Secure, rotate and control access to privileged account passwords
Privileged accounts provide access to an organization’s most sensitive data and critical systems, and when left unsecured, the passwords used to access these accounts can easily be lost, stolen or shared with unauthorized users. Without controls in place to proactively secure and manage privileged credentials, organizations can face an increased risk of data breaches, irreparable system damage, failed audits and fines.
CyberArk Enterprise Password Vault, a component of the CyberArk Privileged Account Security Solution, is designed to discover, secure, rotate and control access to privileged account passwords used to access systems throughout the enterprise IT environment. The solution enables organizations to understand the scope of their privileged account risks and put controls in place to mitigate those risks. Flexible policies enable organizations to enforce granular privileged access controls, automate workflows and rotate passwords at a regular cadence without requiring manual IT effort. To demonstrate compliance, organizations can easily report on which users accessed what privileged accounts, when and why.
CyberArk Enterprise Password Vault offered a best practice approach to compliance, enabling us to better enforce policies and automate password replacement.
Jethro Cornelissen
Global Lead & Head of Global Security Operations Center Rabobank International
Features
- Privileged account discovery finds and inventories privileged accounts throughout the IT environments
- Centralized, secure storage protects privileged account passwords used in on-premises, cloud and OT environments behind multiple layers of built-in security
- Automated password rotation updates and synchronizes privileged account passwords at regular intervals or on-demand, based on policy
- Granular privileged access controls prevent unauthorized users from accessing privileged account credentials
- Automated workflows enable users to request access to accounts with elevated privileges when needed for business purposes
- Detailed audit and reporting provides security and audit teams with a clear view of which individual users accessed which privileged or shared accounts, when and why
- Broad system support enables organizations to secure privileged account passwords used to access the vast majority of enterprise systems, including virtual and physical servers, databases, network devices, hypervisors, security appliances, SaaS and business applications and more
- Integration with CyberArk Privileged Threat Analytics enables the solution to receive alerts on potentially compromised accounts and automatically rotate the impacted credentials
- Technology integrations enable organizations to extend policies from existing solutions, such as ticketing, strong authentication, and identity and access management, to their privileged account security solution, as well as send privileged account data to SIEM solutions
Benefits
- Gain visibility into the scope of privileged accounts to more effectively address risks and measurably reduce the attack surface
- Reduce the risk of unauthorized access to privileged accounts to better protect sensitive data and systems from compromise
- Mitigate the risk of insider threats by eliminating unnecessary account access and tracking individual access to privileged accounts
- Support user productivity by enabling single sign-on and facilitating one-time privileged account access requests and approvals
- Minimize the timeframe during which a compromised credential could be used to gain unauthorized privileged account access by proactively rotating passwords
- Automatically contain active threats by receiving alerts on potentially compromised accounts and immediately invalidating the associated passwords
- Significantly reduce the operational burden on IT teams by eliminating manual password rotation processes
- Gain centralized, proactive protection of privileged account passwords that are used in on-premises, cloud and OT environments
- Maximize the value of existing investments by easily integrating with complementary technologies to leverage existing processes, policies and controls