CyberArk Identity 22.9 Release

September 14, 2022 Stas Neyman

CyberArk Identity 22.9 Release

With the 22.9 release, CyberArk Identity supports the following new features:

New Product: CyberArk Identity Compliance

CyberArk recently introduced Identity Compliance, a new offering that helps you continuously enforce compliance, streamline audits and reduce risk by increasing visibility and control over access to apps and privileged entitlements. IT organizations need a way to simplify and rapidly automate identity management compliance processes while satisfying their regulatory obligations. Alternatives such as handling these processes manually are error-prone, come with high overhead costs and are not sustainable. In addition, embarking on complex and costly integration projects with point tools can take more than a year. Identity Compliance, on the other hand, provides quick time to value, extending the principles of least privilege to your compliance initiatives.

Identity Compliance allows you to review user access and certify or revoke based on contextual data

Identity Compliance allows you to review user access and certify or revoke based on contextual data

To learn more about CyberArk Identity Compliance, please read the product announcement.

Multi-factor Authentication 

Device Trust (General Availability)

CyberArk Identity supports certificate-based authentication that enables users to seamlessly log in to their assigned applications and services without additional authentication once their devices are verified. With this release, you can now set up certificate-based authentication for managed devices using Device Trust functionality. Device Trust leverages IWA and JAMF on Windows and Mac devices respectively to deliver trust certificates, which can then be used as a cryptographically secure conditional access mechanism. For example, with Device Trust, you can prevent non-authenticated devices from accessing the CyberArk Identity portal or specific protected apps. In addition, you can use Device Trust to manage CyberArk Identity certificates. For example, you can revoke, renew or define the time limit for certificate validity.

Certificate-based Authentication Policy Config

Certificate-based Authentication Policy Config

Certificate Management UI

Certificate Management UI

To learn more about Device Trust functionality, please see here for Windows and here for Mac.

Apple Watch Mobile Authenticator Configuration

CyberArk Identity allows end users to view one-time passcodes (OTP) and approve push notification access requests directly on their Apple Watches without opening the CyberArk Identity Authenticator app on their mobile devices. This reduces MFA friction and allows users to quickly pass identity verification challenges. However, it also increases the risk of unauthorized access if Apple Watch is left unlocked or is protected with a simple numeric passcode. With this release, administrators can now configure if users are allowed to use Apple Watch as a mobile authenticator to approve their access requests, empowering companies to determine the right trade-off between convenience and security.

To learn more about Apple Watch authenticator functionality, please see here.  

Secure Web Sessions  

SIEM integration APIs

You can now integrate your Security Information and Event Management (SIEM) tools with CyberArk Secure Web Sessions using APIs. This enables you to incorporate security events captured by Secure Web Sessions into your overall security infrastructure and event analysis workflows. In addition, you can extend the logging capabilities of your high-risk applications and export specific session details for analysis outside of Secure Web Sessions. For example, you can determine if any sensitive financial information was downloaded from Salesforce by your authorized users. First, you can import all Salesforce-specific events captured by Secure Web Sessions into Splunk. Next, you can create a filter to identify every user who has downloaded, exported or copied sensitive data from Salesforce during a specific period.

To learn more about Secure Web Sessions APIs, please see here.

Enhanced capture of clipboard actions

You can now capture context for clipboard actions in applications protected by Secure Web Sessions. Previously, Secure Web Sessions enabled administrators to find clipboard actions by recording screenshots of users right-clicking on a file or text string within a protected application and accessing the copy/paste menu. Administrators could also block users from accessing the clipboard function outright. This provided admins limited visibility into the contextual details of clipboard actions and did not capture blocked attempts to copy data in the Secure Web Sessions audit trail. With this release, you can now record all clipboard actions in addition to the context of the clipboard. For example, you can now capture that a user with access to a sensitive financial application selected a bank account number and right-clicked on the copy action in the contextual menu. In addition, you can now find all users who were blocked from accessing the contextual menu to copy or paste text or drag and drop files.

Secure Web Sessions Audit Trail

Secure Web Sessions Audit Trail

To learn more about Secure Web Sessions protection layers, please see here.

Enhanced capture of download actions

You can now capture context for download actions in applications protected by Secure Web Sessions. Previously, Secure Web Sessions enabled administrators to find download actions by recording screenshots of users clicking on a download button or accessing the download menu within a protected application. Administrators could also block users from downloading files outright. This provided admins limited visibility into the contextual details of download actions and did not capture blocked download attempts in the Secure Web Sessions audit trail. With this release, you can now capture all download actions with additional context, including original file names, file URLs, destination directories, size of the downloads and the new file names if files were renamed. For example, you can now see that a user exported sensitive information from Workday, renamed it to “dummydata.xls” and saved it to a flash drive. In addition, you can now find all users who were blocked from downloading files by Secure Web Session policies.

Secure Web Sessions Audit Trail, Image 2

Secure Web Sessions Audit Trail

To learn more about Secure Web Sessions protection layers, please see here.

For more information on the 22.9 release, please see the CyberArk Identity release notes.

Previous Article
CyberArk Identity Security Intelligence Activity Logs in AWS CloudTrail Lake for Enhanced Visibility and Troubleshooting
CyberArk Identity Security Intelligence Activity Logs in AWS CloudTrail Lake for Enhanced Visibility and Troubleshooting

CyberArk and AWS have partnered to provide enhanced security and compliance for IT environments through the...

Next Article
CyberArk Identity Compliance
CyberArk Identity Compliance

CyberArk Identity Compliance automates manually intensive, error-prone administrative processes, ensuring t...