SECURE PRIVILEGE EVERYWHERE

CyberArk is the #1 Leader in Privileged Access Security

REQUEST A DEMO

PRIVILEGE IS EVERYWHERE

Privileged accounts, credentials and secrets are everywhere. And attackers are after them. Right now.

80%

of security breaches involve privileged credentials.

The Forrester Wave™: Privileged Identity Management, Q3 2016

99 days

The average time
to discovery.

Mandiant M-Trends
2017

3 days

after initial access, attackers can obtain domain-level admin credentials.

Mandiant M-Trends
2017

#1 LEADER IN PRIVILEGED ACCESS SECURITY

Recognized for establishing the Privileged Access Security category, CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets.

MARKET SHARE LEADER

Recognized as the market share leader by Forrester and IDC

PRIVILEGED ACCESS SECURITY

Only public company 100% focused on privileged account security

CONSTANTLY INNOVATING

Constantly innovating to stay one step ahead of the attackers

MOST COMPRENHENSIVE PRIVILEGED ACCESS SECURITY PORTFOLIO

CyberArk provides the most comprehensive solution to secure privileged access on-premises and in the cloud, from every endpoint and application, and throughout the DevOps pipeline.

ON-PREMISES

Secure credentials, isolate and monitor sessions, and prevent privileged attacks for your on-premises infrastructure and applications.

LEARN MORE

CLOUD

Secure privileged credentials across your hybrid cloud, IaaS, and SaaS environments and deploy CyberArk in the cloud of your choice.

LEARN MORE

DEVOPS

Simplify secret management with validated, ready to use CI/CD toolset integration and available as free and open source software.

LEARN MORE

ENDPOINT

Enforce least privilege, control applications, and prevent credential theft on endpoints to contain attacks and stop lateral movement.

LEARN MORE

HOW CYBERARK COMPARES TO THE COMPETITION

Don’t just take our word for it. Here is an analysis from IDG on how CyberArk stacks up to the competition.

Security, Recoverability, and Auditability
The solution is an “All- In-One” appliance that is built upon third-party software components that may present a wider attack surface. Passwords and audit security utilize the native security found in the MS SQL database.	Hardened secure server provides storage for credentials. HA/DR is provided with a clustered server deployment. Does provide audit capabilities	Isolated vault, hardened, and secured for credentials and privileged session recordings. Multiple HA and DR options without 3rd party dependencies Full audit trail protected by same vault security.	No hardening out of the box provided by the vendor. Local admin can export and decrypt entire DB including historic entries. (http://seclists. org/fulldisclosure/2017/ Apr/83)
Comprehensive and Flexible Password Rotation for Users, Applications, and DevOps tools
Password rotation for the web, customer, and Commercial-off-the- Shelf (COTS) applications is limited. Integration with DevOps tools is fairly basic and narrow with support for only a generic API. There is no certified integration with specific DevOps tools.	Password rotation on Windows requires additional components and support for applications is limited and requires extensive customization. Limited integration with DevOps tools — only through generic API. No certified integration.	Largest number of system, COTS, and custom applications supported. Enterprise ready. Integration with security tools via the CyberArk C3 Alliance program. Connectors and plug-ins available including customization. Deep integration with DevOps applications.	Limited support for custom and COTS applications. Limited integration with DevOps tools — only through generic API.
Privileged Attack Detection and Prevention for On-premises, Cloud, and DevOps
The solution has no built-in analytics capabilities. The product can only aggregate and correlate known events for credentials contained within the solution. There is no discovery and mapping of privileged access risks.	Analytics is based on add-on to Privileged Access Manager. No privileged access attack detection and prevention.	Detection and prevention of privileged access attacks such as Pass the Hash and Golden Ticket. Integration with session management and endpoint privileged management provides greater visibility. Mapping between suspicious privileged access activities and their corresponding session recordings identifies potential attack.	Analytics is based on add-on to SecretServer. No privileged access attacks detection and prevention.
Flexible and Scalable Architecture
To provide scalability and growth, multiple nodes need to be deployed using an SQL AlwaysOn Availability Group (AG). AG may be a difficult product to patch in production, and vulnerabilities have been identified in the past for SQL Server.	New release offers improvements to the appliance to support better scaling. Improvements to clustering have also improved scaling. Flexibility is a bit limited with current solution.	Component-based architecture allows flexible architecture and deployment. Software-based components are less complex to deploy and maintain. This also facilitates flexibility and easier scaling of hardware. Distributed networks and multi-site deployments are easily scalable.	Scalability is not yet completely proven in enterprise organizations.

Security, Recoverability, and Auditability

The solution is an “All- In-One” appliance that is built upon third-party software components that may present a wider attack surface.

Passwords and audit security utilize the native security found in the MS SQL database.

Hardened secure server provides storage for credentials.

HA/DR is provided with a clustered server deployment.

Does provide audit capabilities

Isolated vault, hardened, and secured for credentials and privileged session recordings.

Multiple HA and DR options without 3rd party dependencies

Full audit trail protected by same vault security.

No hardening out of the box provided by the vendor.

Local admin can export and decrypt entire DB including historic entries. (http://seclists. org/fulldisclosure/2017/ Apr/83)

Comprehensive and Flexible Password Rotation for Users, Applications, and DevOps tools

Password rotation for the web, customer, and Commercial-off-the- Shelf (COTS) applications is limited.

Integration with DevOps tools is fairly basic and narrow with support for only a generic API. There is no certified integration with specific DevOps tools.

Password rotation on Windows requires additional components and support for applications is limited and requires extensive customization.

Limited integration with DevOps tools — only through generic API. No certified integration.

Largest number of system, COTS, and custom applications supported.

Enterprise ready. Integration with security tools via the CyberArk C3 Alliance program. Connectors and plug-ins available including customization.

Deep integration with DevOps applications.

Limited support for custom and COTS applications.

Limited integration with DevOps tools — only through generic API.

Privileged Attack Detection and Prevention for On-premises, Cloud, and DevOps

The solution has no built-in analytics capabilities. The product can only aggregate and correlate known events for credentials contained within the solution.

There is no discovery and mapping of privileged access risks.

Analytics is based on add-on to Privileged Access Manager.

No privileged access attack detection and prevention.

Detection and prevention of privileged access attacks such as Pass the Hash and Golden Ticket.

Integration with session management and endpoint privileged management provides greater visibility.

Mapping between suspicious privileged access activities and their corresponding session recordings identifies potential attack.

Analytics is based on add-on to SecretServer.

No privileged access attacks detection and prevention.

Flexible and Scalable Architecture

To provide scalability and growth, multiple nodes need to be deployed using an SQL AlwaysOn Availability Group (AG).

AG may be a difficult product to patch in production, and vulnerabilities have been identified in the past for SQL Server.

New release offers improvements to the appliance to support better scaling.

Improvements to clustering have also improved scaling.

Flexibility is a bit limited with current solution.

Component-based architecture allows flexible architecture and deployment.

Software-based components are less complex to deploy and maintain. This also facilitates flexibility and easier scaling of hardware.

Distributed networks and multi-site deployments are easily scalable.

Scalability is not yet completely proven in enterprise organizations.

TRUSTED BY THE LEADING ENTERPRISES

CyberArk is the trusted leader in Privileged Access Security, with more than half of the Fortune 100 relying on our solutions to protect their most critical and high-value assets.