From third-party vendors and hybrid workers to DevOps teams and their workflows, the universe of identities accessing sensitive resources keeps expanding — and with it, the attack surface.
To defend against threats, organizations can adopt a defense-in-depth strategy that addresses security vulnerabilities across a range of layers, before bad actors can take advantage of them.
Security teams can get started by uncovering where security gaps exist across each layer — with a holistic focus on secure access for all forms of identity.
To help you begin this journey, we've created a framework based on five common layers of risk, with recommendations for defense-in-depth controls to protect those layers:
1. Setting a foundation with context-aware authentication
2. Protecting endpoints and enforcing least privilege
3. Monitoring and auditing high-risk web applications
4. Providing secure third-party access
5. Securing credentials at scale
Read our whitepaper for insights on how to develop a defense-in-depth approach. You’ll also find details on Identity Security solutions from CyberArk that can help reduce the attack surface.
Recommended for You
CVE-2025-60021 (CVSS 9.8): command injection in Apache bRPC heap profiler
This research is published following the public release of a fix and CVE, in accordance with coordinated vulnerability disclosure best practices. CVE‑2025‑60021, a critical command injection issue...
26:15Identity Security Trailblazer: Modernizing Financial Services Security in the Cloud
Learn how a European bank built a compliant, resilient PAM program on CyberArk SaaS in a cloud-first environment.
ServiceNow and CyberArk: New REST API integration for enhanced credential management
ServiceNow’s External Credential Storage and Management Application is designed to help organizations securely retrieve and manage credentials from external vaults during IT operations, like...
Are we trusting AI too much?
Gone are the days when attackers had to break down doors. Now, they just log in with what look like legitimate credentials. This shift in tactics has been underway for a while, but the rapid...
4:08Security Matters | Fearlessly Forward with Maximus
Maximus is a major global provider of government services, supporting programs that connect people to essential services from healthcare to employment.
The hidden cost of PKI: Why certificate failures aren’t just an IT problem
For years, businesses have treated public key infrastructure (PKI) as background plumbing, quietly securing access across enterprise systems and devices, and rarely drawing executive attention...
How the future of privilege is reshaping compliance
If privilege has changed, compliance can’t stay static. As organizations accelerate digital transformation, the compliance landscape is shifting beneath their feet—especially when it comes to how...
CyberArk named overall leader in 2025 KuppingerCole ITDR Leadership Compass
KuppingerCole has recognized CyberArk identity threat detection and response (ITDR) as a leader across all categories: overall, product, innovation, and market in its 2025 KuppingerCole Leadership...
The Underwriting Gap: Why Compliance Doesn’t Prove Cyber Resilience
Compliance checks boxes, but insurers want proof. Learn how to demonstrate real cyber resilience.
What’s shaping the AI agent security market in 2026
For the past two years, AI agents have dominated boardroom conversations, product roadmaps, and investor decks. Companies made bold promises, tested early prototypes, and poured resources into...
UNO reverse card: stealing cookies from cookie stealers
Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. In the case of StealC, the thin line between attacker and victim turned out to be...
Beneath the AI iceberg: The forces reshaping work and security
In conversations about AI, there’s a tendency to treat the future like a horizon we’re walking toward, always somewhere ahead, always a question of when. But if we look closely, the forces...
Inside CyberArk Labs: the evolving risks in AI, browsers and OAuth
In 2025, we saw attackers get bolder and smarter, using AI to amplify old tricks and invent new ones. The reality is, innovation cuts both ways. If you have tools, AI is going to make...
KuppingerCole Leadership Compass for Identity Threat Detection and Response
Independent analyst validation for identity threat detection and response in an AI-driven threat landscape.
Will AI agents ‘get real’ in 2026?
In my house, we consume a lot of AI research. We also watch a lot—probably too much—TV. Late in 2025, those worlds collided when the AI giant Anthropic was featured on “60 Minutes.” My husband...
Post-quantum identity security: Moving from risk to readiness
Quantum computing sounds like something straight out of science fiction. It brings to mind images of impossibly powerful machines solving humanity’s biggest problems, from discovering new...
Vibe check your vibe code: Adding human judgment to AI-driven development
Remember when open meant visible? When a bug in open-source code left breadcrumbs you could audit? When you could trace commits, contributors, timestamps, even heated 2:13 a.m. debates on tabs...
The CA/B Forum mandate: a catalyst for modernizing machine identity management
Modernization rarely begins without a catalyst. For organizations managing machine identities, the CA/B Forum mandate is driving a wave of change—transforming compliance pressure into momentum for...
Solving the Privileged Identity Puzzle
New research reveals why standing privilege, identity sprawl, and fragmented PAM are putting organizations at risk.
Identity security: The essential foundation for every CISO’s 2026 cybersecurity strategy
When I first joined CyberArk, it wasn’t just about the company or the technology, but a belief. A belief that identity security is the foundation of cybersecurity. Identity security is the...
