{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"company":{"role-vendor":{"ru":"Производитель","_type":"localeString","en":"Vendor"},"role-supplier":{"ru":"Поставщик","_type":"localeString","en":"Supplier"},"products-popover":{"en":"Products","de":"die produkte","ru":"Продукты","_type":"localeString"},"introduction-popover":{"_type":"localeString","en":"introduction","ru":"внедрения"},"partners-popover":{"ru":"партнеры","_type":"localeString","en":"partners"},"update-profile-button":{"en":"Update profile","ru":"Обновить профиль","_type":"localeString"},"read-more-button":{"_type":"localeString","en":"Show more","ru":"Показать ещё"},"hide-button":{"ru":"Скрыть","_type":"localeString","en":"Hide"},"user-implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"categories":{"ru":"Компетенции","_type":"localeString","en":"Categories"},"description":{"ru":"Описание","_type":"localeString","en":"Description"},"role-user":{"ru":"Пользователь","_type":"localeString","en":"User"},"partnership-vendors":{"_type":"localeString","en":"Partnership with vendors","ru":"Партнерство с производителями"},"partnership-suppliers":{"en":"Partnership with suppliers","ru":"Партнерство с поставщиками","_type":"localeString"},"reference-bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus 4 reference"},"partner-status":{"_type":"localeString","en":"Partner status","ru":"Статус партнёра"},"country":{"en":"Country","ru":"Страна","_type":"localeString"},"partner-types":{"_type":"localeString","en":"Partner types","ru":"Типы партнеров"},"branch-popover":{"ru":"область деятельности","_type":"localeString","en":"branch"},"employees-popover":{"ru":"количество сотрудников","_type":"localeString","en":"number of employees"},"partnership-programme":{"ru":"Партнерская программа","_type":"localeString","en":"Partnership program"},"partner-discounts":{"ru":"Партнерские скидки","_type":"localeString","en":"Partner discounts"},"registered-discounts":{"ru":"Дополнительные преимущества за регистрацию сделки","_type":"localeString","en":"Additional benefits for registering a deal"},"additional-advantages":{"ru":"Дополнительные преимущества","_type":"localeString","en":"Additional Benefits"},"additional-requirements":{"en":"Partner level requirements","ru":"Требования к уровню партнера","_type":"localeString"},"certifications":{"_type":"localeString","en":"Certification of technical specialists","ru":"Сертификация технических специалистов"},"sales-plan":{"ru":"Годовой план продаж","_type":"localeString","en":"Annual Sales Plan"},"partners-vendors":{"_type":"localeString","en":"Partners-vendors","ru":"Партнеры-производители"},"partners-suppliers":{"_type":"localeString","en":"Partners-suppliers","ru":"Партнеры-поставщики"},"all-countries":{"ru":"Все страны","_type":"localeString","en":"All countries"},"supplied-products":{"ru":"Поставляемые продукты","_type":"localeString","en":"Supplied products"},"vendored-products":{"en":"Produced products","ru":"Производимые продукты","_type":"localeString"},"vendor-implementations":{"ru":"Производимые внедрения","_type":"localeString","en":"Produced deployments"},"supplier-implementations":{"ru":"Поставляемые внедрения","_type":"localeString","en":"Supplied deployments"},"show-all":{"en":"Show all","ru":"Показать все","_type":"localeString"},"not-yet-converted":{"_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later.","ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время."},"schedule-event":{"_type":"localeString","en":"Events schedule","ru":"Pасписание событий"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"register":{"ru":"Регистрация ","_type":"localeString","en":"Register"},"login":{"en":"Login","ru":"Вход","_type":"localeString"},"auth-message":{"en":"To view company events please log in or register on the sit.","ru":"Для просмотра ивентов компании авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString"},"company-presentation":{"ru":"Презентация компании","_type":"localeString","en":"Company presentation"}},"header":{"help":{"de":"Hilfe","ru":"Помощь","_type":"localeString","en":"Help"},"how":{"_type":"localeString","en":"How does it works","de":"Wie funktioniert es","ru":"Как это работает"},"login":{"de":"Einloggen","ru":"Вход","_type":"localeString","en":"Log in"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"ru":"FAQ","_type":"localeString","en":"FAQ","de":"FAQ"},"references":{"de":"References","ru":"Мои запросы","_type":"localeString","en":"Requests"},"solutions":{"en":"Solutions","ru":"Возможности","_type":"localeString"},"find-it-product":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"autoconfigurator":{"en":" Price calculator","ru":"Калькулятор цены","_type":"localeString"},"comparison-matrix":{"_type":"localeString","en":"Comparison Matrix","ru":"Матрица сравнения"},"roi-calculators":{"en":"ROI calculators","ru":"ROI калькуляторы","_type":"localeString"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"catalogs":{"en":"Catalogs","ru":"Каталоги","_type":"localeString"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"categories":{"_type":"localeString","en":"Categories","ru":"Категории"},"for-suppliers":{"ru":"Поставщикам","_type":"localeString","en":"For suppliers"},"blog":{"ru":"Блог","_type":"localeString","en":"Blog"},"agreements":{"_type":"localeString","en":"Deals","ru":"Сделки"},"my-account":{"en":"My account","ru":"Мой кабинет","_type":"localeString"},"register":{"en":"Register","ru":"Зарегистрироваться","_type":"localeString"},"comparison-deletion":{"ru":"Удаление","_type":"localeString","en":"Deletion"},"comparison-confirm":{"en":"Are you sure you want to delete","ru":"Подтвердите удаление","_type":"localeString"},"search-placeholder":{"en":"Enter your search term","ru":"Введите поисковый запрос","_type":"localeString"},"my-profile":{"ru":"Мои данные","_type":"localeString","en":"My profile"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4presenter":{"en":"Roi4Presenter","_type":"localeString"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"sub_it_catalogs":{"_type":"localeString","en":"Find IT product"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"},"it_our_it_catalogs":{"_type":"localeString","en":"Our IT Catalogs"},"it_products":{"en":"Find and compare IT products","_type":"localeString"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"en":"Find vendor and company-supplier","_type":"localeString"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"en":"All rights reserved","de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString"},"company":{"en":"My Company","de":"Über die Firma","ru":"О компании","_type":"localeString"},"about":{"ru":"О нас","_type":"localeString","en":"About us","de":"Über uns"},"infocenter":{"_type":"localeString","en":"Infocenter","de":"Infocenter","ru":"Инфоцентр"},"tariffs":{"de":"Tarife","ru":"Тарифы","_type":"localeString","en":"Subscriptions"},"contact":{"ru":"Связаться с нами","_type":"localeString","en":"Contact us","de":"Kontaktiere uns"},"marketplace":{"ru":"Marketplace","_type":"localeString","en":"Marketplace","de":"Marketplace"},"products":{"ru":"Продукты","_type":"localeString","en":"Products","de":"Produkte"},"compare":{"de":"Wähle und vergleiche","ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare"},"calculate":{"en":"Calculate the cost","de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString"},"get_bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference","de":"Holen Sie sich einen Rabatt"},"salestools":{"en":"Salestools","de":"Salestools","ru":"Salestools","_type":"localeString"},"automatization":{"en":"Settlement Automation","de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString"},"roi_calcs":{"_type":"localeString","en":"ROI calculators","de":"ROI-Rechner","ru":"ROI калькуляторы"},"matrix":{"_type":"localeString","en":"Comparison matrix","de":"Vergleichsmatrix","ru":"Матрица сравнения"},"b4r":{"ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference"},"our_social":{"de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString","en":"Our social networks"},"subscribe":{"de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter"},"subscribe_info":{"_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews","ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта"},"policy":{"en":"Privacy Policy","ru":"Политика конфиденциальности","_type":"localeString"},"user_agreement":{"ru":"Пользовательское соглашение ","_type":"localeString","en":"Agreement"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"quote":{"_type":"localeString","en":"Price calculator","ru":"Калькулятор цены"},"boosting":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"4vendors":{"en":"4 vendors","ru":"поставщикам","_type":"localeString"},"blog":{"ru":"блог","_type":"localeString","en":"blog"},"pay4content":{"en":"we pay for content","ru":"платим за контент","_type":"localeString"},"categories":{"ru":"категории","_type":"localeString","en":"categories"},"showForm":{"_type":"localeString","en":"Show form","ru":"Показать форму"},"subscribe__title":{"ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"ru":"Имя","_type":"localeString","en":"Name"},"subscribe__required-message":{"ru":"Это поле обязательное","_type":"localeString","en":"This field is required"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data","ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString"},"subscribe__submit-label":{"en":"Subscribe","ru":"Подписаться","_type":"localeString"},"subscribe__email-message":{"_type":"localeString","en":"Please, enter the valid email","ru":"Пожалуйста, введите корректный адрес электронной почты"},"subscribe__email-placeholder":{"en":"username@gmail.com","ru":"username@gmail.com","_type":"localeString"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString","en":"Subscription is unsuccessful. Please, try again later."},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter","de":"roi4presenter","ru":"roi4presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"_type":"localeString","en":"Home","ru":"Главная"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"products":{"_type":"localeString","en":"Products","ru":"Продукты"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"_type":"localeString","en":"Login","ru":"Вход"},"registration":{"ru":"Регистрация","_type":"localeString","en":"Registration"},"b2b-platform":{"en":"B2B platform for IT buyers, vendors and suppliers","ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString"}},"comment-form":{"title":{"ru":"Оставить комментарий","_type":"localeString","en":"Leave comment"},"firstname":{"en":"First name","ru":"Имя","_type":"localeString"},"lastname":{"en":"Last name","ru":"Фамилия","_type":"localeString"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"_type":"localeString","en":"Actual cost","ru":"Фактическая стоимость"},"received-roi":{"en":"Received ROI","ru":"Полученный ROI","_type":"localeString"},"saving-type":{"ru":"Тип экономии","_type":"localeString","en":"Saving type"},"comment":{"_type":"localeString","en":"Comment","ru":"Комментарий"},"your-rate":{"_type":"localeString","en":"Your rate","ru":"Ваша оценка"},"i-agree":{"en":"I agree","ru":"Я согласен","_type":"localeString"},"terms-of-use":{"ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString","en":"With user agreement and privacy policy"},"send":{"en":"Send","ru":"Отправить","_type":"localeString"},"required-message":{"en":"{NAME} is required filed","ru":"{NAME} - это обязательное поле","_type":"localeString"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"en":"Thank you for your understanding","ru":"Спасибо за ваше понимание","_type":"localeString"}}},"translationsStatus":{"company":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"company":{"translatable_meta":[{"translations":{"en":"Company","ru":"Компания","_type":"localeString"},"name":"title"},{"name":"description","translations":{"ru":"Описание компании","_type":"localeString","en":"Company description"}},{"name":"keywords","translations":{"en":"Company keywords","ru":"Ключевые слова для компании","_type":"localeString"}}],"title":{"_type":"localeString","en":"ROI4CIO: Company","ru":"ROI4CIO: Компания"},"meta":[{"name":"og:image","content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg"},{"name":"og:type","content":"website"}]}},"pageMetaDataStatus":{"company":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{"cyberark":{"id":174,"title":"CyberArk","logoURL":"https://old.roi4cio.com/uploads/roi/company/cyber-ark_logo.png","alias":"cyberark","address":"","roles":[{"id":3,"type":"vendor"}],"description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 customers, including over 30 Fortune 100 companies and approximately 15% of the Global 2000. The company has offices in the US, Israel, UK, France, Germany, the Netherlands, and Singapore, with local sales presence in more than 20 countries.","companyTypes":["vendor"],"products":{},"vendoredProductsCount":6,"suppliedProductsCount":6,"supplierImplementations":[],"vendorImplementations":[{"id":1198,"title":"CyberArk Privileged Access Security for Volkswagen Bank Rus","description":"<p class=\"align-center\"><span style=\"font-weight: bold; \">THE IMPLEMENTATION OF THE SYSTEM OF CONTROL OF PRIVILEGED USERS (2020)</span></p>\r\n\r\n<span style=\"font-weight: bold; \">THE CHALLENGE BEFORE THE BUSINESS</span>\r\nCompliance with the Volkswagen requirements for privileged access control.\r\n<span style=\"font-weight: bold; \">THE TASK BEFORE &quot;IS&quot;</span>\r\nProviding access control for privileged users to information systems of the bank, increasing the information content of the evidence base on the actions of privileged users, reducing the risk of abuse of privileged authority.\r\n<span style=\"font-weight: bold; \">THE DECISION</span>\r\nThe Privileged Access Management (PAM) control system based on the <span style=\"font-weight: bold; \">CyberArk Privileged Access Security</span> solution.\r\n<span style=\"font-weight: bold;\">THE IMPLEMENTATION</span>\r\nTo ensure the fault-tolerant architecture of the PAM system,<span style=\"font-weight: bold;\"> Jet Infosystems</span> specialists located it in two geographically separated data centers. One of the features of the project was a long period of trial operation of the system, which lasted about three months. During this time, the bank managed to smoothly transfer employees to work with the new system, and the integrator project team was able to receive detailed feedback from users and eliminate configuration flaws. A distinctive feature of the project was also the implementation in the system of a functional request and access coordination. In addition to fine-tuning the PAM-system, the integrator’s specialists adapted for it the privileged access control rules in force in a financial institution.\r\nThe implementation of the system took place with the close interaction of integrator engineers and bank experts. So, the credit institution’s specialists independently implemented the test environment of the system, being guided by the instructions of the Jet Infosystems project team and receiving operational advice on emerging issues. Using the test environment of the system, Volkswagen Bank RUS specialists will be able to check the solution updates before applying them in a productive environment in accordance with the rules adopted by the bank.\r\n<ul><li><span style=\"font-weight: bold;\">9 IS.