Continuously scan the environment to detect privileged access. Validate privilege by adding discovered accounts to a pending queue or automatically onboard and rotate accounts and credentials based on enterprise policy.

Organizations can’t secure what they don’t know exists. CyberArk provides several methods for discovering privileged accounts and credentials, including the standalone Discovery & Audit (DNA) Tool and accounts discovery functionality that comes standard with the Core Privileged Access Security Solution. CyberArk scans all distributed networks and discovers both local and domain accounts on Windows systems as well as SSH keys, root and other local accounts on *NIX. All relevant privileged account information is retrieved (e.g. dependencies, created date, etc.), and are placed in the Pending Accounts page within the CyberArk web portal. Administrators have the ability to set policy that establishes automatic account onboarding via REST API, among others aimed at streamlining workflow efficiency.

Once all privileged accounts have been discovered and on-boarded, policy can be set to establish credential strength (e.g. length and complexity) as well as frequency of rotation. Any shared accounts can also be rotated based on policy, such as credentials being used in multiple locations are not reused or used simultaneously, and are rotated directly after each individual use. Users can also access critical systems “just-in-time” by being added provisionally to a shared local administrator account on Windows servers for a pre-determined amount of time reducing the need for lower priority managed credentials.

Establish a secure control point to prevent credential exposure and isolate critical assets from end users with transparent connections to target systems via a variety of native workflows.

Workstations are often a soft target for attackers to penetrate the network and can be leveraged by malicious actors to jump laterally throughout the environment. CyberArk enables secure connections to critical systems through the use of a secure proxy that is fully isolated and thus never exposing privileged credentials directly to the end users or their client applications or devices. This secure control point manages access to these privileged credentials and implements dual-control for a more robust workflow, providing users with customized approval workflows that ensure they are in compliance with accessing the right systems.

End-users can connect securely in a variety of ways, one being directly through the CyberArk web portal for general access. Users who prefer a more native workflow can request a secure connection to CyberArk directly from their workstations using any standard RDP client application for Windows, as well as native command line connectivity to *NIX and other SSH based systems. Additionally, CyberArk provides secure access to a range of as-a-service applications and cloud platforms via the native application login screen, delivering a native and transparent user experience to administrators.

Automatically record and store privileged sessions within a centralized encrypted repository. Prioritize auditing recorded and active sessions with video playback that streamlines reviewing the most suspicious activity.

In breach scenarios, finding the exact cause and ensuring it can be contained is harder than finding a needle in a haystack. With CyberArk, all privileged sessions are automatically recorded in video and/or text format and stored and encrypted within a tamper-resistant Digital Vault. Log files can be easily accessed by security and audit teams alike to support both compliance and digital forensics. Ad hoc connections can also be brokered to target systems that are unmanaged by the Core Privileged Access Security Solution. Administrators also have the ability to filter any keystrokes or commands like SSH logging or HTTPS that are recorded throughout privileged connections to minimize unwanted audit records, thus reducing the number of audit records stored.

When reviewing sessions, each recording has a clickable table of contents that enables reviewers to go directly to specific activities or commands. To further the operational use of CyberArk, each session is assigned a risk score that can be sorted and viewed by administrators to jump directly to the most critical activities within the environment.

Administrators can view specific activities or keystrokes within video recordings. Detect and alert SOC and IT teams of anomalous behavior that bypasses or circumvents privileged controls.

Having a viewable trail of privileged activity is important, but very few organizations have the staff or resources to view everything occurring within the environment. It’s both an exhausting and error-prone method for cybersecurity. CyberArk automatically captures audit records for each command and/or event that is executed or keystrokes that are typed and assigns each session with a risk score based on pre-defined policy. This enables security operations center personnel to take a risk-based approach by prioritizing the riskiest activities occurring within the environment by sending and receiving automatic alerts to and from Security Information and Event Management (SIEM) or User and Entity Behavior Analytics (UEBA) tools.

The Core Privileged Access Security Solution is able to detect attempts at bypassing or circumventing privileged controls in real-time and can both alert administrators as well as take automatic action to reduce the number of unmanaged access points to critical systems.

Automatically suspend or terminate privileged sessions based on risk assignment, and initiate automatic credential rotation in the event of privileged compromise or theft.

Sophisticated attackers can breach the network and gain access to critical systems and resources in record time. How effective are security controls that are heavily reliant on manual intervention? Attackers can lay in wait for extended periods of time without ever being picked up by security controls or administrators. Having built-in, automated remediation controls in place is necessary for maintaining a strong security posture for the modern enterprise. CyberArk can automatically rotate credentials in the event of risky behavior such as credential theft, bypassing the Digital Vault, or unmanaged access; in order to mitigate risk in real-time without relying on manual intervention. Unmanaged accounts can be automatically on-boarded and managed through CyberArk’s continuous discovery capabilities. Additionally, in the event of privileged sessions reaching a certain risk score, administrators can establish policies to either to stop suspicious behavior before doing irreparable damage to the business.