Secure and Protect Privileged Accounts and Credentials. Everywhere.


The Core Privileged Access Security Solution unifies Enterprise Password Vault, Privileged Session Manager and Privileged Threat Analytics to protect an organization’s most critical assets.



The CyberArk Core Privileged Access Security Solution provides organizations with the ability to take a risk-based approach to credential and session management. Enforce least privilege principles and lock down domain controllers to defend against both internal and advanced persistent threats.


Risk-based credential protection and session management to prevent and mitigate attacks involving privileged access.

Continuously scan the environment to detect privileged access. Validate privilege by adding discovered accounts to a pending queue or automatically onboard and rotate accounts and credentials based on enterprise policy.

Organizations can’t secure what they don’t know exists. CyberArk provides several methods for discovering privileged accounts and credentials, including the standalone Discovery & Audit (DNA) Tool and accounts discovery functionality that comes standard with the Core Privileged Access Security Solution. CyberArk scans all distributed networks and discovers both local and domain accounts on Windows systems as well as SSH keys, root and other local accounts on *NIX. All relevant privileged account information is retrieved  (e.g. dependencies, created date, etc.), and are placed in the Pending Accounts page within the CyberArk web portal. Administrators have the ability to set policy that establishes automatic account onboarding via REST API, among others aimed at streamlining workflow efficiency.

Once all privileged accounts have been discovered and on-boarded, policy can be set to establish credential strength (e.g. length and complexity) as well as frequency of rotation. Any shared accounts can also be rotated based on policy, such as credentials being used in multiple locations are not reused or used simultaneously, and are rotated directly after each individual use. Users can also access critical systems “just-in-time” by being added provisionally to a shared local administrator account on Windows servers for a pre-determined amount of time reducing the need for lower priority managed credentials.

Establish a secure control point to prevent credential exposure and isolate critical assets from end users with transparent connections to target systems via a variety of native workflows.

Workstations are often a soft target for attackers to penetrate the network and can be leveraged by malicious actors to jump laterally throughout the environment. CyberArk enables secure connections to critical systems through the use of a secure proxy that is fully isolated and thus never exposing privileged credentials directly to the end users or their client applications or devices. This secure control point manages access to these privileged credentials and implements dual-control for a more robust workflow, providing users with customized approval workflows that ensure they are in compliance with accessing the right systems.

End-users can connect securely in a variety of ways, one being directly through the CyberArk web portal for general access. Users who prefer a more native workflow can request a secure connection to CyberArk directly from their workstations using any standard RDP client application for Windows, as well as native command line connectivity to *NIX and other SSH based systems. Additionally, CyberArk provides secure access to a range of as-a-service applications and cloud platforms via the native application login screen, delivering a native and transparent user experience to administrators.

Automatically record and store privileged sessions within a centralized encrypted repository. Prioritize auditing recorded and active sessions with video playback that streamlines reviewing the most suspicious activity.

In breach scenarios, finding the exact cause and ensuring it can be contained is harder than finding a needle in a haystack. With CyberArk, all privileged sessions are automatically recorded in video and/or text format and stored and encrypted within a tamper-resistant Digital Vault. Log files can be easily accessed by security and audit teams alike to support both compliance and digital forensics. Ad hoc connections can also be brokered to target systems that are unmanaged by the Core Privileged Access Security Solution. Administrators also have the ability to filter any keystrokes or commands like SSH logging or HTTPS that are recorded throughout privileged connections to minimize unwanted audit records, thus reducing the number of audit records stored.

When reviewing sessions, each recording has a clickable table of contents that enables reviewers to go directly to specific activities or commands. To further the operational use of CyberArk, each session is assigned a risk score that can be sorted and viewed by administrators to jump directly to the most critical activities within the environment.

Administrators can view specific activities or keystrokes within video recordings. Detect and alert SOC and IT teams of anomalous behavior that bypasses or circumvents privileged controls.

Having a viewable trail of privileged activity is important, but very few organizations have the staff or resources to view everything occurring within the environment. It’s both an exhausting and error-prone method for cybersecurity. CyberArk automatically captures audit records for each command and/or event that is executed or keystrokes that are typed and assigns each session with a risk score based on pre-defined policy. This enables security operations center personnel to take a risk-based approach by prioritizing the riskiest activities occurring within the environment by sending and receiving automatic alerts to and from Security Information and Event Management (SIEM) or User and Entity Behavior Analytics (UEBA) tools.