</span> The number of Information Systems for which privileged user access control is provided.</li><li><span style=\"font-weight: bold;\">50 users.</span> The number of privileged users whose access is controlled by PAM.</li><li><span style=\"font-weight: bold;\">2 data centers.</span> PAM fault tolerance is provided within two data centers.</li><li><span style=\"font-weight: bold;\">3 months.</span> The duration of the trial operation of PAM was 3 months.</li></ul>\r\n<span style=\"font-weight: bold;\">THE PROJECT RESULTS</span>\r\nAccording to the results of the Volkswagen Bank RUS project, it brought the level of protection against insider threats into line with the requirements of the international concern and solved all the tasks. The system from CyberArk provided access control for 50 privileged users to 9 information systems of the bank. With the help of the solution, the IS service of a financial organization coordinates access to controlled systems and investigates incidents, IT specialists administer internal services, application software and databases, and developers get temporary access to apply updates to bank products. In the future plans of the credit, the institution is to expand the number of applications and services, privileged access to which is controlled using the PAM system.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Ilya Udovitsky,</span></span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Head of Information Security Department, Volkswagen Bank RUS:</span></span>\r\n<span style=\"font-style: italic;\">“It was important for us not only to integrate the solution into the IT infrastructure, but also into the existing privileged access control processes that are accepted and operate in the bank. In particular, we expected the project to increase the information content of the evidence base on the actions of privileged users by collecting detailed information about who, when, under what account and which systems it connects to. The specialists of Jet Infosystems helped us cope with all the tasks.”</span>","alias":"cyberark-privileged-access-security-for-volkswagen-bank-rus","roi":0,"seo":{"title":"CyberArk Privileged Access Security for Volkswagen Bank Rus","keywords":"","description":"<p class=\"align-center\"><span style=\"font-weight: bold; \">THE IMPLEMENTATION OF THE SYSTEM OF CONTROL OF PRIVILEGED USERS (2020)</span></p>\r\n\r\n<span style=\"font-weight: bold; \">THE CHALLENGE BEFORE THE BUSINESS</span>\r\nCompliance with the Volkswagen requiremen","og:title":"CyberArk Privileged Access Security for Volkswagen Bank Rus","og:description":"<p class=\"align-center\"><span style=\"font-weight: bold; \">THE IMPLEMENTATION OF THE SYSTEM OF CONTROL OF PRIVILEGED USERS (2020)</span></p>\r\n\r\n<span style=\"font-weight: bold; \">THE CHALLENGE BEFORE THE BUSINESS</span>\r\nCompliance with the Volkswagen requiremen"},"deal_info":"","user":{},"supplier":{},"vendors":[{"id":174,"title":"CyberArk","logoURL":"https://old.roi4cio.com/uploads/roi/company/cyber-ark_logo.png","alias":"cyberark","address":"","roles":[],"description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 customers, including over 30 Fortune 100 companies and approximately 15% of the Global 2000. The company has offices in the US, Israel, UK, France, Germany, the Netherlands, and Singapore, with local sales presence in more than 20 countries.","companyTypes":[],"products":{},"vendoredProductsCount":6,"suppliedProductsCount":6,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":3,"b4r":0,"categories":{},"companyUrl":"www.cyberark.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"CyberArk","keywords":"company, CyberArk, security, Fortune, offices, Global, approximately, companies","description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 custom","og:title":"CyberArk","og:description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 custom","og:image":"https://old.roi4cio.com/uploads/roi/company/cyber-ark_logo.png"},"eventUrl":""}],"products":[{"id":5557,"logo":false,"scheme":false,"title":"CyberArk Core Privileged Access Security","vendorVerified":0,"rating":"0.00","implementationsCount":1,"suppliersCount":0,"alias":"cyberark-core-privileged-access-security","companyTypes":[],"description":"The CyberArk Core Privileged Access Security Solution is the industry’s most complete solution for protecting, controlling, and monitoring privileged access across onpremises, cloud, and hybrid infrastructure. Designed from the ground up for security, the CyberArk solution helps organizations efficiently manage privileged account credentials and access rights, proactively monitor and control privileged account activity, intelligently identify suspicious activity, and quickly respond to threats.\r\n<b>Features:</b>\r\n<b>Centrally secure and control access to privileged credentials based on administrativelydefined security policies</b>\r\nAutomated privileged account credential (password and SSH key) rotation eliminates manually intensive, time consuming and error-prone administrative tasks, safeguarding credentials used in on-premises, hybrid, and cloud environments. \r\n<b>Isolate and secure privileged user sessions</b>\r\nMonitoring and recording capabilities enable security teams to view privileged sessions in real-time, automatically suspend and remotely terminate suspicious sessions, and maintain a comprehensive, searchable audit trail of privileged user activity. Native and transparent access to multiple cloud platforms and web applications provides a unified security approach with increased operational efficiency.\r\n<b>Detect, alert, and respond to anomalous privileged activity</b>\r\nThe solution collects data from multiple sources and applies a complex combination of statistical and deterministic algorithms to identify malicious privileged account activity.\r\n<b>Control least privilege access for UNIX and Windows</b>\r\nThe solution allows privileged users to run authorized administrative commands from their native Unix or Linux sessions while eliminating unneeded root privileges. It also enables organizations to block and contain attacks on Windows servers\r\n<b>Protect Windows Domain Controllers</b>\r\n The solution enforces least privilege and application control on the domain controllers as well as provides in-progress attack detection. It defends against impersonation and unauthorized access and helps protect against a variety of common Kerberos attack techniques including Golden Ticket, Overpass-the-Hash, and Privilege Attribute Certificate (PAC) manipulation.\r\n<b>Benefits:</b>\r\n<ul> <li>Mitigate security risks</li> <li>Reduce operations expense and complexity</li> <li>Improve regulatory compliance</li> <li>Accelerate time-to-value</li> <li>Improve visibility</li> </ul>","shortDescription":"Efficiently protect, monitor and control privileged access across on-premises, cloud, and hybrid infrastructure","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyberArk Core Privileged Access Security","keywords":"","description":"The CyberArk Core Privileged Access Security Solution is the industry’s most complete solution for protecting, controlling, and monitoring privileged access across onpremises, cloud, and hybrid infrastructure. Designed from the ground up for security, the Cybe","og:title":"CyberArk Core Privileged Access Security","og:description":"The CyberArk Core Privileged Access Security Solution is the industry’s most complete solution for protecting, controlling, and monitoring privileged access across onpremises, cloud, and hybrid infrastructure. Designed from the ground up for security, the Cybe"},"eventUrl":"","translationId":5556,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":180,"title":"Russia","name":"RUS"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":10,"title":"Ensure Compliance"},{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":179,"title":"Shortage of inhouse software developers"},{"id":382,"title":"High costs of IT personnel"},{"id":383,"title":"Shortage of inhouse IT engineers"},{"id":346,"title":"Shortage of inhouse IT resources"}]}},"categories":[{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":666,"title":"CyberArk Privileged Account Security Solution for a building products manufacturer","description":"One of the first steps was to make significant improvements in routine production systems access controls. In doing so, one of National Gypsum’s goals was to make it easier to be secure, but more painful when users tried to do things they shouldn’t. As part of National Gypsum’s new security model, the team created more Active Directory accounts to accommodate roles in development, QA and production environments. They also set up new accounts for SYS and “firefighter” roles, instituting a least privilege strategy where users would be granted access ondemand only to the systems needed to perform a particular task, in a documented way.\r\nThe manufacturer implemented the CyberArk Privileged Access Security Solution, leveraging its Enterprise Password Vault® to better manage nearly 2,000 passwords, making sure they are automatically updated, changed at regular intervals and fully auditable. The National Gypsum security team is now in charge of all the production accounts and can track who requested access to a system, and what was done once access was granted. Through its integration with Active Directory, the CyberArk solution alleviates the need for dual management and maintenance of roles, overall improving operational efficiency. National Gypsum also integrated the CyberArk Application Access Manager™ solution with Opalis, a process automation system. Opalis is responsible for performing numerous IT automation tasks across the manufacturer’s servers and applications.\r\nIntegrating with Application Access Manager allowed National Gypsum to remove sensitive (domain/server admin level) hard-coded passwords from the Opalis jobs and benefit from secure caching capabilities to ensure business continuity even in the case of a network outage.\r\nTypically, employees are given a level of privilege that they can either apply incorrectly and do some damage to the privileged system to which they have been given elevated rights, or gain access to confidential information.\r\nBrannon says, “We have taken care at National Gypsum to ensure that people only have the level of access that is needed. This prevents users from unwittingly bringing down production systems because they have access to data and/or processes outside of their routine needs. We deny by default, then allow based on needs, granted by approval.” \r\nWorking with CyberArk also helped fuel new business initiatives, such as National Gypsum’s SAP deployment, “which presented an opportunity to do things the right way,” said Brannon. For example, National Gypsum leveraged its SAP deployment in an external data center to set up stronger system controls and appropriate levels of access. According to Brannon, some internal people said that approach would not work at the company, and that National Gypsum did not have the staff. ","alias":"cyberark-privileged-account-security-solution-for-a-building-products-manufacturer","roi":0,"seo":{"title":"CyberArk Privileged Account Security Solution for a building products manufacturer","keywords":"","description":"One of the first steps was to make significant improvements in routine production systems access controls. In doing so, one of National Gypsum’s goals was to make it easier to be secure, but more painful when users tried to do things they shouldn’t. As part of","og:title":"CyberArk Privileged Account Security Solution for a building products manufacturer","og:description":"One of the first steps was to make significant improvements in routine production systems access controls. In doing so, one of National Gypsum’s goals was to make it easier to be secure, but more painful when users tried to do things they shouldn’t. As part of"},"deal_info":"","user":{"id":5064,"title":"National Gypsum","logoURL":"https://old.roi4cio.com/uploads/roi/company/National_Gypsum.png","alias":"national-gypsum","address":"","roles":[],"description":"National Gypsum Company is a fully integrated building products manufacturer and one of the leading gypsum board producers in the world. Headquartered in Charlotte, North Carolina, National Gypsum manufactures gypsum wallboard, cement board and related construction materials at 43 facilities in North America.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"National Gypsum","keywords":"","description":"National Gypsum Company is a fully integrated building products manufacturer and one of the leading gypsum board producers in the world. Headquartered in Charlotte, North Carolina, National Gypsum manufactures gypsum wallboard, cement board and related constru","og:title":"National Gypsum","og:description":"National Gypsum Company is a fully integrated building products manufacturer and one of the leading gypsum board producers in the world. Headquartered in Charlotte, North Carolina, National Gypsum manufactures gypsum wallboard, cement board and related constru","og:image":"https://old.roi4cio.com/uploads/roi/company/National_Gypsum.png"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":174,"title":"CyberArk","logoURL":"https://old.roi4cio.com/uploads/roi/company/cyber-ark_logo.png","alias":"cyberark","address":"","roles":[],"description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 customers, including over 30 Fortune 100 companies and approximately 15% of the Global 2000. The company has offices in the US, Israel, UK, France, Germany, the Netherlands, and Singapore, with local sales presence in more than 20 countries.","companyTypes":[],"products":{},"vendoredProductsCount":6,"suppliedProductsCount":6,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":3,"b4r":0,"categories":{},"companyUrl":"www.cyberark.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"CyberArk","keywords":"company, CyberArk, security, Fortune, offices, Global, approximately, companies","description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 custom","og:title":"CyberArk","og:description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 custom","og:image":"https://old.roi4cio.com/uploads/roi/company/cyber-ark_logo.png"},"eventUrl":""}],"products":[{"id":453,"logo":false,"scheme":false,"title":"CyberArk Privileged Account Security Solution","vendorVerified":0,"rating":"2.60","implementationsCount":3,"suppliersCount":0,"alias":"cyberark-privileged-account-security-solution","companyTypes":[],"description":"<p>Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization&rsquo;s IT infrastructure, disable security controls, steal confidential information, commit financial fraud and disrupt operations. Stolen, abused or misused privileged credentials are used in nearly all breaches. With this growing threat, organizations need controls put in place to proactively protect against, detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data.</p>\r\n<p>CyberArk is the trusted expert in privileged account security. Designed from the ground up with a focus on security, CyberArk has developed a powerful, modular technology platform that provides the industry&rsquo;s most comprehensive Privileged Account Security Solution. Each product can be managed independently or combined for a cohesive and complete solution for operating systems, databases, applications, hypervisors, network devices, security appliances and more. The solution is designed for on-premise, hybrid cloud and OT/SCADA environments.