Enterprise-Proven, Secrets Management Solution for Clouds, Containers and DevOps
CyberArk-Conjur is an enterprise-ready secrets management solution, tailored specifically to the unique infrastructure requirements of native cloud and DevOps environments, aimed at helping organizations secure and manage secrets used by machines (e.g. micro-services, applications, scripts, CI/CD tools, hosts, etc.) and privileged users throughout the DevOps pipeline.
Secrets represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, secrets allow attackers to take full control of an organization’s IT infrastructure, disable security controls, steal confidential information, commit financial fraud, and disrupt operations.
CyberArk-Conjur, part of the CyberArk Privileged Account Security Solution, helps organizations keep up with this rapidly shifting landscape. Organizations can adapt to and mitigate security risks and meet compliance requirements without slowing down their continuous integration workflows, and keep secrets, keys, certificates, and authentication data stored securely and out of repositories, out of source code, and off of hard drives.
Security-First, Enterprise-Ready Solution
CyberArk-Conjur is an enterprise-grade native cloud application, delivered inside a container or VM and optimized for the lighter technology stack of containers and for the elasticity and scale needed to support modern DevOps environments.
The solution provides integration with existing AD, LDAP and AWS IAM, so that organizations can leverage their trusted systems and security model across any environment. Further, the solution offers off-the-shelf integration with Cloud and DevOps tools such as Jenkins, Docker, Puppet, Chef, etc.
Secrets Management for protection and management of secret data such as encryption keys, API keys and passwords. Secrets are securely stored and managed in an encrypted and access-controlled container on the Conjur server. The solution supports a wide variety of container types, from binary to ASCII text.
Detailed dashboards provide a visual representation of incidents and threat levels, enabling incident response teams to quickly review historical incidents and take immediate action, if required.
Centralized, tamper-proof audit record storage for all authorization events and secrets operations, with a user-friendly interface to initiate and review compliance reports.
AD / LDAP and AWS IAM Integrations with organizations’ existing systems of record, including Active Directory and LDAP, to reduce the administrative burden by leveraging existing workflows for user and group management.
Integration with DevOps Toolchain to secure and manage secrets used by CI/CD tools such as Jenkins, Docker, Puppet, Chef, etc. These integrations empower organizations to maintain a fully automated DevOps pipeline while still significantly reducing the threat surface.
Seamless integration with SIEM platforms (e.g. SumoLogic, Splunk) allows the enrichment of system-wide audit and event management data with insight into secrets activity.
Cloud Scale platform, which can support massive concurrent usage as well as outsize performance spikes in your environment. Leveraging capabilities such as Amazon Auto Scaling Groups (ASG), the solution has demonstrated elastic, horizontal scaling at massive loads with no degradation of system performance.
HA Architecture: CyberArk-Conjur is delivered as a clustered software appliance and has the notion of Masters and Followers. Followers are read-only instances of the Conjur server that can be deployed in various combinations and configurations to ensure the highest degree of uptime and availability for your cloud infrastructure.
- Protect secrets based on a unified policy driven by InfoSec and consistently enforced across identities (users, tools, apps, micro-services, scripts and infrastructure), pipelines and cloud platforms
- Leverage off-the-shelf CI/CD tool integrations to quickly and easily provision, secure, and distribute secrets
- Gain visibility and control, and simplify compliance audits by maintaining and monitoring audit logs and secrets-related activity
- Assist security and compliance professionals to implement cost-effective, built-in processes to protect and manage secrets for users and machines (e.g. applications, tools, scripts, systems, etc.) throughout the DevOps environment
- Enable ease of deployment via a simple, scalable installation model, with quick and easy rollout into your environment.
- Highly scalable and automated deployment model
- Deployed via an easy, two-phase install:
- Install conjurize packages (~minutes), build an image, launch instances from images, then obtain machine identity and perform final configuration (~seconds) without requiring access to any package repos
- Install onto nodes with one command – “conjurize”
- Enable ease of administration through:
- Clean, user-friendly UI
- RBAC-based LDAP provides unique user/group lists to each machine
- Hosts, processes, and jobs abstracted into layers
- Environment admins can assign users to sudo (“conjurers”) or non-sudo (“users”) access plus Unix secondary groups