable trail of privileged activity is important, but very few organizations have the staff or resources to view everything occurring within the environment. It’s both an exhausting and error-prone method for cybersecurity. CyberArk automatically captures audit records for each command and/or event that is executed or keystrokes that are typed and assigns each session with a risk score based on pre-defined policy. This enables security operations center personnel to take a risk-based approach by prioritizing the riskiest activities occurring within the environment by sending and receiving automatic alerts to and from Security Information and Event Management (SIEM) or User and Entity Behavior Analytics (UEBA) tools.

The Core Privileged Access Security Solution is able to detect attempts at bypassing or circumventing privileged controls in real-time and can both alert administrators as well as take automatic action to reduce the number of unmanaged access points to critical systems.

Automatically suspend or terminate privileged sessions based on risk assignment, and initiate automatic credential rotation in the event of privileged compromise or theft

Sophisticated attackers can breach the network and gain access to critical systems and resources in record time.  How effective are security controls that are heavily reliant on manual intervention? Attackers can lay in wait for extended periods of time without ever being picked up by security controls or administrators. Having built-in, automated remediation controls in place is necessary for maintaining a strong security posture for the modern enterprise. CyberArk can automatically rotate credentials in the event of risky behavior such as credential theft, bypassing the Digital Vault, or unmanaged access; in order to mitigate risk in real-time without relying on manual intervention. Unmanaged accounts can be automatically on-boarded and managed through CyberArk’s continuous discovery capabilities. Additionally, in the event of privileged sessions reaching a certain risk score, administrators can establish policies to either to stop suspicious behavior before doing irreparable damage to the business.

ADVANCED CORE PAS

Advanced modules are fully integrated into the Standard Core Privileged Access Security Solution to provide a comprehensive solution for security, audit and IT teams across on-premises, hybrid and cloud environments.

Centrally manage and enforce granular access controls, establish super-user accountability on both Windows and *NIX servers and centralize the audit trail of all privileged access activity across server environments

For *NIX

In many organizations, IT administrators, application developers, database administrators and others have permanent, continuous and anonymous superuser privileges. While some level of privileged access to business critical systems and data is required, many users have far more privileges than needed for their day-to-day tasks.

Least Privilege Server Protection for *NIX enables organizations to centrally manage and enforce granular access controls and establish superuser accountability, provide a full audit trail and recording of all privileged access activity on Unix/Linux systems.

For Windows

Privileged Windows servers accounts are a common target for hackers and cyber criminals. Internal and external attackers can exploit privileged server accounts to gain access to critical business systems, disrupt service or steal confidential information.

Least Privilege Server Protection for Windows enables organizations to enforce granular least privilege policies for IT administrators, efficiently segregate duties on Windows servers and tightly manage and control which applications are permitted to run on Windows servers to protecting against malware and ransomware.

Continuously monitor the network and detect in-progress Kerberos attacks including Golden Ticket and Pass-the-Hash and block suspected credential theft and harvesting attempts on domain controllers

Advanced attacker are in search of domain administrator privileges given the unrestricted level of access and control these credentials provide throughout the IT landscape. These powerful accounts permit attackers to manipulate the most sensitive assets in the network – Domain Controllers (and Active Directory) – completely hidden from view of other users and outside the purview of security solutions designed to prevent such attacks. The Domain Controller Protection Solution enables organizations to protect domain controllers’ local credential stores (e.g. LSASS, NTDS.dit, and LSA) and can detect malicious activity in real time. The solution enforces credential boundaries for domain administrators without adding unnecessary complexity, cost and burden to end users, and simultaneously enables security teams to respond effectively with a detailed account of each security event on domain controllers.

Alero provides secure and quick remote vendor access to CyberArk Core Privileged Access Security. No VPNs, agents or passwords needed.

FLEXIBLE DEPLOYMENT OPTIONS

Deploy CyberArk in a variety of ways to match business needs and preferences. Select from a variety of deployment options based on control and flexibility.

ON-PREMISES

CLOUD

SaaS

CYBERARK PRIVILEGED ACCESS
SECURITY OVERVIEW

The CyberArk Core Privileged Access Security Solution provides organizations with the ability to take a risk-based approach to credential and session management. Enforce least privilege principles and lock down domain controllers to defend against both internal and advanced persistent threats.

RESOURCES

READY TO GET STARTED?

Act now. Take the CyberArk Guided Tour to see why CyberArk is the #1 Leader in Privileged Access Security.

REQUEST A LIVE DEMO

STAY IN TOUCH

STAY IN TOUCH!

Keep up-to-date on security best practices, events and webinars.