</p>\r\n<p>The CyberArk Privileged Account Security Solution is based on CyberArk Shared Technology Platform&trade;, which combines an isolated vault server, a unified policy engine, and a discovery engine to provide scalability, reliability and unmatched security for privileged accounts.</p>\r\n<p><span style=\"font-weight: bold;\">Product list:</span></p>\r\n<p>Enterprise Password Vault&reg; fully protects privileged passwords based on privileged account security policies and controls who can access which passwords when.</p>\r\n<p>SSH Key Manager&trade; secures, rotates and controls access to SSH keys in accordance with policy to prevent unauthorized access to privileged accounts.</p>\r\n<p>Privileged Session Manager&reg; isolates, controls, and monitors privileged user access as well as activities for critical Unix, Linux, and Windows-based systems, databases, and virtual machines.</p>\r\n<p>Privileged Threat Analytics&trade; analyzes and alerts on previously undetectable malicious privileged user behavior enabling incident response teams to disrupt and quickly respond to an attack.</p>\r\n<p>Application Identity Manager&trade; eliminates hard-coded passwords and locally stored SSH keys from applications, service accounts and scripts with no impact on application performance.</p>\r\n<p>CyberArk Viewfinity enables organizations to remove local administrator privileges from business users and control applications on Windows endpoints and servers.</p>\r\n<p>On-Demand Privileges Manager&trade; allows for control and continuous monitoring of the commands super-users run based on their role and task.</p>","shortDescription":"CyberArk Privileged Account Security Solution is a complete solution to protect, monitor, detect, alert, and respond to privileged account activity","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyberArk Privileged Account Security Solution","keywords":"privileged, security, Privileged, CyberArk, accounts, controls, access, Manager™","description":"<p>Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization&rsquo;s IT infrastructure, d","og:title":"CyberArk Privileged Account Security Solution","og:description":"<p>Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization&rsquo;s IT infrastructure, d"},"eventUrl":"","translationId":454,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":336,"title":"Risk or Leaks of confidential information"},{"id":385,"title":"Risk of data loss or damage"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":387,"title":"Non-compliant with IT security requirements"}]}},"categories":[{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://lp.cyberark.com/rs/316-CZP-275/images/National%20Gypsum-CS-Mar-2019%20%281%29.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":144,"title":"CyberArk Privileged Account Security Solution for Bank","description":"Description is not ready yet","alias":"cyberark-privileged-account-security-solution-for-bank","roi":0,"seo":{"title":"CyberArk Privileged Account Security Solution for Bank","keywords":"","description":"Description is not ready yet","og:title":"CyberArk Privileged Account Security Solution for Bank","og:description":"Description is not ready yet"},"deal_info":"","user":{},"supplier":{},"vendors":[{"id":174,"title":"CyberArk","logoURL":"https://old.roi4cio.com/uploads/roi/company/cyber-ark_logo.png","alias":"cyberark","address":"","roles":[],"description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 customers, including over 30 Fortune 100 companies and approximately 15% of the Global 2000. The company has offices in the US, Israel, UK, France, Germany, the Netherlands, and Singapore, with local sales presence in more than 20 countries.","companyTypes":[],"products":{},"vendoredProductsCount":6,"suppliedProductsCount":6,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":3,"b4r":0,"categories":{},"companyUrl":"www.cyberark.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"CyberArk","keywords":"company, CyberArk, security, Fortune, offices, Global, approximately, companies","description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 custom","og:title":"CyberArk","og:description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 custom","og:image":"https://old.roi4cio.com/uploads/roi/company/cyber-ark_logo.png"},"eventUrl":""}],"products":[{"id":453,"logo":false,"scheme":false,"title":"CyberArk Privileged Account Security Solution","vendorVerified":0,"rating":"2.60","implementationsCount":3,"suppliersCount":0,"alias":"cyberark-privileged-account-security-solution","companyTypes":[],"description":"<p>Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization&rsquo;s IT infrastructure, disable security controls, steal confidential information, commit financial fraud and disrupt operations. Stolen, abused or misused privileged credentials are used in nearly all breaches. With this growing threat, organizations need controls put in place to proactively protect against, detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data.</p>\r\n<p>CyberArk is the trusted expert in privileged account security. Designed from the ground up with a focus on security, CyberArk has developed a powerful, modular technology platform that provides the industry&rsquo;s most comprehensive Privileged Account Security Solution. Each product can be managed independently or combined for a cohesive and complete solution for operating systems, databases, applications, hypervisors, network devices, security appliances and more. The solution is designed for on-premise, hybrid cloud and OT/SCADA environments.</p>\r\n<p>The CyberArk Privileged Account Security Solution is based on CyberArk Shared Technology Platform&trade;, which combines an isolated vault server, a unified policy engine, and a discovery engine to provide scalability, reliability and unmatched security for privileged accounts.</p>\r\n<p><span style=\"font-weight: bold;\">Product list:</span></p>\r\n<p>Enterprise Password Vault&reg; fully protects privileged passwords based on privileged account security policies and controls who can access which passwords when.</p>\r\n<p>SSH Key Manager&trade; secures, rotates and controls access to SSH keys in accordance with policy to prevent unauthorized access to privileged accounts.</p>\r\n<p>Privileged Session Manager&reg; isolates, controls, and monitors privileged user access as well as activities for critical Unix, Linux, and Windows-based systems, databases, and virtual machines.</p>\r\n<p>Privileged Threat Analytics&trade; analyzes and alerts on previously undetectable malicious privileged user behavior enabling incident response teams to disrupt and quickly respond to an attack.</p>\r\n<p>Application Identity Manager&trade; eliminates hard-coded passwords and locally stored SSH keys from applications, service accounts and scripts with no impact on application performance.</p>\r\n<p>CyberArk Viewfinity enables organizations to remove local administrator privileges from business users and control applications on Windows endpoints and servers.</p>\r\n<p>On-Demand Privileges Manager&trade; allows for control and continuous monitoring of the commands super-users run based on their role and task.</p>","shortDescription":"CyberArk Privileged Account Security Solution is a complete solution to protect, monitor, detect, alert, and respond to privileged account activity","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyberArk Privileged Account Security Solution","keywords":"privileged, security, Privileged, CyberArk, accounts, controls, access, Manager™","description":"<p>Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization&rsquo;s IT infrastructure, d","og:title":"CyberArk Privileged Account Security Solution","og:description":"<p>Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization&rsquo;s IT infrastructure, d"},"eventUrl":"","translationId":454,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":180,"title":"Russia","name":"RUS"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":281,"title":"No IT security guidelines"},{"id":178,"title":"No control over data access"}]}},"categories":[{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"http://elvis.ru/about/project_experience/banksoyuz/","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":177,"title":"CyberArk Privileged Identity Management (PIM) for bank","description":"Description is not ready yet","alias":"cyberark-privileged-identity-management-pim-for-bank","roi":0,"seo":{"title":"CyberArk Privileged Identity Management (PIM) for bank","keywords":"","description":"Description is not ready yet","og:title":"CyberArk Privileged Identity Management (PIM) for bank","og:description":"Description is not ready yet"},"deal_info":"","user":{},"supplier":{},"vendors":[{"id":174,"title":"CyberArk","logoURL":"https://old.roi4cio.com/uploads/roi/company/cyber-ark_logo.png","alias":"cyberark","address":"","roles":[],"description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 customers, including over 30 Fortune 100 companies and approximately 15% of the Global 2000. The company has offices in the US, Israel, UK, France, Germany, the Netherlands, and Singapore, with local sales presence in more than 20 countries.","companyTypes":[],"products":{},"vendoredProductsCount":6,"suppliedProductsCount":6,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":3,"b4r":0,"categories":{},"companyUrl":"www.cyberark.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"CyberArk","keywords":"company, CyberArk, security, Fortune, offices, Global, approximately, companies","description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 custom","og:title":"CyberArk","og:description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 custom","og:image":"https://old.roi4cio.com/uploads/roi/company/cyber-ark_logo.png"},"eventUrl":""}],"products":[{"id":109,"logo":false,"scheme":false,"title":"CyberArk Privileged Identity Management (PIM)","vendorVerified":0,"rating":"2.40","implementationsCount":1,"suppliersCount":0,"alias":"cyberark-privileged-identity-management-pim","companyTypes":[],"description":"Privileged Identity Management is an area of Identity Management that focuses solely on privileged accounts, powerful accounts used by IT administrators, select business users and even some applications. Organizations considering Privileged Identity Management solutions must prioritize security as a requirement because privileged accounts are frequently targeted by external attackers and malicious insiders to access sensitive data and gain control of the IT infrastructure. Responding to the need for security, Privileged Account Security solutions approach Privileged Identity Management with a laser focus on securing the most sought-after accounts in an organization. Built from the ground up with security in mind, Privileged Account Security delivers unmatched protection, detection and response to cyber attacks when compared to Privileged Identity Management.\r\n\r\nTamper-proof storagefor credentials, log files and recordings ensures sensitive information is protected from unauthorized access and misuse.\r\nHigh availability and disaster recovery modules include built-in fail-safe measures, secure backup and simple recovery to meet disaster recovery requirements.\r\nSupport for strong authenticationincluding multi-factor solutions enables companies to leverage existing authentication solutions for privileged accounts.\r\nFIPS 140-2 validated cryptographyaddresses compliance and security requirements.\r\nCustomizable “request workflows” for credential access approval including dual controls, integration with helpdesk ticketing systems and multiple additional parameters\r\nSegregation of duties to ensure that ensure privileged credentials can only be accessed by authorized users for approved business reasons\r\nReal-time behavioral analytics to detect and disrupt in-progress attacks","shortDescription":"Privileged Identity Management Suite (PIM) -Providing access to critical systems, devices, and user accounts","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyberArk Privileged Identity Management (PIM)","keywords":"Privileged, Identity, Management, accounts, solutions, privileged, security, recovery","description":"Privileged Identity Management is an area of Identity Management that focuses solely on privileged accounts, powerful accounts used by IT administrators, select business users and even some applications. Organizations considering Privileged Identity Management","og:title":"CyberArk Privileged Identity Management (PIM)","og:description":"Privileged Identity Management is an area of Identity Management that focuses solely on privileged accounts, powerful accounts used by IT administrators, select business users and even some applications. Organizations considering Privileged Identity Management"},"eventUrl":"","translationId":110,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":180,"title":"Russia","name":"RUS"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":5,"title":"Enhance Staff Productivity"},{"id":254,"title":"Centralize management"},{"id":10,"title":"Ensure Compliance"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":178,"title":"No control over data access"}]}},"categories":[{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"http://antiviruspro.ru/projects/detail.php?ID=131557","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":89,"title":"CyberArk Sensitive Information Management (SIM) Solution, Privileged Account Security (PAS) Solution for Telecom Company","description":"Description is not ready yet","alias":"cyberark-sensitive-information-management-sim-solution-privileged-account-security-pas-solution-for-telecom-company","roi":0,"seo":{"title":"CyberArk Sensitive Information Management (SIM) Solution, Privileged Account Security (PAS) Solution for Telecom Company","keywords":"","description":"Description is not ready yet","og:title":"CyberArk Sensitive Information Management (SIM) Solution, Privileged Account Security (PAS) Solution for Telecom Company","og:description":"Description is not ready yet"},"deal_info":"","user":{"id":2540,"title":"Kyivstar","logoURL":"https://old.roi4cio.com/uploads/roi/company/Kievstar.png","alias":"kievstar","address":"","roles":[],"description":"<span style=\"font-weight: bold;\">Kyivstar</span> – mobile operator No.1 and one of the best brands of Ukraine\r\n\r\nThe company's history started back in 1994, and on December 9, 1997, the first call in Kyivstar mobile network was made.\r\n\r\nToday Kyivstar is the largest Ukrainian telecommunication operator providing communications and data services based on a broad range of mobile and fixed-line technologies, including 3G. Company's customer base amounts to over 24 million in mobile and over 1.1 million in broadband Internet.\r\n\r\nKyivstar is a part of VimpelCom Ltd., one of the world's largest integrated telecommunications companies, headquartered in Netherlands. The holding company owns telecom assets in the CIS countries, Europe, Asia, and Africa, and its shares are freely traded on the stock exchange (NASDAQ). Jean-Yves Charlier is CEO of VimpelCom Ltd.