The CyberArk Core Privileged Access Security Solution is the industry’s most complete solution for protecting, controlling, and monitoring privileged access across onpremises, cloud, and hybrid infrastructure. Designed from the ground up for security, the CyberArk solution helps organizations efficiently manage privileged account credentials and access rights, proactively monitor and control privileged account activity, intelligently identify suspicious activity, and quickly respond to threats. Features: Centrally secure and control access to privileged credentials based on administrativelydefined security policies Automated privileged account credential (password and SSH key) rotation eliminates manually intensive, time consuming and error-prone administrative tasks, safeguarding credentials used in on-premises, hybrid, and cloud environments. Isolate and secure privileged user sessions Monitoring and recording capabilities enable security teams to view privileged sessions in real-time, automatically suspend and remotely terminate suspicious sessions, and maintain a comprehensive, searchable audit trail of privileged user activity. Native and transparent access to multiple cloud platforms and web applications provides a unified security approach with increased operational efficiency. Detect, alert, and respond to anomalous privileged activity The solution collects data from multiple sources and applies a complex combination of statistical and deterministic algorithms to identify malicious privileged account activity. Control least privilege access for UNIX and Windows The solution allows privileged users to run authorized administrative commands from their native Unix or Linux sessions while eliminating unneeded root privileges. It also enables organizations to block and contain attacks on Windows servers Protect Windows Domain Controllers The solution enforces least privilege and application control on the domain controllers as well as provides in-progress attack detection. It defends against impersonation and unauthorized access and helps protect against a variety of common Kerberos attack techniques including Golden Ticket, Overpass-the-Hash, and Privilege Attribute Certificate (PAC) manipulation. Benefits:

• Mitigate security risks
• Reduce operations expense and complexity
• Improve regulatory compliance
• Accelerate time-to-value
• Improve visibility

Secure, rotate and control access to privileged account passwords Privileged accounts provide access to an organization’s most sensitive data and critical systems, and when left unsecured, the passwords used to access these accounts can easily be lost, stolen or shared with unauthorized users. Without controls in place to proactively secure and manage privileged credentials, organizations can face an increased risk of data breaches, irreparable system damage, failed audits and fines. CyberArk Enterprise Password Vault, a component of the CyberArk Privileged Account Security Solution, is designed to discover, secure, rotate and control access to privileged account passwords used to access systems throughout the enterprise IT environment. The solution enables organizations to understand the scope of their privileged account risks and put controls in place to mitigate those risks. Flexible policies enable organizations to enforce granular privileged access controls, automate workflows and rotate passwords at a regular cadence without requiring manual IT effort. To demonstrate compliance, organizations can easily report on which users accessed what privileged accounts, when and why. CyberArk Enterprise Password Vault offered a best practice approach to compliance, enabling us to better enforce policies and automate password replacement. Jethro Cornelissen Global Lead & Head of Global Security Operations Center Rabobank International Features Benefits Privileged account discovery finds and inventories privileged accounts throughout the IT environments Centralized, secure storage protects privileged account passwords used in on-premises, cloud and OT environments behind multiple layers of built-in security Automated password rotation updates and synchronizes privileged account passwords at regular intervals or on-demand, based on policy Granular privileged access controls prevent unauthorized users from accessing privileged account credentials Automated workflows enable users to request access to accounts with elevated privileges when needed for business purposes Detailed audit and reporting provides security and audit teams with a clear view of which individual users accessed which privileged or shared accounts, when and why Broad system support enables organizations to secure privileged account passwords used to access the vast majority of enterprise systems, including virtual and physical servers, databases, network devices, hypervisors, security appliances, SaaS and business applications and more Integration with CyberArk Privileged Threat Analytics enables the solution to receive alerts on potentially compromised accounts and automatically rotate the impacted credentials Technology integrations enable organizations to extend policies from existing solutions, such as ticketing, strong authentication, and identity and access management, to their privileged account security solution, as well as send privileged account data to SIEM solutions

Privileged accounts represent the largest security vulnerability an organization faces today. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take full control of an organization’s IT infrastructure, disable security controls, steal confidential information, commit financial fraud and disrupt operations. Stolen, abused or misused privileged credentials are used in nearly all breaches. With this growing threat, organizations need controls put in place to proactively protect against, detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data.

