From third-party vendors and hybrid workers to DevOps teams and their workflows, the universe of identities accessing sensitive resources keeps expanding — and with it, the attack surface.
To defend against threats, organizations can adopt a defense-in-depth strategy that addresses security vulnerabilities across a range of layers, before bad actors can take advantage of them.
Security teams can get started by uncovering where security gaps exist across each layer — with a holistic focus on secure access for all forms of identity.
To help you begin this journey, we've created a framework based on five common layers of risk, with recommendations for defense-in-depth controls to protect those layers:
1. Setting a foundation with context-aware authentication
2. Protecting endpoints and enforcing least privilege
3. Monitoring and auditing high-risk web applications
4. Providing secure third-party access
5. Securing credentials at scale
Read our whitepaper for insights on how to develop a defense-in-depth approach. You’ll also find details on Identity Security solutions from CyberArk that can help reduce the attack surface.
Recommended for You
Why reducing AI risk starts with treating agents as identities
As AI systems are used in our day-to-day operations, a central reality becomes unavoidable: AI doesn’t configure itself and must be set up with human approval and oversight. It requires engineers...
Why identity security is foundational for crypto agility in the post-quantum era
Cryptographic failures have a knack for turning a quiet weekend into a chaotic, all-hands-on-deck emergency. Consider the SHA-1 to SHA-2 deprecation, sometimes referred to as “Shapocalypse,” which...
32:18From Siloed to Unified: Identity Security in the AI-Driven Threat Era
Learn how a unified identity security approach delivers deep protection and strong alignment with CISO and SOC priorities.
How autonomous AI agents like OpenClaw are reshaping enterprise identity security
The viral surge of OpenClaw (formerly Clawdbot and Moltbot) has captured the tech world’s imagination, amassing over 160,000 GitHub stars and driving a hardware rush for Mac Minis to host these...
Contain the SSO blast radius: Identity security beyond MFA
Over the past week, multiple research teams have documented a renewed wave of voice-led social engineering (vishing) targeting identity providers and federated access. The entry point is not...
AI agents are forcing a reckoning with identity and control
Most organizations never planned for AI to start making real decisions. They started with simple helpers. An agent answered basic questions or generated small automations so teams could avoid...
CVE-2025-60021 (CVSS 9.8): command injection in Apache bRPC heap profiler
This research is published following the public release of a fix and CVE, in accordance with coordinated vulnerability disclosure best practices. CVE‑2025‑60021, a critical command injection issue...
26:15Identity Security Trailblazer: Modernizing Financial Services Security in the Cloud
Learn how a European bank built a compliant, resilient PAM program on CyberArk SaaS in a cloud-first environment.
ServiceNow and CyberArk: New REST API integration for enhanced credential management
ServiceNow’s External Credential Storage and Management Application is designed to help organizations securely retrieve and manage credentials from external vaults during IT operations, like...
Are we trusting AI too much?
Gone are the days when attackers had to break down doors. Now, they just log in with what look like legitimate credentials. This shift in tactics has been underway for a while, but the rapid...
4:08Security Matters | Fearlessly Forward with Maximus
Maximus is a major global provider of government services, supporting programs that connect people to essential services from healthcare to employment.
The hidden cost of PKI: Why certificate failures aren’t just an IT problem
For years, businesses have treated public key infrastructure (PKI) as background plumbing, quietly securing access across enterprise systems and devices, and rarely drawing executive attention...
How the future of privilege is reshaping compliance
If privilege has changed, compliance can’t stay static. As organizations accelerate digital transformation, the compliance landscape is shifting beneath their feet—especially when it comes to how...
CyberArk named overall leader in 2025 KuppingerCole ITDR Leadership Compass
KuppingerCole has recognized CyberArk identity threat detection and response (ITDR) as a leader across all categories: overall, product, innovation, and market in its 2025 KuppingerCole Leadership...
The Underwriting Gap: Why Compliance Doesn’t Prove Cyber Resilience
Compliance checks boxes, but insurers want proof. Learn how to demonstrate real cyber resilience.
What’s shaping the AI agent security market in 2026
For the past two years, AI agents have dominated boardroom conversations, product roadmaps, and investor decks. Companies made bold promises, tested early prototypes, and poured resources into...
UNO reverse card: stealing cookies from cookie stealers
Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. In the case of StealC, the thin line between attacker and victim turned out to be...
Beneath the AI iceberg: The forces reshaping work and security
In conversations about AI, there’s a tendency to treat the future like a horizon we’re walking toward, always somewhere ahead, always a question of when. But if we look closely, the forces...
Inside CyberArk Labs: the evolving risks in AI, browsers and OAuth
In 2025, we saw attackers get bolder and smarter, using AI to amplify old tricks and invent new ones. The reality is, innovation cuts both ways. If you have tools, AI is going to make...
KuppingerCole Leadership Compass for Identity Threat Detection and Response
Independent analyst validation for identity threat detection and response in an AI-driven threat landscape.