\r\n\r\nKyivstar is one of few companies in VimpelCom Ltd. that provides services under its own, exclusively Ukrainian brand. Every year international control of Kyivstar network parameters is held. According to its results, the company demonstrates better quality and productivity than on the average in the region and in the world.\r\n\r\nKyivstar has achieved big success thanks to investment into development of its own fiber-optic network which is an important link in the traffic exchange between Europe and Asia, and it is a reliable partner of Ukrainians in the connection with the other countries of the world. The company provides roaming services in 195 countries on 5 continents.\r\n\r\nFor more than 25 years of operation on the territory of Ukraine Kyivstar has been developing the technical infrastructure of telecom-market and has been faithfully performing its obligations to the country and the society. For many years the company has been the largest taxpayer to the state budget of Ukraine among the companies in the sector of transport and communications, as well as one of the best employers and most socially responsible business entities.\r\n\r\nKyivstar was the first company to provide the best telecommunications services of European markets for Ukrainian subscribers. For instance, in 1998 the company was the first to suggest SMS service to subscribers, and in 2000 – was the first to start providing access to Internet by WAP. After that Kyivstar was the first to massively introduce packet tariff plans with no charge for minutes and to cancel megabyte billing of Internet in the most of the tariff plans.\r\n\r\nThe company was the first among telecommunications operators of Ukraine to fully upgrade switched network to prepare for high-speed mobile data transmission technologies. In Kyivstar's network, MSC Server Blade Cluster, unique equipment for Ukraine, is installed. It is new-generation switchers that support technologies from 2.5G to LTE. In 2012 the process of base stations' equipment replacement for a full transition to IP architecture was started.\r\n\r\nKyivstar's team amounts to around 4,000 professionals working all over Ukraine. A system of continuing education and professional development, encouragement and protection of employees has been created in the company:\r\n\r\n<ul><li>Every year more than 50% of employees upgrade their skills at various courses and trainings organized by the company;</li><li> 40% of employees use flexible work schedule; when needed, any employee can work remotely through &quot;Virtual Office&quot; system.</li></ul>\r\nThe company's care about employees' health is an essential part of the social package. Kyivstar's workers can get medical service in more than 1,000 clinics, health institutions and pharmacies in 99 Ukrainian cities.\r\n\r\n<span style=\"font-weight: bold;\">Information on the ownership structure of PJSC “Kyivstar”</span>\r\nThe sole shareholder of PJSC “Kyivstar” is the international telecom group of companies <span style=\"font-weight: bold;\">VEON</span>, the headquarters of which is located in the Kingdom of the Netherlands. VEON shares are traded on the stock exchanges of the USA and the European Union, and among the owners of the shares there are thousands of people, including large investment funds of the USA, Great Britain, Italy, such as Exor NV, Shah Capital, Prosperity Capital, Kopernik Global Investors, etc. No shareholder has a majority stake and does not have a decisive influence on the activities of the VEON group and, accordingly, on the activities of Kyivstar.\r\nIn February 2022, the VEON Group excluded persons who have been subject to EU sanctions from the Board of Directors, their financial assets are frozen, and they themselves do not take any part in or have any influence on the management of the VEON Group. The group also decided to withdraw from the russian market and on May 30, 2023, reported on the completion of all legal formalities and procedures related to this initiative.\r\nPJSC “Kyivstar” is managed by the President (a citizen of Ukraine) and the Supervisory Board of Kyivstar PJSC, which includes citizens of Ukraine, the United States, the European Union and Turkey. Each of these citizens is a person with an exceptionally high reputation in the business environment with long experience of managerial work on the international market.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":6,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.kyivstar.ua/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Kyivstar","keywords":"Kyivstar, company, Ukraine, first, network, mobile, been, employees","description":"<span style=\"font-weight: bold;\">Kyivstar</span> – mobile operator No.1 and one of the best brands of Ukraine\r\n\r\nThe company's history started back in 1994, and on December 9, 1997, the first call in Kyivstar mobile network was made.\r\n\r\nToday Kyivstar is the l","og:title":"Kyivstar","og:description":"<span style=\"font-weight: bold;\">Kyivstar</span> – mobile operator No.1 and one of the best brands of Ukraine\r\n\r\nThe company's history started back in 1994, and on December 9, 1997, the first call in Kyivstar mobile network was made.\r\n\r\nToday Kyivstar is the l","og:image":"https://old.roi4cio.com/uploads/roi/company/Kievstar.png"},"eventUrl":""},"supplier":{"id":262,"title":"Softprom (supplier)","logoURL":"https://old.roi4cio.com/uploads/roi/company/SOFTPROM_blue_on_white_01.png","alias":"softprom-supplier","address":"","roles":[],"description":"<span style=\"font-weight: bold;\">Softprom</span> is a leading Value Added IT Distributor in the CIS and Eastern Europe markets which is trusted by more than 1200 partners. The company was founded in 1999 and today is represented in more than 30 countries.\r\n<span style=\"font-weight: bold;\">Softprom</span> provides professional services for testing, training, installation, implementation and technical support of IT solutions in IT Security, IT Infrastructure, Cloud Services, CAD and Graphic Design, Video Security.\r\nRead more: softprom.com","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":66,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":21,"vendorImplementationsCount":0,"vendorPartnersCount":13,"supplierPartnersCount":1,"b4r":1,"categories":{},"companyUrl":"https://softprom.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Softprom (supplier)","keywords":"Softprom, trust, company, services, customers, vendors, solutions, software","description":"<span style=\"font-weight: bold;\">Softprom</span> is a leading Value Added IT Distributor in the CIS and Eastern Europe markets which is trusted by more than 1200 partners. The company was founded in 1999 and today is represented in more than 30 countries.\r\n<sp","og:title":"Softprom (supplier)","og:description":"<span style=\"font-weight: bold;\">Softprom</span> is a leading Value Added IT Distributor in the CIS and Eastern Europe markets which is trusted by more than 1200 partners. The company was founded in 1999 and today is represented in more than 30 countries.\r\n<sp","og:image":"https://old.roi4cio.com/uploads/roi/company/SOFTPROM_blue_on_white_01.png"},"eventUrl":""},"vendors":[{"id":174,"title":"CyberArk","logoURL":"https://old.roi4cio.com/uploads/roi/company/cyber-ark_logo.png","alias":"cyberark","address":"","roles":[],"description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 customers, including over 30 Fortune 100 companies and approximately 15% of the Global 2000. The company has offices in the US, Israel, UK, France, Germany, the Netherlands, and Singapore, with local sales presence in more than 20 countries.","companyTypes":[],"products":{},"vendoredProductsCount":6,"suppliedProductsCount":6,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":3,"b4r":0,"categories":{},"companyUrl":"www.cyberark.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"CyberArk","keywords":"company, CyberArk, security, Fortune, offices, Global, approximately, companies","description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 custom","og:title":"CyberArk","og:description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 custom","og:image":"https://old.roi4cio.com/uploads/roi/company/cyber-ark_logo.png"},"eventUrl":""}],"products":[{"id":451,"logo":false,"scheme":false,"title":"CyberArk Sensitive Information Management Solution","vendorVerified":0,"rating":"2.00","implementationsCount":1,"suppliersCount":0,"alias":"cyberark-sensitive-information-management-solution","companyTypes":[],"description":"The CyberArk Sensitive Information Management Solution is a complete platform for securely storing, sharing and distributing information between users and systems. Developed with a focus on security, the solution includes patented digital vault technology, military-grade encryption and tamper-resistant auditing designed to help enterprise organizations meet compliance requirements. Organizations use the CyberArk Sensitive Information Management Solution to enable individuals to securely store and share sensitive files and business passwords, as well as automate business processes to securely collect, distribute and access sensitive information.\r\n\r\n<span style=\"font-weight: bold;\">Features</span>:\r\n<ul><li>Single-platform solution for file sharing between enterprise users, systems and business processes</li><li>Secure repository in which users can store and share personal business passwords such as those used to access CRM systems, HR applications or expense management systems</li><li>Granular access controls restrict which users are able to download, forward or print documents and ensure that only one user may edit a document at a time</li><li>Segregation of duties between IT teams and content owners prevents IT teams from viewing content that is securely stored and transferred</li><li>Flexible connectors enable seamless integration with existing business applications and complementary security tools such as content filtering or data loss prevention solutions</li><li>Tamper-resistant audit logs can be used to report on who accessed what information and if any changes were made</li><li>Built-in FIPS 140-2 compliant encryption secures data at-rest and in-transit</li><li>Choice of on-premises or cloud-based deployments enables organizations to select the option that best fits their organizational requirements</li><li>High availability and disaster recovery help organizations ensure reliability in complex, enterprise IT environments</li></ul>\r\n\r\n<span style=\"font-weight: bold;\">Benefits:</span>\r\n<ul><li>Reduce the risk of unauthorized access to sensitive data by centrally storing and granularly controlling access to confidential files</li><li>Facilitate productivity by enabling secure anytime, anywhere sharing of files between authorized internal and external users</li><li>Reduce the risk of password loss or theft by providing a central, secure repository in which users can store and manage personal business passwords</li><li>Simplify the user experience by eliminating the need for users to manually write down, save or remember login credentials for dozens of disparate business applications</li><li>Reduce help desk costs associated with password resets by encouraging users to centrally and securely store credentials needed to access business applications</li><li>Support cross-functional efficiency by automatically preventing multiple users from duplicating efforts and editing the same document at once</li><li>Reduce administrative costs associated with file transfer processes by leveraging a single platform to secure interactive and automated file transfers throughout the enterprise</li><li>Automatically encrypt sensitive data at-rest and in-transit without having to manage encryption keys or purchase a separate encryption solution</li><li>More easily demonstrate compliance by reporting on which users accessed what sensitive information and if any changes were made</li><li>Easily expand the solution with changing business needs and meet enterprise requirements for scalability and reliability</li></ul>","shortDescription":"The CyberArk Sensitive Information Management Solution is a complete platform for securely storing, sharing and distributing information between users and systems.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":15,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyberArk Sensitive Information Management Solution","keywords":"business, users, access, sensitive, securely, information, with, applications","description":"The CyberArk Sensitive Information Management Solution is a complete platform for securely storing, sharing and distributing information between users and systems. Developed with a focus on security, the solution includes patented digital vault technology, mil","og:title":"CyberArk Sensitive Information Management Solution","og:description":"The CyberArk Sensitive Information Management Solution is a complete platform for securely storing, sharing and distributing information between users and systems. Developed with a focus on security, the solution includes patented digital vault technology, mil"},"eventUrl":"","translationId":452,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":453,"logo":false,"scheme":false,"title":"CyberArk Privileged Account Security Solution","vendorVerified":0,"rating":"2.60","implementationsCount":3,"suppliersCount":0,"alias":"cyberark-privileged-account-security-solution","companyTypes":[],"description":"<p>Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization&rsquo;s IT infrastructure, disable security controls, steal confidential information, commit financial fraud and disrupt operations. Stolen, abused or misused privileged credentials are used in nearly all breaches. With this growing threat, organizations need controls put in place to proactively protect against, detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data.</p>\r\n<p>CyberArk is the trusted expert in privileged account security. Designed from the ground up with a focus on security, CyberArk has developed a powerful, modular technology platform that provides the industry&rsquo;s most comprehensive Privileged Account Security Solution. Each product can be managed independently or combined for a cohesive and complete solution for operating systems, databases, applications, hypervisors, network devices, security appliances and more. The solution is designed for on-premise, hybrid cloud and OT/SCADA environments.</p>\r\n<p>The CyberArk Privileged Account Security Solution is based on CyberArk Shared Technology Platform&trade;, which combines an isolated vault server, a unified policy engine, and a discovery engine to provide scalability, reliability and unmatched security for privileged accounts.</p>\r\n<p><span style=\"font-weight: bold;\">Product list:</span></p>\r\n<p>Enterprise Password Vault&reg; fully protects privileged passwords based on privileged account security policies and controls who can access which passwords when.</p>\r\n<p>SSH Key Manager&trade; secures, rotates and controls access to SSH keys in accordance with policy to prevent unauthorized access to privileged accounts.</p>\r\n<p>Privileged Session Manager&reg; isolates, controls, and monitors privileged user access as well as activities for critical Unix, Linux, and Windows-based systems, databases, and virtual machines.