With the 23.9 release, CyberArk Identity supports the following new features:
Multi-Factor Authentication (MFA)
Updated Behavior Change in Default Values for Authentication on ISPSS Tenants
CyberArk Identity features an authentication “deception mode” – ISPSS end users are always shown secondary authentication challenges even if they fail the initial one. For example, end users are prompted to pass an MFA challenge after incorrectly providing a username and password. This ensures that attackers can’t determine the validity of initial credentials and reduces the risk of brute-force password attacks.
With this release, the “deception mode” is now disabled by default to notify end users if the first authentication challenge is unsuccessful. While less secure , this update improves the end-user experience and reduces the need for IT helpdesk support by ensuring that legitimate users do not inadvertently lock their accounts after consecutive failed login attempts.
Default behavior change in default values for ISPSS tenants
CyberArk Identity Splunk Add-on Upgraded to Version 3
CyberArk Identity now integrates with Splunk Add-on v3, which supports Splunk Enterprise 8.2 and above. This is based on Splunk’s recommendation to better support our security integration and event management (SIEM) integration capabilities. With this Splunk Add-on, you can categorize event log data captured from CyberArk Identity Next-Gen Access activity and normalize these events for Splunk Common Information Model (CIM) compatibility. This allows real time analysis and risk mitigation to identify a potential breach in progress. It minimizes the risk associated with user access, centralizes visibility across enterprise deployments and leverages existing investments in SIEM and alert tools without additional costs.
Learn more about the changed default behavior for ISPSS tenants.
Workforce Password Management
Secured Notes Import from Third-party Password Managers
CyberArk Workforce Password Manager (WPM) provides extensive account and secure note import capabilities to simplify migration from your existing password managers. This release extends secure note import to third-party password managers, including KeePass, Google and Dashlane . CyberArk WPM users can securely store notes in their CyberArk Identity Cloud or the CyberArk Privileged Access Manager (PAM) Self-Hosted Vault. Using an intuitive interface, end users can export existing notes to a CSV file and import them into the solution.
Learn more about importing notes and credentials.
CyberArk WPM is designed to reduce the risk of weak, reused and easy-to-guess passwords for business applications. Previously, CyberArk WPM allowed users to create highly complex passwords using a password generator feature. Now, CyberArk WPM provides an option to create passphrases instead of randomly generated passwords. Passphrases can be easier to remember for humans and harder to crack for machines.
For example, instead of using an alphanumeric string, such as “L74$V6aY!^H2” as a password, end users can now generate a memorable yet hard-to-guess passphrase such as “Alpaca_denied<_shoe_loan!.” Both administrators and end users can configure the number of words in passphrases and specify separators, symbols, numbers and cases to enhance security.
The passphrase generator feature is available in the password generator tool within CyberArk Identity Browser Extension password.
Learn more about generating passphrases.
Credential Autofill for Apps not Present in the CyberArk App Catalog
CyberArk WPM allows end users to import applications that do not exist in the CyberArk App Catalog. Previously, these apps could be launched from the CyberArk WPM portal but required end users to manually copy and paste their credentials to log in . Now, all apps, including applications not in the CyberArk App Catalog, support credential autofill. This provides a better user experience and enables seamless login to all applications protected by CyberArk WPM.
Automatically insert end-user credentials for all apps
Learn more about managing web apps with Workforce Password Management.
CyberArk Secure Web Sessions
Session Control Enhancements
CyberArk Secure Web Sessions introduced the Session Control security layer in the CyberArk Identity 23.1 release. Session Control allows administrators to define notification and enforcement rules for specific text and number fields within web applications. With this release, administrators can now also block buttons and links within any web application protected by CyberArk Secure Web Sessions.
For example, administrators can now create rules to prevent users from clicking the “download” button for specific sensitive reports or blocking users from accessing hyperlinked services within apps. Session Control rules are easy to create for specific users, groups and roles and provide the option to enforce conditions, send push notifications to the CyberArk Mobile app or send alerts through email.
Learn more about Session Control rules.
Create Session Control Rules Directly from the Session Timeline
CyberArk Secure Web Sessions records user activities within protected apps using a “stepper” approach. Actions like mouse clicks and keystrokes trigger a screenshot of a user’s browser window and relevant metadata. Administrators can audit user activities by reviewing a Session Timeline, which provides context and a step-by-step breakdown of the actions taken before, during and after a security event. Administrators can create and modify Session Control rules directly from the session timeline tab with this release. For example, suppose an administrator auditing a session for a cloud management console notices the addition of a user with a non-company email domain. In that case, they can define a Session Control rule that only allows users with a specific email domain to be created. This simplifies the Session Control rule creation and provides administrators the flexibility to define preventive controls from specific steps in the timeline.
Learn more about creating a rule from the session timeline.
Read more about the CyberArk Identity 23.9 release in the release notes.