In the spirit of looking forward with renewed confidence and optimism, thousands of cybersecurity professionals joined us today to kick off CyberArk Impact Live 2021, the world’s largest virtual gathering focused on Identity Security.
Our 15th annual event offers an immersive two-day digital experience featuring more than 50 keynotes, breakouts, and training sessions. There’s a palpable energy and excitement around shaping the future of Identity Security together.
Evolving in a Rapidly Changing World — and Embracing It
In his opening keynote, CyberArk Chairman and CEO Udi Mokady applauded cybersecurity professionals for their tireless commitment, sacrifices, and efforts throughout the extraordinary pandemic-era race to enable new work models — while at the same time defending their organizations against unrelenting attacks.
He outlined three major trends that will influence the months ahead, urging participants to focus and stay the course in a time when “… the demands on each of us as cybersecurity professionals — to protect our organizations, our economies, our government operations and our way of life have never been greater.”
- Digital transformation and cloud migration are moving full steam ahead. In 2020, for the first time, organizations invested more in cloud infrastructure than in on-premises data centers, going all-in on services from cloud providers to supercharge their digital transformation. Meanwhile, many software development teams adopted new DevOps methodologies to automate processes and enable high-velocity innovation. While these initiatives continue to accelerate, threat actors are now targeting a quickly expanding attack surface, where any user can have some level of privileged access.
- Identity is the new battleground. The rapid move to work from anywhere dissolved any remaining notions of a traditional network perimeter. Recent findings from the CISO View 2021 Survey underscore this new reality: 97% of security executives are seeing an increase in credential theft, while more than half say attacks on end-users and their endpoints have increased. With this as a backdrop, there’s broad consensus around the value of Zero Trust and a growing sense of urgency for securing privileged access. Senior executives view Identity Security controls as their top priority for making Zero Trust a reality to protect their most valuable resources.
- Attacker innovation is accelerating. Attackers are upping their game to compromise identities and escalate privileges, so they can gain access to organizations’ most sensitive assets in three major ways. First, they’re using more sophisticated techniques, such as the Golden SAML method used in the SolarWinds digital supply chain attack. Second, they’re getting much more targeted with spear-phishing and impersonation attacks, often focusing on end-users who have high-value access to specific systems. And third, they are becoming bolder and finding more ways to scale their impact, as evidenced by the recent surge in double-extortion ransomware attacks.
Identity compromise is the common denominator in all these attacks — and the abuse of privileged access is almost always a factor in the attack chain. Organizations must evolve their cybersecurity programs by taking a security-first, least privilege view of identity-related risk to help eliminate security gaps.
Transforming the CyberArk Identity Security Vision into Reality
Since unveiling the CyberArk Identity Security vision last year at Impact, we’ve had many strategic conversations with cybersecurity leaders. These discussions have been invaluable in further shaping our strategy and helping to inform our view of the future.
By harnessing these insights — and with a relentless focus on innovation — we’ve evolved the CyberArk Identity Security Platform into a comprehensive set of Software-as-a-Service (SaaS) and self-hosted solutions over the past year. Centered on privileged access management, the platform provides customers a unified and holistic approach to securing standing and dynamic access for any user, across any type of application or system — from anywhere, using any device.
Today at Impact 2021, we announced new software services and platform advancements to help organizations secure high-risk access and broaden protection across cloud and hybrid environments. These innovations extend our commitment to our customers as they drive forward digital transformation, execute on cloud migration initiatives, achieve Zero Trust — and, most importantly, defend against advanced cyberattacks. We’re proud to introduce:
- CyberArk Dynamic Privileged Access: Drastically reduces risk of standing access by provisioning just-in-time access to hybrid and cloud workloads starting with Linux and Windows Virtual Machines. Dynamic Privileged Access also includes full audit capabilities, providing insight into exactly who accessed what and when. Only CyberArk secures both standing and dynamic access across hybrid and multi-cloud environments while enforcing least privilege controls.
- CyberArk Secure Web Sessions: Adds additional layers of security to high-risk browser-based applications access via continuous monitoring, re-authentication enforcement, and isolation of malicious processes originating on end-user devices. Secure Web Sessions enables enterprises to record and audit risky user behavior within any web application while maintaining a frictionless user experience.
- CyberArk Lifecycle Management for Privileged Users: An expansion of existing capabilities, customers can now further expedite employee onboarding, including those with privileged access, and meet audit and compliance mandates more efficiently. Lifecycle Management for Privileged Users integrates with existing solutions and can also work with HR-driven identity management solutions, providing further flexibility to enterprises.
- In addition to these new SaaS solutions, we unveiled new cloud-native shared services that are available to customers running CyberArk software on-premises, in their own clouds, or managed by CyberArk. Services include a unified identity management, authentication, and authorization layer, AI-powered Identity Security analytics, an integrated Identity Agent, and more. These new services will dramatically improve operational efficiencies and reduce risk for security teams.
- And in response to feedback from our extensive CyberArk Commons Community of developers engineers and security professionals, we’re proud to introduce Conjur Cloud, a SaaS-based version of our Conjur secrets management solution.
Dynamic Privileged Access and Secure Web Sessions will be generally available by the end of the year. Conjur Cloud and the next iteration of Lifecycle Management capabilities for Privileged Users will be available in 2022.
Moving Fearlessly Forward Together
All of this — our Identity Security vision, platform, shared services, and new solutions — is the culmination of a multi-year effort to define and build a cybersecurity approach for the next decade.
Today, the breadth and depth of CyberArk’s platform is unmatched. We are building a highly differentiated Identity Security Platform centered on privileged access and investing in SaaS while continuing to address self-hosted customer needs.
But of course, there’s much yet to come as we continue to innovate to address current and future Identity Security requirements. We’re honored and humbled to be on this journey alongside our customers and partners. Together, we can make huge FUTURE IMPACT as we go forward — for your careers, your organizations, your communities and for the cybersecurity industry as a whole.
If you haven’t registered for CyberArk Impact Live yet, there’s still time! We’ve got another exciting day lined up for tomorrow, Wednesday, June 9. Register now to hear inspiring keynotes, attend live technical sessions with industry visionaries, hear new research presented by CyberArk researchers and also enable playback sessions on demand.