</p>\r\n<p>Privileged Threat Analytics&trade; analyzes and alerts on previously undetectable malicious privileged user behavior enabling incident response teams to disrupt and quickly respond to an attack.</p>\r\n<p>Application Identity Manager&trade; eliminates hard-coded passwords and locally stored SSH keys from applications, service accounts and scripts with no impact on application performance.</p>\r\n<p>CyberArk Viewfinity enables organizations to remove local administrator privileges from business users and control applications on Windows endpoints and servers.</p>\r\n<p>On-Demand Privileges Manager&trade; allows for control and continuous monitoring of the commands super-users run based on their role and task.</p>","shortDescription":"CyberArk Privileged Account Security Solution is a complete solution to protect, monitor, detect, alert, and respond to privileged account activity","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyberArk Privileged Account Security Solution","keywords":"privileged, security, Privileged, CyberArk, accounts, controls, access, Manager™","description":"<p>Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization&rsquo;s IT infrastructure, d","og:title":"CyberArk Privileged Account Security Solution","og:description":"<p>Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization&rsquo;s IT infrastructure, d"},"eventUrl":"","translationId":454,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[{"id":217,"title":"Ukraine","name":"UKR"}],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":4,"title":"Reduce Costs"},{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":7,"title":"Improve Customer Service"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":373,"title":"IT infrastructure does not meet business tasks"}]}},"categories":[{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"},{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"additionalInfo":{"budgetNotExceeded":"","functionallyTaskAssignment":"","projectWasPut":"","price":0,"source":{"url":"http://softprom.com/node/1104","title":"Supplier's web site"}},"comments":[],"referencesCount":0}],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":5,"vendorPartnersCount":0,"supplierPartnersCount":3,"b4r":0,"categories":{"5":{"id":5,"title":"Security Software","description":" Computer security software or cybersecurity software is any computer program designed to enhance information security. Security software is a broad term that encompasses a suite of different types of software that deliver data and computer and network security in various forms. \r\nSecurity software can protect a computer from viruses, malware, unauthorized users and other security exploits originating from the Internet. Different types of security software include anti-virus software, firewall software, network security software, Internet security software, malware/spamware removal and protection software, cryptographic software, and more.\r\nIn end-user computing environments, anti-spam and anti-virus security software is the most common type of software used, whereas enterprise users add a firewall and intrusion detection system on top of it. \r\nSecurity soft may be focused on preventing attacks from reaching their target, on limiting the damage attacks can cause if they reach their target and on tracking the damage that has been caused so that it can be repaired. As the nature of malicious code evolves, security software also evolves.<span style=\"font-weight: bold; \"></span>\r\n<span style=\"font-weight: bold; \">Firewall. </span>Firewall security software prevents unauthorized users from accessing a computer or network without restricting those who are authorized. Firewalls can be implemented with hardware or software. Some computer operating systems include software firewalls in the operating system itself. For example, Microsoft Windows has a built-in firewall. Routers and servers can include firewalls. There are also dedicated hardware firewalls that have no other function other than protecting a network from unauthorized access.\r\n<span style=\"font-weight: bold; \">Antivirus.</span> Antivirus solutions work to prevent malicious code from attacking a computer by recognizing the attack before it begins. But it is also designed to stop an attack in progress that could not be prevented, and to repair damage done by the attack once the attack abates. Antivirus software is useful because it addresses security issues in cases where attacks have made it past a firewall. New computer viruses appear daily, so antivirus and security software must be continuously updated to remain effective.\r\n<span style=\"font-weight: bold; \">Antispyware.</span> While antivirus software is designed to prevent malicious software from attacking, the goal of antispyware software is to prevent unauthorized software from stealing information that is on a computer or being processed through the computer. Since spyware does not need to attempt to damage data files or the operating system, it does not trigger antivirus software into action. However, antispyware software can recognize the particular actions spyware is taking by monitoring the communications between a computer and external message recipients. When communications occur that the user has not authorized, antispyware can notify the user and block further communications.\r\n<span style=\"font-weight: bold; \">Home Computers.</span> Home computers and some small businesses usually implement&nbsp; security software at the desktop level - meaning on the PC itself. This category of computer security and protection, sometimes referred to as end-point security, remains resident, or continuously operating, on the desktop. Because the software is running, it uses system resources, and can slow the computer's performance. However, because it operates in real time, it can react rapidly to attacks and seek to shut them down when they occur.\r\n<span style=\"font-weight: bold; \">Network Security.</span> When several computers are all on the same network, it's more cost-effective to implement security at the network level. Antivirus software can be installed on a server and then loaded automatically to each desktop. However firewalls are usually installed on a server or purchased as an independent device that is inserted into the network where the Internet connection comes in. All of the computers inside the network communicate unimpeded, but any data going in or out of the network over the Internet is filtered trough the firewall.<br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal; \">What is IT security software?</span></h1>\r\nIT security software provides protection to businesses’ computer or network. It serves as a defense against unauthorized access and intrusion in such a system. It comes in various types, with many businesses and individuals already using some of them in one form or another.\r\nWith the emergence of more advanced technology, cybercriminals have also found more ways to get into the system of many organizations. Since more and more businesses are now relying their crucial operations on software products, the importance of security system software assurance must be taken seriously – now more than ever. Having reliable protection such as a security software programs is crucial to safeguard your computing environments and data. \r\n<p class=\"align-left\">It is not just the government or big corporations that become victims of cyber threats. In fact, small and medium-sized businesses have increasingly become targets of cybercrime over the past years. </p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal; \">What are the features of IT security software?</span></h1>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Automatic updates. </span>This ensures you don’t miss any update and your system is the most up-to-date version to respond to the constantly emerging new cyber threats.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Real-time scanning.</span> Dynamic scanning features make it easier to detect and infiltrate malicious entities promptly. Without this feature, you’ll risk not being able to prevent damage to your system before it happens.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Auto-clean.</span> A feature that rids itself of viruses even without the user manually removing it from its quarantine zone upon detection. Unless you want the option to review the malware, there is no reason to keep the malicious software on your computer which makes this feature essential.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Multiple app protection.</span> This feature ensures all your apps and services are protected, whether they’re in email, instant messenger, and internet browsers, among others.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application level security.</span> This enables you to control access to the application on a per-user role or per-user basis to guarantee only the right individuals can enter the appropriate applications.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Role-based menu.</span> This displays menu options showing different users according to their roles for easier assigning of access and control.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Row-level (multi-tenant) security.</span> This gives you control over data access at a row-level for a single application. This means you can allow multiple users to access the same application but you can control the data they are authorized to view.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Single sign-on.</span> A session or user authentication process that allows users to access multiple related applications as long as they are authorized in a single session by only logging in their name and password in a single place.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">User privilege parameters.</span> These are customizable features and security as per individual user or role that can be accessed in their profile throughout every application.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold; \">Application activity auditing.</span> Vital for IT departments to quickly view when a user logged in and off and which application they accessed. Developers can log end-user activity using their sign-on/signoff activities.</li></ul>\r\n<p class=\"align-left\"><br /><br /><br /><br /></p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Security_Software.png","alias":"security-software"},"7":{"id":7,"title":"Storage - General-Purpose Disk Arrays","description":" General-purpose disk arrays refer to disk storage systems that work together with specialized array controllers to achieve high data transfer. They are designed to fulfill the requirement of a diverse set of workloads such as databases, virtual desktop infrastructure, and virtual networks. The market size in the study represents the revenue generated through various deployment modes such as NAS, SAN, and DAS. Some of the technologies used in the general-purpose disk arrays market include PATA, SATA, and SCSI. The application areas of general-purpose disk arrays include BFSI, IT, government, education &amp; research, healthcare, and manufacturing.\r\nGeneral-Purpose Disk Arrays market in BFSI accounts for the largest revenue. IT industry and governments are investing heavily in the general-purpose disk arrays, as a huge amount of voluminous data is getting generated which requires high storage capacity to store the classified data for analytics purpose and consumer insights. General-Purpose Disk Arrays market in healthcare is expected to show robust growth during the forecast period, as hospitals are adopting the latest technology with huge storage spaces in an attempt to track the patient history for providing better healthcare facilities.\r\nThe global general-purpose disk arrays market is fragmented owing to the presence of a large number of local and regional players, which intensifies the degree of rivalry. The market is growing at a notable pace, which leads to high intensity of rivalry. Key market players such as Dell EMC, HPE, and IBM Corporation seek to gain market share through continuous innovations in storage technology. Some of the other key players operating in a market are Hitachi, Seagate Technologies, NetApp, Promise Technologies, Quantum Corporation, Oracle Corporation, Fujitsu, DataDirect Networks, and Infortrend Technology Inc. Key competitors are specifically focusing on Asia-Pacific and Middle-East &amp; Africa regions, as they show strong tendency to adopt the general-purpose disk arrays in coming years.","materialsDescription":"<span style=\"font-weight: bold;\">What are the characteristics of storage?</span>\r\nStorage technologies at all levels of the storage hierarchy can be differentiated by evaluating certain core characteristics as well as measuring characteristics specific to a particular implementation. These core characteristics are volatility, mutability, accessibility, and addressability. For any particular implementation of any storage technology, the characteristics worth measuring are capacity and performance.\r\n\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Volatility</span></span>\r\nNon-volatile memory retains the stored information even if not constantly supplied with electric power. It is suitable for long-term storage of information. Volatile memory requires constant power to maintain the stored information. The fastest memory technologies are volatile ones, although that is not a universal rule. Since the primary storage is required to be very fast, it predominantly uses volatile memory.\r\nDynamic random-access memory is a form of volatile memory that also requires the stored information to be periodically reread and rewritten, or refreshed, otherwise it would vanish. Static random-access memory is a form of volatile memory similar to DRAM with the exception that it never needs to be refreshed as long as power is applied; it loses its content when the power supply is lost.\r\nAn uninterruptible power supply (UPS) can be used to give a computer a brief window of time to move information from primary volatile storage into non-volatile storage before the batteries are exhausted. Some systems, for example EMC Symmetrix, have integrated batteries that maintain volatile storage for several minutes.\r\n\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Mutability</span></span>\r\n<span style=\"font-weight: bold;\">Read/write storage or mutable storage</span>\r\n<div class=\"indent\">Allows information to be overwritten at any time. A computer without some amount of read/write storage for primary storage purposes would be useless for many tasks. Modern computers typically use read/write storage also for secondary storage.</div>\r\n<span style=\"font-weight: bold;\">Slow write, fast read storage</span>\r\n<div class=\"indent\">Read/write storage which allows information to be overwritten multiple times, but with the write operation being much slower than the read operation. Examples include CD-RW and SSD.</div>\r\n<span style=\"font-weight: bold;\">Write once storage</span>\r\n<div class=\"indent\">Write Once Read Many (WORM) allows the information to be written only once at some point after manufacture. Examples include semiconductor programmable read-only memory and CD-R.