The Core Privileged Access Security Solution is able to detect attempts at bypassing or circumventing privileged controls in real-time and can both alert administrators as well as take automatic action to reduce the number of unmanaged access points to critical systems.

Automatically suspend or terminate privileged sessions based on risk assignment, and initiate automatic credential rotation in the event of privileged compromise or theft.

Sophisticated attackers can breach the network and gain access to critical systems and resources in record time.  How effective are security controls that are heavily reliant on manual intervention? Attackers can lay in wait for extended periods of time without ever being picked up by security controls or administrators. Having built-in, automated remediation controls in place is necessary for maintaining a strong security posture for the modern enterprise. CyberArk can automatically rotate credentials in the event of risky behavior such as credential theft, bypassing the Digital Vault, or unmanaged access; in order to mitigate risk in real-time without relying on manual intervention. Unmanaged accounts can be automatically on-boarded and managed through CyberArk’s continuous discovery capabilities. Additionally, in the event of privileged sessions reaching a certain risk score, administrators can establish policies to either to stop suspicious behavior before doing irreparable damage to the business.


Advanced modules are fully integrated into the Standard Core Privileged Access Security Solution to provide a comprehensive solution for security, audit and IT teams across on-premises, hybrid and cloud environments.

Centrally manage and enforce granular access controls. Establish super-user accountability on both Windows and *NIX servers and centralize the audit trail of all privileged access activity across server environments.

For *NIX

In many organizations, IT administrators, application developers, database administrators and others have permanent, continuous and anonymous superuser privileges. While some level of privileged access to business critical systems and data is required, many users have far more privileges than needed for their day-to-day tasks.

Least Privilege Server Protection for *NIX enables organizations to centrally manage and enforce granular access controls and establish superuser accountability, provide a full audit trail and recording of all privileged access activity on Unix/Linux systems.

For Windows

Privileged Windows servers accounts are a common target for hackers and cyber criminals. Internal and external attackers can exploit privileged server accounts to gain access to critical business systems, disrupt service or steal confidential information.

Least Privilege Server Protection for Windows enables organizations to enforce granular least privilege policies for IT administrators, efficiently segregate duties on Windows servers and tightly manage and control which applications are permitted to run on Windows servers to protecting against malware and ransomware.

Continuously monitor the network and detect in-progress Kerberos attacks, including Golden Ticket and Pass-the-Hash, and block suspected credential theft and harvesting attempts on domain controllers.

Advanced attacker are in search of domain administrator privileges given the unrestricted level of access and control these credentials provide throughout the IT landscape. These powerful accounts permit attackers to manipulate the most sensitive assets in the network – Domain Controllers (and Active Directory) – completely hidden from view of other users and outside the purview of security solutions designed to prevent such attacks. The Domain Controller Protection Solution enables organizations to protect domain controllers’ local credential stores (e.g. LSASS, NTDS.dit, and LSA) and can detect malicious activity in real time. The solution enforces credential boundaries for domain administrators without adding unnecessary complexity, cost and burden to end users, and simultaneously enables security teams to respond effectively with a detailed account of each security event on domain controllers.

Alero provides secure and quick remote vendor access to CyberArk Core Privileged Access Security. No VPNs, agents or passwords needed.

Deploy CyberArk in a variety of ways to match business needs and preferences. Select from a variety of deployment options based on control and flexibility.






A hospitality company went from full access to implementing privileged session management and dual control for user accountability and audit.



Driven by an audit finding a Fortune 500 company implemented CyberArk Session Management.


In CyberArk we’ve found a single scalable solution to reduce risk, address all of our unique requirements and significantly enhance the TOTVS cloud platform.

Leandro Soares Costa – Cloud Architect

Leading ERP Provider Totvs Secures Workloads and Infrastructure Across Multi-Cloud Environment with CyberArk



Act now. Take the CyberArk Guided Tour to see why CyberArk is the #1 Leader in Privileged Access Management.




Keep up-to-date on security best practices, events and webinars.