CyberArk is the trusted expert in privileged account security. Designed from the ground up with a focus on security, CyberArk has developed a powerful, modular technology platform that provides the industry’s most comprehensive Privileged Account Security Solution. Each product can be managed independently or combined for a cohesive and complete solution for operating systems, databases, applications, hypervisors, network devices, security appliances and more. The solution is designed for on-premise, hybrid cloud and OT/SCADA environments.

The CyberArk Privileged Account Security Solution is based on CyberArk Shared Technology Platform™, which combines an isolated vault server, a unified policy engine, and a discovery engine to provide scalability, reliability and unmatched security for privileged accounts.

Product list:

Enterprise Password Vault® fully protects privileged passwords based on privileged account security policies and controls who can access which passwords when.

SSH Key Manager™ secures, rotates and controls access to SSH keys in accordance with policy to prevent unauthorized access to privileged accounts.

Privileged Session Manager® isolates, controls, and monitors privileged user access as well as activities for critical Unix, Linux, and Windows-based systems, databases, and virtual machines.

Privileged Threat Analytics™ analyzes and alerts on previously undetectable malicious privileged user behavior enabling incident response teams to disrupt and quickly respond to an attack.

Application Identity Manager™ eliminates hard-coded passwords and locally stored SSH keys from applications, service accounts and scripts with no impact on application performance.

CyberArk Viewfinity enables organizations to remove local administrator privileges from business users and control applications on Windows endpoints and servers.

On-Demand Privileges Manager™ allows for control and continuous monitoring of the commands super-users run based on their role and task.

Privileged Identity Management is an area of Identity Management that focuses solely on privileged accounts, powerful accounts used by IT administrators, select business users and even some applications. Organizations considering Privileged Identity Management solutions must prioritize security as a requirement because privileged accounts are frequently targeted by external attackers and malicious insiders to access sensitive data and gain control of the IT infrastructure. Responding to the need for security, Privileged Account Security solutions approach Privileged Identity Management with a laser focus on securing the most sought-after accounts in an organization. Built from the ground up with security in mind, Privileged Account Security delivers unmatched protection, detection and response to cyber attacks when compared to Privileged Identity Management. Tamper-proof storagefor credentials, log files and recordings ensures sensitive information is protected from unauthorized access and misuse. High availability and disaster recovery modules include built-in fail-safe measures, secure backup and simple recovery to meet disaster recovery requirements. Support for strong authenticationincluding multi-factor solutions enables companies to leverage existing authentication solutions for privileged accounts. FIPS 140-2 validated cryptographyaddresses compliance and security requirements. Customizable “request workflows” for credential access approval including dual controls, integration with helpdesk ticketing systems and multiple additional parameters Segregation of duties to ensure that ensure privileged credentials can only be accessed by authorized users for approved business reasons Real-time behavioral analytics to detect and disrupt in-progress attacks

The CyberArk Sensitive Information Management Solution is a complete platform for securely storing, sharing and distributing information between users and systems. Developed with a focus on security, the solution includes patented digital vault technology, military-grade encryption and tamper-resistant auditing designed to help enterprise organizations meet compliance requirements. Organizations use the CyberArk Sensitive Information Management Solution to enable individuals to securely store and share sensitive files and business passwords, as well as automate business processes to securely collect, distribute and access sensitive information. Features:

• Single-platform solution for file sharing between enterprise users, systems and business processes
• Secure repository in which users can store and share personal business passwords such as those used to access CRM systems, HR applications or expense management systems
• Granular access controls restrict which users are able to download, forward or print documents and ensure that only one user may edit a document at a time
• Segregation of duties between IT teams and content owners prevents IT teams from viewing content that is securely stored and transferred
• Flexible connectors enable seamless integration with existing business applications and complementary security tools such as content filtering or data loss prevention solutions
• Tamper-resistant audit logs can be used to report on who accessed what information and if any changes were made
• Built-in FIPS 140-2 compliant encryption secures data at-rest and in-transit
• Choice of on-premises or cloud-based deployments enables organizations to select the option that best fits their organizational requirements
• High availability and disaster recovery help organizations ensure reliability in complex, enterprise IT environments

Benefits:

• Reduce the risk of unauthorized access to sensitive data by centrally storing and granularly controlling access to confidential files
• Facilitate productivity by enabling secure anytime, anywhere sharing of files between authorized internal and external users
• Reduce the risk of password loss or theft by providing a central, secure repository in which users can store and manage personal business passwords
• Simplify the user experience by eliminating the need for users to manually write down, save or remember login credentials for dozens of disparate business applications
• Reduce help desk costs associated with password resets by encouraging users to centrally and securely store credentials needed to access business applications
• Support cross-functional efficiency by automatically preventing multiple users from duplicating efforts and editing the same document at once
• Reduce administrative costs associated with file transfer processes by leveraging a single platform to secure interactive and automated file transfers throughout the enterprise
• Automatically encrypt sensitive data at-rest and in-transit without having to manage encryption keys or purchase a separate encryption solution
• More easily demonstrate compliance by reporting on which users accessed what sensitive information and if any changes were made
• Easily expand the solution with changing business needs and meet enterprise requirements for scalability and reliability

Isolate, monitor and control privileged access to enterprise assets In today’s collaborative environment, organizations must support a range of end-users accessing privileged accounts including third party vendors, contractors, temporary employees and more. To mitigate external and internal risks, organizations must manage and monitor privileged account sessions without impacting the end-user experience. Detailed monitoring and recording CyberArk Privileged Session Manager, part of the CyberArk Privileged Account Security Solution, enables organizations to isolate, monitor, record and control privileged sessions on critical systems including Unix and Windows-based systems, databases and virtual machines.  The solution acts as a jump server and single access control point, prevents malware from jumping to a target system, and records keystrokes and commands for continuous monitoring.  The resulting detailed session recordings and audit logs are used to simplify compliance audits and accelerate forensics investigations. Enterprise-class scalability and security Privileged Session Manager is an agentless solution designed for maximum security including tamper-proof audit logs, enforcement of monitoring and recording, and session isolation to prevent the spread of malware.  A universal connector allows organizations to extend session management to virtually any component of the IT infrastructure. The solution is built on the CyberArk Shared Technology Platform, delivering scalability, high availability and centralized management and reporting. Real-time monitoring enables security teams to track user activity and detect suspicious events in real-time. Remote session termination enables security teams to immediately terminate suspicious privileged sessions directly from the CyberArk administrative console. Searchable detailed session audit logs and video recordings enable security teams to pinpoint the moment an incident started, understand how the incident began, and quickly assess any damage. Proxy-based, agentless architecture provides a single access control point and enforces monitoring and recording of all privileged activity. Secure proxy server creates an isolated, secure environment by separating the end user machine from the target system. Optional secure SSH server acts as the proxy for privileged Unix sessions, providing a native Unix user experience. A tamper-proof digital vault stores session recordings and audit logs to prevent users from editing their activity history. Integrations with Enterprise Password Vault and SSH Key Manager enable organizations to mask privileged credentials from users and ensure that these credentials never reach endpoints. Out-of-the-box integrations combined with a Universal Connector enable organizations to protect privileged accounts on Unix and Windows systems, network devices, databases, mainframes and virtual infrastructures with minimal deployment and operational costs. Enterprise-class scalability and reliability ensure that the solution can meet business requirements of even the largest organizations.