</div>\r\n<span style=\"font-weight: bold;\">Read only storage</span>\r\n<div class=\"indent\">Retains the information stored at the time of manufacture. Examples include mask ROM ICs and CD-ROM.</div>\r\n\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Accessibility</span></span>\r\n<span style=\"font-weight: bold;\">Random access</span>\r\n<div class=\"indent\">Any location in storage can be accessed at any moment in approximately the same amount of time. Such characteristic is well suited for primary and secondary storage. Most semiconductor memories and disk drives provide random access.</div>\r\n<span style=\"font-weight: bold;\">Sequential access</span>\r\n<div class=\"indent\">The accessing of pieces of information will be in a serial order, one after the other; therefore the time to access a particular piece of information depends upon which piece of information was last accessed. Such characteristic is typical of off-line storage.</div>\r\n\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Addressability</span></span>\r\n<span style=\"font-weight: bold;\">Location-addressable</span>\r\n<div class=\"indent\">Each individually accessible unit of information in storage is selected with its numerical memory address. In modern computers, location-addressable storage usually limits to primary storage, accessed internally by computer programs, since location-addressability is very efficient, but burdensome for humans.</div>\r\n<span style=\"font-weight: bold;\">File addressable</span>\r\n<div class=\"indent\">Information is divided into files of variable length, and a particular file is selected with human-readable directory and file names. The underlying device is still location-addressable, but the operating system of a computer provides the file system abstraction to make the operation more understandable. In modern computers, secondary, tertiary and off-line storage use file systems.</div>\r\n<span style=\"font-weight: bold;\">Content-addressable</span>\r\n<div class=\"indent\">Each individually accessible unit of information is selected based on the basis of (part of) the contents stored there. Content-addressable storage can be implemented using software (computer program) or hardware (computer device), with hardware being faster but more expensive option. Hardware content addressable memory is often used in a computer's CPU cache.</div>\r\n\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Capacity</span></span>\r\n<span style=\"font-weight: bold;\">Raw capacity</span>\r\n<div class=\"indent\">The total amount of stored information that a storage device or medium can hold. It is expressed as a quantity of bits or bytes (e.g. 10.4 megabytes).</div>\r\n<span style=\"font-weight: bold;\">Memory storage density</span>\r\n<div class=\"indent\">The compactness of stored information. It is the storage capacity of a medium divided with a unit of length, area or volume (e.g. 1.2 megabytes per square inch).</div>\r\n\r\n<span style=\"font-weight: bold;\"><span style=\"font-style: italic;\">Performance</span></span>\r\n<span style=\"font-weight: bold;\">Latency</span>\r\n<div class=\"indent\">The time it takes to access a particular location in storage. The relevant unit of measurement is typically nanosecond for primary storage, millisecond for secondary storage, and second for tertiary storage. It may make sense to separate read latency and write latency (especially for non-volatile memory[8]) and in case of sequential access storage, minimum, maximum and average latency.</div>\r\n<span style=\"font-weight: bold;\">Throughput</span>\r\n<div class=\"indent\">The rate at which information can be read from or written to the storage. In computer data storage, throughput is usually expressed in terms of megabytes per second (MB/s), though bit rate may also be used. As with latency, read rate and write rate may need to be differentiated. Also accessing media sequentially, as opposed to randomly, typically yields maximum throughput.</div>\r\n<span style=\"font-weight: bold;\">Granularity</span>\r\n<div class=\"indent\">The size of the largest &quot;chunk&quot; of data that can be efficiently accessed as a single unit, e.g. without introducing additional latency.</div>\r\n<span style=\"font-weight: bold;\">Reliability</span>\r\n<div class=\"indent\">The probability of spontaneous bit value change under various conditions, or overall failure rate.</div>\r\nUtilities such as hdparm and sar can be used to measure IO performance in Linux.\r\n\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Energy use</span></span>\r\n<ul><li>Storage devices that reduce fan usage, automatically shut-down during inactivity, and low power hard drives can reduce energy consumption by 90 percent.</li><li>2.5-inch hard disk drives often consume less power than larger ones. Low capacity solid-state drives have no moving parts and consume less power than hard disks. Also, memory may use more power than hard disks. Large caches, which are used to avoid hitting the memory wall, may also consume a large amount of power.</li></ul>\r\n\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Security</span></span>\r\nFull disk encryption, volume and virtual disk encryption, andor file/folder encryption is readily available for most storage devices.\r\nHardware memory encryption is available in Intel Architecture, supporting Total Memory Encryption (TME) and page granular memory encryption with multiple keys (MKTME) and in SPARC M7 generation since October 2015.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Storage_General_Purpose_Disk_Arrays.png","alias":"storage-general-purpose-disk-arrays"},"45":{"id":45,"title":"SIEM - Security Information and Event Management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span>&nbsp; Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span>&nbsp; Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span>&nbsp; Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png","alias":"siem-security-information-and-event-management"},"52":{"id":52,"title":"SaaS - software as a service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as &quot;on-demand software&quot;, and was formerly referred to as &quot;software plus services&quot; by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term &quot;Software as a Service&quot; (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure.&nbsp; While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies.&nbsp; Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\">&nbsp;</p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png","alias":"saas-software-as-a-service"},"78":{"id":78,"title":"PAM - privileged access management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png","alias":"pam-privileged-access-management"},"204":{"id":204,"title":"Managed Detection and Response","description":" MDR, which stands for Managed Detection &amp; Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png","alias":"managed-detection-and-response"}},"branches":"Information Technology","companySizes":"101 to 500 Employees","companyUrl":"www.cyberark.com","countryCodes":[],"certifications":[],"isSeller":true,"isSupplier":false,"isVendor":true,"presenterCodeLng":"","seo":{"title":"CyberArk","keywords":"company, CyberArk, security, Fortune, offices, Global, approximately, companies","description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 custom","og:title":"CyberArk","og:description":"CyberArk is an information security company offering privileged account security. The company's technology is utilized worldwide, primarily in the financial services, energy, retail and healthcare markets. As of September 2014, CyberArk had nearly 1,600 custom","og:image":"https://old.roi4cio.com/uploads/roi/company/cyber-ark_logo.png"},"eventUrl":"","vendorPartners":[],"supplierPartners":[{"supplier":"ISSP","partnershipLevel":"","countries":"","partnersType":""},{"supplier":"Softprom (supplier)","partnershipLevel":"Distributor","countries":"","partnersType":""},{"supplier":"SVIT IT","partnershipLevel":"","countries":"","partnersType":""}],"vendoredProducts":[{"id":5557,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/CyberArk.png","logo":true,"scheme":false,"title":"CyberArk Core Privileged Access Security","vendorVerified":0,"rating":"0.00","implementationsCount":1,"suppliersCount":0,"supplierPartnersCount":3,"alias":"cyberark-core-privileged-access-security","companyTitle":"CyberArk","companyTypes":["vendor"],"companyId":174,"companyAlias":"cyberark","description":"The CyberArk Core Privileged Access Security Solution is the industry’s most complete solution for protecting, controlling, and monitoring privileged access across onpremises, cloud, and hybrid infrastructure. Designed from the ground up for security, the CyberArk solution helps organizations efficiently manage privileged account credentials and access rights, proactively monitor and control privileged account activity, intelligently identify suspicious activity, and quickly respond to threats.\r\n<b>Features:</b>\r\n<b>Centrally secure and control access to privileged credentials based on administrativelydefined security policies</b>\r\nAutomated privileged account credential (password and SSH key) rotation eliminates manually intensive, time consuming and error-prone administrative tasks, safeguarding credentials used in on-premises, hybrid, and cloud environments. \r\n<b>Isolate and secure privileged user sessions</b>\r\nMonitoring and recording capabilities enable security teams to view privileged sessions in real-time, automatically suspend and remotely terminate suspicious sessions, and maintain a comprehensive, searchable audit trail of privileged user activity. Native and transparent access to multiple cloud platforms and web applications provides a unified security approach with increased operational efficiency.\r\n<b>Detect, alert, and respond to anomalous privileged activity</b>\r\nThe solution collects data from multiple sources and applies a complex combination of statistical and deterministic algorithms to identify malicious privileged account activity.\r\n<b>Control least privilege access for UNIX and Windows</b>\r\nThe solution allows privileged users to run authorized administrative commands from their native Unix or Linux sessions while eliminating unneeded root privileges. It also enables organizations to block and contain attacks on Windows servers\r\n<b>Protect Windows Domain Controllers</b>\r\n The solution enforces least privilege and application control on the domain controllers as well as provides in-progress attack detection. It defends against impersonation and unauthorized access and helps protect against a variety of common Kerberos attack techniques including Golden Ticket, Overpass-the-Hash, and Privilege Attribute Certificate (PAC) manipulation.\r\n<b>Benefits:</b>\r\n<ul> <li>Mitigate security risks</li> <li>Reduce operations expense and complexity</li> <li>Improve regulatory compliance</li> <li>Accelerate time-to-value</li> <li>Improve visibility</li> </ul>","shortDescription":"Efficiently protect, monitor and control privileged access across on-premises, cloud, and hybrid infrastructure","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyberArk Core Privileged Access Security","keywords":"","description":"The CyberArk Core Privileged Access Security Solution is the industry’s most complete solution for protecting, controlling, and monitoring privileged access across onpremises, cloud, and hybrid infrastructure. Designed from the ground up for security, the Cybe","og:title":"CyberArk Core Privileged Access Security","og:description":"The CyberArk Core Privileged Access Security Solution is the industry’s most complete solution for protecting, controlling, and monitoring privileged access across onpremises, cloud, and hybrid infrastructure. Designed from the ground up for security, the Cybe","og:image":"https://old.roi4cio.com/fileadmin/user_upload/CyberArk.png"},"eventUrl":"","translationId":5556,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":562,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/CyberArk.png","logo":true,"scheme":false,"title":"CyberArk Enterprise Password Vault","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":3,"alias":"cyberark-enterprise-password-vault","companyTitle":"CyberArk","companyTypes":["vendor"],"companyId":174,"companyAlias":"cyberark","description":"Secure, rotate and control access to privileged account passwords\r\n\r\nPrivileged accounts provide access to an organization’s most sensitive data and critical systems, and when left unsecured, the passwords used to access these accounts can easily be lost, stolen or shared with unauthorized users. Without controls in place to proactively secure and manage privileged credentials, organizations can face an increased risk of data breaches, irreparable system damage, failed audits and fines.\r\n\r\nCyberArk Enterprise Password Vault, a component of the CyberArk Privileged Account Security Solution, is designed to discover, secure, rotate and control access to privileged account passwords used to access systems throughout the enterprise IT environment. The solution enables organizations to understand the scope of their privileged account risks and put controls in place to mitigate those risks. Flexible policies enable organizations to enforce granular privileged access controls, automate workflows and rotate passwords at a regular cadence without requiring manual IT effort. To demonstrate compliance, organizations can easily report on which users accessed what privileged accounts, when and why.\r\n\r\n\r\nCyberArk Enterprise Password Vault offered a best practice approach to compliance, enabling us to better enforce policies and automate password replacement.\r\nJethro Cornelissen\r\nGlobal Lead &amp; Head of Global Security Operations Center Rabobank International\r\nFeatures\r\nBenefits\r\nPrivileged account discovery finds and inventories privileged accounts throughout the IT environments\r\nCentralized, secure storage protects privileged account passwords used in on-premises, cloud and OT environments behind multiple layers of built-in security\r\nAutomated password rotation updates and synchronizes privileged account passwords at regular intervals or on-demand, based on policy\r\nGranular privileged access controls prevent unauthorized users from accessing privileged account credentials\r\nAutomated workflows enable users to request access to accounts with elevated privileges when needed for business purposes\r\nDetailed audit and reporting provides security and audit teams with a clear view of which individual users accessed which privileged or shared accounts, when and why\r\nBroad system support enables organizations to secure privileged account passwords used to access the vast majority of enterprise systems, including virtual and physical servers, databases, network devices, hypervisors, security appliances, SaaS and business applications and more\r\nIntegration with CyberArk Privileged Threat Analytics enables the solution to receive alerts on potentially compromised accounts and automatically rotate the impacted credentials\r\nTechnology integrations enable organizations to extend policies from existing solutions, such as ticketing, strong authentication, and identity and access management, to their privileged account security solution, as well as send privileged account data to SIEM solutions","shortDescription":"CyberArk Enterprise Password Vault, a component of the CyberArk Privileged Account Security Solution, is designed to discover, secure, rotate and control access to privileged account passwords used to access systems throughout the enterprise IT environment. ","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":1,"sellingCount":15,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyberArk Enterprise Password Vault","keywords":"privileged, account, access, passwords, accounts, organizations, CyberArk, users","description":"Secure, rotate and control access to privileged account passwords\r\n\r\nPrivileged accounts provide access to an organization’s most sensitive data and critical systems, and when left unsecured, the passwords used to access these accounts can easily be lost, stol","og:title":"CyberArk Enterprise Password Vault","og:description":"Secure, rotate and control access to privileged account passwords\r\n\r\nPrivileged accounts provide access to an organization’s most sensitive data and critical systems, and when left unsecured, the passwords used to access these accounts can easily be lost, stol","og:image":"https://old.roi4cio.com/fileadmin/user_upload/CyberArk.png"},"eventUrl":"","translationId":563,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":111,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/CyberArk.png","logo":true,"scheme":false,"title":"Privileged Session Management Suite (PSM)","vendorVerified":0,"rating":"2.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":3,"alias":"privileged-session-management-suite-psm","companyTitle":"CyberArk","companyTypes":["vendor"],"companyId":174,"companyAlias":"cyberark","description":"Isolate, monitor and control privileged access to enterprise assets\r\n\r\nIn today’s collaborative environment, organizations must support a range of end-users accessing privileged accounts including third party vendors, contractors, temporary employees and more. To mitigate external and internal risks, organizations must manage and monitor privileged account sessions without impacting the end-user experience.\r\n\r\nDetailed monitoring and recording\r\n\r\nCyberArk Privileged Session Manager, part of the CyberArk Privileged Account Security Solution, enables organizations to isolate, monitor, record and control privileged sessions on critical systems including Unix and Windows-based systems, databases and virtual machines. &nbsp;The solution acts as a jump server and single access control point, prevents malware from jumping to a target system, and records keystrokes and commands for continuous monitoring. &nbsp;The resulting detailed session recordings and audit logs are used to simplify compliance audits and accelerate forensics investigations.\r\n\r\nEnterprise-class scalability and security\r\n\r\nPrivileged Session Manager is an agentless solution designed for maximum security including tamper-proof audit logs, enforcement of monitoring and recording, and session isolation to prevent the spread of malware. &nbsp;A universal connector allows organizations to extend session management to virtually any component of the IT infrastructure. The solution is built on the CyberArk Shared Technology Platform, delivering scalability, high availability and centralized management and reporting.\r\n\r\nReal-time monitoring enables security teams to track user activity and detect suspicious events in real-time.\r\nRemote session termination enables security teams to immediately terminate suspicious privileged sessions directly from the CyberArk administrative console.\r\nSearchable detailed session audit logs and video recordings enable security teams to pinpoint the moment an incident started, understand how the incident began, and quickly assess any damage.\r\nProxy-based, agentless architecture provides a single access control point and enforces monitoring and recording of all privileged activity.\r\nSecure proxy server creates an isolated, secure environment by separating the end user machine from the target system.\r\nOptional secure SSH server acts as the proxy for privileged Unix sessions, providing a native Unix user experience.\r\nA tamper-proof digital vault stores session recordings and audit logs to prevent users from editing their activity history.\r\nIntegrations with Enterprise Password Vault and SSH Key Manager enable organizations to mask privileged credentials from users and ensure that these credentials never reach endpoints.\r\nOut-of-the-box integrations combined with a Universal Connector enable organizations to protect privileged accounts on Unix and Windows systems, network devices, databases, mainframes and virtual infrastructures with minimal deployment and operational costs.\r\nEnterprise-class scalability and reliability ensure that the solution can meet business requirements of even the largest organizations.","shortDescription":"CyberArk Privileged Session Manager, part of the CyberArk Privileged Account Security Solution, enables organizations to isolate, monitor, record and control privileged sessions on critical systems including Unix and Windows-based systems, databases and virtual machines.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":3,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Privileged Session Management Suite (PSM)","keywords":"privileged, organizations, session, security, monitoring, from, Unix, control","description":"Isolate, monitor and control privileged access to enterprise assets\r\n\r\nIn today’s collaborative environment, organizations must support a range of end-users accessing privileged accounts including third party vendors, contractors, temporary employees and more.","og:title":"Privileged Session Management Suite (PSM)","og:description":"Isolate, monitor and control privileged access to enterprise assets\r\n\r\nIn today’s collaborative environment, organizations must support a range of end-users accessing privileged accounts including third party vendors, contractors, temporary employees and more.","og:image":"https://old.roi4cio.com/fileadmin/user_upload/CyberArk.png"},"eventUrl":"","translationId":112,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":437,"title":"PSM - Privileged Session Management","alias":"psm-privileged-session-management","description":" Session management is a comprehensive IT Security process to control, monitor and record administrative access to servers, databases, and network devices. Properly implemented RBAC controls should include lock down based on day, date, time and location. Monitoring and recording should be fine-grained enough to capture keystrokes, text/graphical screen output, and mouse movements.\r\nOrganizations use session management to improve oversight and accountability over privileged accounts and credentials. Privileged session management refers to the monitoring, recording, and control over privileged sessions. IT needs to be able to audit privileged activity for both securities and to meet regulations from SOX, HIPAA, ICS CERT, GLBA, PCI DSS, FDCC, FISMA and more. Auditing activities may also include capturing keystrokes and screens (allowing for live view and playback).\r\nWhile you can manually implement some processes – such as screen recording – integrated solutions allow you to accomplish it seamlessly and at the scale of hundreds or thousands of concurrent sessions. Moreover, some third-party solutions can provide automated workflows giving IT granular control over privileged sessions, such as allowing them to pinpoint an anomalous session, and terminate it, or alternatively pause/lock it until a determination is made that the activity is appropriate.","materialsDescription":" <span style=\"font-weight: bold;\">What is Privileged Session Management?</span>\r\nPrivileged session management allows security administrators to monitor, control, and audit work sessions of privileged users. The session manager provides proxy-access to all critical resources and therefore prevents direct access to those resources. A session manager is central to privileged access management (PAM) and is generally integrated with an access manager and a password manager.\r\nPrivileged session management allows you to identify suspicious or unauthorized actions and stop them in their tracks. What’s more, session management provides an unimpeachable audit trail that allows for compliance and incident investigation.\r\n<span style=\"font-weight: bold;\">What features has Privileged Session Management?</span>\r\nThe key features of a privileged session management solution include:\r\n<ul><li>Real-time monitoring and alerting.</li><li>Real-time control systems.</li><li>RDP/SSH access control.</li><li>Authorization workflow.</li><li>Compliance and audit systems.</li></ul>\r\n<span style=\"font-weight: bold;\">Session Management: Why do you want it?</span>\r\nPrivileged session management will allow security teams to:\r\n<ul><li>Monitor, audit, and control privileged sessions across on-premises and cloud-based applications and resources.</li><li>Prevent insider attacks, privileged account escalation, and third-party access problems.</li><li>Prove regulatory compliance for HIPAA, GDPR, PCI, SOX, NYCRR 500, and other regulations.</li><li>Provide an easy-to-utilize workflow that enables the easy provisioning and de-provisioning of privileged credentials while creating 100% accountability for those privileged users.</li><li>Revolutionize incident response by enabling both automatic response and mitigation while at the same time providing a searchable database and video record that allows for a start-to-finish post-mortem analysis.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_PSM_Privileged_Session_Management.png"},{"id":150,"title":"Workforce Performance Management","alias":"workforce-performance-management","description":"","materialsDescription":"","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Workforce_Performance_Management.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":451,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/CyberArk.png","logo":true,"scheme":false,"title":"CyberArk Sensitive Information Management Solution","vendorVerified":0,"rating":"2.00","implementationsCount":1,"suppliersCount":0,"supplierPartnersCount":3,"alias":"cyberark-sensitive-information-management-solution","companyTitle":"CyberArk","companyTypes":["vendor"],"companyId":174,"companyAlias":"cyberark","description":"The CyberArk Sensitive Information Management Solution is a complete platform for securely storing, sharing and distributing information between users and systems. Developed with a focus on security, the solution includes patented digital vault technology, military-grade encryption and tamper-resistant auditing designed to help enterprise organizations meet compliance requirements. Organizations use the CyberArk Sensitive Information Management Solution to enable individuals to securely store and share sensitive files and business passwords, as well as automate business processes to securely collect, distribute and access sensitive information.\r\n\r\n<span style=\"font-weight: bold;\">Features</span>:\r\n<ul><li>Single-platform solution for file sharing between enterprise users, systems and business processes</li><li>Secure repository in which users can store and share personal business passwords such as those used to access CRM systems, HR applications or expense management systems</li><li>Granular access controls restrict which users are able to download, forward or print documents and ensure that only one user may edit a document at a time</li><li>Segregation of duties between IT teams and content owners prevents IT teams from viewing content that is securely stored and transferred</li><li>Flexible connectors enable seamless integration with existing business applications and complementary security tools such as content filtering or data loss prevention solutions</li><li>Tamper-resistant audit logs can be used to report on who accessed what information and if any changes were made</li><li>Built-in FIPS 140-2 compliant encryption secures data at-rest and in-transit</li><li>Choice of on-premises or cloud-based deployments enables organizations to select the option that best fits their organizational requirements</li><li>High availability and disaster recovery help organizations ensure reliability in complex, enterprise IT environments</li></ul>\r\n\r\n<span style=\"font-weight: bold;\">Benefits:</span>\r\n<ul><li>Reduce the risk of unauthorized access to sensitive data by centrally storing and granularly controlling access to confidential files</li><li>Facilitate productivity by enabling secure anytime, anywhere sharing of files between authorized internal and external users</li><li>Reduce the risk of password loss or theft by providing a central, secure repository in which users can store and manage personal business passwords</li><li>Simplify the user experience by eliminating the need for users to manually write down, save or remember login credentials for dozens of disparate business applications</li><li>Reduce help desk costs associated with password resets by encouraging users to centrally and securely store credentials needed to access business applications</li><li>Support cross-functional efficiency by automatically preventing multiple users from duplicating efforts and editing the same document at once</li><li>Reduce administrative costs associated with file transfer processes by leveraging a single platform to secure interactive and automated file transfers throughout the enterprise</li><li>Automatically encrypt sensitive data at-rest and in-transit without having to manage encryption keys or purchase a separate encryption solution</li><li>More easily demonstrate compliance by reporting on which users accessed what sensitive information and if any changes were made</li><li>Easily expand the solution with changing business needs and meet enterprise requirements for scalability and reliability</li></ul>","shortDescription":"The CyberArk Sensitive Information Management Solution is a complete platform for securely storing, sharing and distributing information between users and systems.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":15,"sellingCount":18,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyberArk Sensitive Information Management Solution","keywords":"business, users, access, sensitive, securely, information, with, applications","description":"The CyberArk Sensitive Information Management Solution is a complete platform for securely storing, sharing and distributing information between users and systems. Developed with a focus on security, the solution includes patented digital vault technology, mil","og:title":"CyberArk Sensitive Information Management Solution","og:description":"The CyberArk Sensitive Information Management Solution is a complete platform for securely storing, sharing and distributing information between users and systems. Developed with a focus on security, the solution includes patented digital vault technology, mil","og:image":"https://old.roi4cio.com/fileadmin/user_upload/CyberArk.png"},"eventUrl":"","translationId":452,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":109,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/CyberArk.png","logo":true,"scheme":false,"title":"CyberArk Privileged Identity Management (PIM)","vendorVerified":0,"rating":"2.40","implementationsCount":1,"suppliersCount":0,"supplierPartnersCount":3,"alias":"cyberark-privileged-identity-management-pim","companyTitle":"CyberArk","companyTypes":["vendor"],"companyId":174,"companyAlias":"cyberark","description":"Privileged Identity Management is an area of Identity Management that focuses solely on privileged accounts, powerful accounts used by IT administrators, select business users and even some applications. Organizations considering Privileged Identity Management solutions must prioritize security as a requirement because privileged accounts are frequently targeted by external attackers and malicious insiders to access sensitive data and gain control of the IT infrastructure. Responding to the need for security, Privileged Account Security solutions approach Privileged Identity Management with a laser focus on securing the most sought-after accounts in an organization. Built from the ground up with security in mind, Privileged Account Security delivers unmatched protection, detection and response to cyber attacks when compared to Privileged Identity Management.\r\n\r\nTamper-proof storagefor credentials, log files and recordings ensures sensitive information is protected from unauthorized access and misuse.\r\nHigh availability and disaster recovery modules include built-in fail-safe measures, secure backup and simple recovery to meet disaster recovery requirements.\r\nSupport for strong authenticationincluding multi-factor solutions enables companies to leverage existing authentication solutions for privileged accounts.\r\nFIPS 140-2 validated cryptographyaddresses compliance and security requirements.\r\nCustomizable “request workflows” for credential access approval including dual controls, integration with helpdesk ticketing systems and multiple additional parameters\r\nSegregation of duties to ensure that ensure privileged credentials can only be accessed by authorized users for approved business reasons\r\nReal-time behavioral analytics to detect and disrupt in-progress attacks","shortDescription":"Privileged Identity Management Suite (PIM) -Providing access to critical systems, devices, and user accounts","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyberArk Privileged Identity Management (PIM)","keywords":"Privileged, Identity, Management, accounts, solutions, privileged, security, recovery","description":"Privileged Identity Management is an area of Identity Management that focuses solely on privileged accounts, powerful accounts used by IT administrators, select business users and even some applications. Organizations considering Privileged Identity Management","og:title":"CyberArk Privileged Identity Management (PIM)","og:description":"Privileged Identity Management is an area of Identity Management that focuses solely on privileged accounts, powerful accounts used by IT administrators, select business users and even some applications. Organizations considering Privileged Identity Management","og:image":"https://old.roi4cio.com/fileadmin/user_upload/CyberArk.png"},"eventUrl":"","translationId":110,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":453,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/cyber-ark_logo.png","logo":true,"scheme":false,"title":"CyberArk Privileged Account Security Solution","vendorVerified":0,"rating":"2.60","implementationsCount":3,"suppliersCount":0,"supplierPartnersCount":3,"alias":"cyberark-privileged-account-security-solution","companyTitle":"CyberArk","companyTypes":["vendor"],"companyId":174,"companyAlias":"cyberark","description":"<p>Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization&rsquo;s IT infrastructure, disable security controls, steal confidential information, commit financial fraud and disrupt operations. Stolen, abused or misused privileged credentials are used in nearly all breaches. With this growing threat, organizations need controls put in place to proactively protect against, detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data.</p>\r\n<p>CyberArk is the trusted expert in privileged account security. Designed from the ground up with a focus on security, CyberArk has developed a powerful, modular technology platform that provides the industry&rsquo;s most comprehensive Privileged Account Security Solution. Each product can be managed independently or combined for a cohesive and complete solution for operating systems, databases, applications, hypervisors, network devices, security appliances and more. The solution is designed for on-premise, hybrid cloud and OT/SCADA environments.</p>\r\n<p>The CyberArk Privileged Account Security Solution is based on CyberArk Shared Technology Platform&trade;, which combines an isolated vault server, a unified policy engine, and a discovery engine to provide scalability, reliability and unmatched security for privileged accounts.</p>\r\n<p><span style=\"font-weight: bold;\">Product list:</span></p>\r\n<p>Enterprise Password Vault&reg; fully protects privileged passwords based on privileged account security policies and controls who can access which passwords when.</p>\r\n<p>SSH Key Manager&trade; secures, rotates and controls access to SSH keys in accordance with policy to prevent unauthorized access to privileged accounts.</p>\r\n<p>Privileged Session Manager&reg; isolates, controls, and monitors privileged user access as well as activities for critical Unix, Linux, and Windows-based systems, databases, and virtual machines.</p>\r\n<p>Privileged Threat Analytics&trade; analyzes and alerts on previously undetectable malicious privileged user behavior enabling incident response teams to disrupt and quickly respond to an attack.</p>\r\n<p>Application Identity Manager&trade; eliminates hard-coded passwords and locally stored SSH keys from applications, service accounts and scripts with no impact on application performance.</p>\r\n<p>CyberArk Viewfinity enables organizations to remove local administrator privileges from business users and control applications on Windows endpoints and servers.</p>\r\n<p>On-Demand Privileges Manager&trade; allows for control and continuous monitoring of the commands super-users run based on their role and task.</p>","shortDescription":"CyberArk Privileged Account Security Solution is a complete solution to protect, monitor, detect, alert, and respond to privileged account activity","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":true,"bonus":100,"usingCount":0,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"CyberArk Privileged Account Security Solution","keywords":"privileged, security, Privileged, CyberArk, accounts, controls, access, Manager™","description":"<p>Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization&rsquo;s IT infrastructure, d","og:title":"CyberArk Privileged Account Security Solution","og:description":"<p>Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization&rsquo;s IT infrastructure, d","og:image":"https://old.roi4cio.com/fileadmin/user_upload/cyber-ark_logo.png"},"eventUrl":"","translationId":454,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[{"id":97,"title":"PAM - privileged access management"}],"testingArea":"","categories":[{"id":78,"title":"PAM - privileged access management","alias":"pam-privileged-access-management","description":"<span style=\"font-weight: bold;\">PAM - Privileged Access Management</span> tools help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access. <span style=\"font-weight: bold;\">Privilege management tools offer features that enable security and risk leaders to:</span>\r\n<ul><li>Discover privileged accounts on systems, devices and applications for subsequent management.</li><li>Automatically randomize, manage and vault passwords and other credentials for administrative, service and application accounts.</li><li>Control access to privileged accounts, including shared and “firecall” (emergency access) accounts.</li><li>Isolate, monitor, record and audit privileged access sessions, commands and actions</li></ul>\r\nTo achieve these goals, privileged access management solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault),&nbsp; isolating the use of privileged accounts to reduce the risk of those credentials being stolen. Once inside the repository, system administrators need to go through the privilege management system to access their credentials, at which point they are authenticated and their access is logged. When a credential is checked back in, it is reset to ensure administrators have to go through the PAM system next time they want to use the credential.\r\n<span style=\"font-weight: bold;\">Privileged Access Management software by Gartner has the following subcategories:</span>\r\n<ol><li>Shared access password manager (SAPM)</li><li>Superuser password manager (SUPM)</li><li>Privileged session manager (PSM)</li><li>Application access password manager (AAPM)</li></ol>\r\nPAM password vaults (SAPM) provides an extra layer of control over admins and password policies, as well as monitoring trails of privileged access to critical systems. Passwords can follow a veriety of password policies and can even be disposable. Session brokers, or PSMs, take privileged access to another level, ensuring that administrators never see the passwords, their hardened proxy servers such as jump servers also monitor active sessions and enable reviewers to stop admin sessions if they see something wrong. Similarly, AAPMs can release credentials just-in-time for application-to-application communication, and even modify startup scripts to replace hard-coded passwords with API calls to the password vault.","materialsDescription":"<h1 class=\"align-center\">What are privileged accounts?</h1>\r\n<p class=\"align-left\">In a least privileged environment, most users are operating with non-privileged accounts 90-100% of the time. Non-privileged accounts, also called least privileged accounts (LUA) general consist of the following two types:</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Standard user accounts</span> have a limited set of privileges, such as for Internet browsing, accessing certain types of applications (e.g., MS Office, etc.), and for accessing a limited array of resources, which is often defined by role-based access policies.</p>\r\n<p class=\"align-left\"><span style=\"font-weight: bold; \">Guest user accounts </span>possess fewer privileges than standard user accounts, as they are usually restricted to just basic application access and Internet browsing.</p>\r\n<p class=\"align-left\">A privileged account is considered to be any account that provides access and privileges beyond those of non-privileged accounts. A privileged user is any user currently leveraging privileged access, such as through a privileged account. Because of their elevated capabilities and access, privileged users/privileged accounts pose considerably larger risks than non-privileged accounts /non-privileged users. Here are <span style=\"font-weight: bold;\">examples of privileged accounts commonly in use across an organization: </span></p>\r\n<ul><li><span style=\"font-weight: bold; \">Local administrative accounts.</span> Non-personal accounts providing administrative access to the local host or instance only.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Domain administrative accounts.</span> Privileged administrative access across all workstations and servers within the domain.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Break glass (also called emergency or firecall) accounts. </span> Unprivileged users with administrative access to secure systems in the case of an emergency.<span style=\"font-weight: bold; \"></span></li><li><span style=\"font-weight: bold; \">Service accounts.</span> Privileged local or domain accounts that are used by an application or service to interact with the operating system.</li><li><span style=\"font-weight: bold; \">Active Directory</span> or domain service accounts. Enable password changes to accounts, etc.</li><li><span style=\"font-weight: bold; \">Application accounts.</span> Used by applications to access databases, run batch jobs or scripts, or provide access to other applications.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">What are the Privileged Access Management features?</span></h1>\r\nPrivileged access management is important for companies that are growing or have a large, complex IT system. Many popular vendors have begun offering enterprise PAM tools such as BeyondTrust, Centrify, CyberArk, SecureLink and Thycotic.\r\n<span style=\"font-weight: bold;\">Privileged access management tools and software typically provide the following features:</span>\r\n<ul><li>Multi-factor authentication (MFA) for administrators.</li><li>An access manager that stores permissions and privileged user information.</li><li>A password vault that stores secured, privileged passwords.</li><li>Session tracking once privileged access is granted.</li><li>Dynamic authorization abilities. For example, only granting access for specific periods of time.</li><li>Automated provisioning and deprovisioning to reduce insider threats.</li><li>Audit logging tools that help organizations meet compliance.</li></ul>\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold; \">How is PAM Different from Identity Access Management (IAM)?</span></h1>\r\nPrivileged access management system is sometimes confused with Identity Access Management (IAM). IAM focuses on authenticating and authorizing all types of users for an organization, often including employees, vendors, contractors, partners, and even customers. IAM manages general access to applications and resources, including on-prem and cloud and usually integrates with directory systems such as Microsoft Active Directory.\r\nPAM access management focuses on privileged users, administrators or those with elevated privileges in the organization. PAM systems are specifically designed to manage and guarantee secure privileged access of these users to critical resources.\r\nOrganizations need both tools if they are to protect against attacks. IAM systems cover the larger attack surface of access from the many users across the organization’s ecosystem. PAM focuses on privileged users—but privileged access management products are important because while they cover a smaller attack surface, it’s a high-value surface and requires an additional set of controls normally not relevant or even appropriate for regular users (such as session recording). ","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/PAM_-_privileged_access_management.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"suppliedProducts":[],"partnershipProgramme":{"levels":[{"id":719,"level":"Silver"},{"id":721,"level":"Gold"},{"id":723,"level":"Platinum"},{"id":725,"level":"Distributor"}],"partnerDiscounts":{"Silver":"","Gold":"","Platinum":"","Distributor":""},"registeredDiscounts":{"Silver":"","Gold":"","Platinum":"","Distributor":""},"additionalBenefits":[],"salesPlan":{"Silver":"","Gold":"","Platinum":"","Distributor":""},"additionalRequirements":[]}}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}